Analyze certificates and cipher suites for robust TLS.

Check MX records for correct mail routing.

Validate policy file, DNS, and TLS for secure transport.

Inspect SPF records to prevent spoofing.

Parse DMARC policies and reporting.

Check the chain from child to parent to root, and see where it fails.

Display your public IP and reverse DNS.

Resolve a domain to its IP addresses.

Scan SMTP servers for TLS and features.

View allowed certificate authorities and reporting URIs.

Discover service endpoints and ports.

Resolve canonical names and pivot to other records.

Find authoritative name servers for a domain.

View zone authority and timers for a domain.

Verify BIMI records and logos for mailbox trust.

Check DKIM selectors and public keys.

Audit DNS settings for consistency.

Retrieve Delegation Signer records with key tags and digests.

Inspect DNSKEY flags, algorithms, key tags, and key sizes.

Review DNSSEC signature windows and covering record sets.

Trace NSEC next-domain links and advertised RR types.

See NSEC3 hashing algorithms, iterations, and salts.

Resolve IP addresses back to hostnames.

Retrieve ASNs and organizations for IPs.

List IP ranges owned by an ASN.

Fetch registration details for domains.

Map an IP address to its country.

Check if an IP appears on DNS blacklists.

Resolve IPv6 addresses for a domain.