Domain Info Tool — Marathon Consulting

Enter one domain per line. Press Ctrl+Enter or click Run Checks.

.txt files only — one domain per line, max 5 MB.

Run Checks:

SSL / TLS

Security Headers

Redirects

WHOIS

Robots.txt

DNS

Page Info

Screenshots

Results 0

This tool provides a number of data points about a given domain. This was originally a small project to learn Go Language, but it seems like a handy tool to use.

Instructions

Simply put in a single domain, bulk domains, or upload a text file with domains.
Don't include the protocol. This tool will test for protocol and give info on the encryption through the SSL/TLS check.

Checks Reference

SSL / TLS: Connects to port 443 and inspects the certificate. Reports whether SSL is present, whether the certificate is valid for the domain, the expiry date, the issuer's common name, and the TLS version negotiated (1.0–1.3). TLS 1.3 is ideal; 1.0 and 1.1 are deprecated and considered insecure.
Security Headers: Makes an HTTP request and inspects the response headers for security-relevant settings, including Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), clickjacking protection, content-type sniffing prevention, referrer policy, permissions policy, server software disclosure headers, CORS isolation policies, and caching behavior.
Redirects: Tests whether HTTP traffic redirects to HTTPS (a "secure redirect"), and whether any other redirects are in place. Reports the HTTP status code and destination URL for each. A 301 permanent redirect from HTTP to HTTPS is the expected best practice.
WHOIS: Queries the domain's registration record to find the expiry date. Useful for identifying domains at risk of lapsing and potentially being registered by someone else.
Robots.txt: Fetches the domain's robots.txt file and checks whether a given user agent is permitted to crawl the root of the site. Defaults to Googlebot. The user agent can be changed in the Run Checks row before running.
DNS: Performs DNS lookups for email authentication records. Checks for an SPF record (controls which servers are authorized to send email on behalf of the domain), a DMARC record and its enforcement policy (none / quarantine / reject), and the domain's MX hosts (mail servers). A DMARC policy of quarantine or reject is required to prevent spoofing.
Page Info: Loads the root page and reports the HTML page title, HTTP response time in milliseconds, HTTP status code, and whether a sitemap.xml is present at the standard location.
Screenshots: Uses headless Chrome to capture a full-page screenshot rendered at 1920px width. Screenshots are session-only and automatically deleted after 2 hours. Requires Google Chrome to be installed on the machine running the tool. Best used in small batches — do not exceed 25 domains per run.

App Info

Language: Go
Repository: https://marathonconsulting.visualstudio.com/_git/DM Domain Info Tool

Questions & Suggestions

If you have any questions or suggestions, please contact Scott Clevenger.