Discover internet domains associated with a business entity via CT logs, RDAP, and DNS

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for minghsuy from gravatar.com minghsuy

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ming Yang
  • Tags certificate-transparency , dns , domain-discovery , rdap , security
  • Requires: Python >=3.12
  • Provides-Extra: all , api , cache , metrics
Classifiers
Report project as malware

Project description

domain-scout

CI PyPI

Discover internet domains associated with a business entity using Certificate Transparency logs, RDAP, and DNS.

Useful for security teams, asset inventories, and M&A due diligence — where seed domains can be wrong, misspelled, or belong to a parent company.

Install

pip install domain-scout-ct            # core library + CLI
pip install domain-scout-ct[api]       # + REST API server
pip install domain-scout-ct[cache]     # + DuckDB query cache
pip install domain-scout-ct[all]       # everything

For development:

uv sync --all-groups --all-extras

Usage

CLI

# Basic usage
domain-scout --name "Guidewire Software" --location "San Mateo, CA"

# With seed domain
domain-scout --name "Palo Alto Networks" --location "Santa Clara, CA" --seed "paloaltonetworks.com"

# Multiple seeds — cross-verification boosts confidence for domains found by both
domain-scout --name "Walmart" --seed walmart.com --seed samsclub.com

# Deep mode — GeoDNS global resolution for non-resolving domains
domain-scout --name "Walmart" --seed "walmart.com" --deep

# JSON output
domain-scout --name "Acme Corp" --output json > results.json

# Verbose logging
domain-scout --name "Cloudflare" --seed "cloudflare.com" -v

REST API

# Start the API server (cache enabled by default)
domain-scout serve --port 8080

# Health check
curl http://localhost:8080/health

# Run a scan
curl -X POST http://localhost:8080/scan \
  -H "Content-Type: application/json" \
  -d '{"entity": {"company_name": "Walmart", "seed_domain": ["walmart.com"]}}'

# Readiness check (probes crt.sh connectivity)
curl http://localhost:8080/ready

Docker

# Build
docker build -t domain-scout-ct .

# Run API server
docker run -p 8080:8080 domain-scout-ct

# Run CLI scan
docker run domain-scout-ct scout --name "Walmart" --seed walmart.com

# Persist cache across runs
docker run -p 8080:8080 -v scout-cache:/data/cache domain-scout-ct

Cache

# Enable cache for CLI scans
domain-scout scout --name "Walmart" --seed walmart.com --cache

# View cache statistics
domain-scout cache stats

# Clear cache
domain-scout cache clear

Library

from domain_scout import Scout

result = Scout().discover(
    company_name="Palo Alto Networks",
    location="Santa Clara, CA",
    seed_domain=["paloaltonetworks.com"],
)

for domain in result.domains:
    print(f"{domain.domain:40s}  {domain.confidence:.2f}  {domain.sources}")

Async

import asyncio
from domain_scout import Scout, EntityInput

async def main():
    scout = Scout()
    result = await scout.discover_async(EntityInput(
        company_name="Palo Alto Networks",
        seed_domain=["paloaltonetworks.com"],
    ))
    return result

result = asyncio.run(main())

How it works

  1. Seed validation — DNS-resolves the seed domain, checks RDAP registrant org and CT cert org names against the company name
  2. CT org search — Queries crt.sh Postgres for certificates where the Subject Organization matches the company name
  3. Seed expansion — Finds all SANs on certs covering the seed domain, revealing related domains (e.g., acquired companies)
  4. Domain guessing — Generates candidates from the company name + common TLDs, resolves them, verifies via CT
  5. Cross-seed verification — With multiple seeds, domains found independently by 2+ seeds get a confidence boost
  6. RDAP corroboration — Queries RDAP registrant org on top discovered domains, confirming ownership matches the target company
  7. Confidence scoring — Corroboration-level model scores each domain 0–1 based on the combination of evidence: CT org match, SAN co-occurrence, DNS resolution, RDAP registrant match, cross-seed verification, and shared infrastructure

Data sources

Source Method Rate limited
crt.sh Postgres (primary), JSON API (fallback) 5 concurrent queries, 1s burst delay
RDAP rdap.org universal bootstrap Per-request
DNS dnspython (8.8.8.8, 1.1.1.1) 5 concurrent
Shodan GeoDNS geonet.shodan.io (deep mode) 3 concurrent, 0.5s delay

Development

make install      # uv sync --all-groups
make test         # unit tests (mocked external calls)
make lint         # ruff + mypy
make format       # ruff --fix + ruff format
make check        # format + lint + test

Integration tests hit real crt.sh:

make test-integration

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for minghsuy from gravatar.com minghsuy

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ming Yang
  • Tags certificate-transparency , dns , domain-discovery , rdap , security
  • Requires: Python >=3.12
  • Provides-Extra: all , api , cache , metrics
Classifiers

Release history Release notifications | RSS feed

0.11.0

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

This version

0.4.0

0.3.1

0.3.0

0.2.2

0.2.1

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

domain_scout_ct-0.4.0.tar.gz (136.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

domain_scout_ct-0.4.0-py3-none-any.whl (41.4 kB view details)

Uploaded Python 3

File details

Details for the file domain_scout_ct-0.4.0.tar.gz.

File metadata

  • Download URL: domain_scout_ct-0.4.0.tar.gz
  • Upload date:
  • Size: 136.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for domain_scout_ct-0.4.0.tar.gz
Algorithm Hash digest
SHA256 85fb8177095da4ad4dfb70659b751d240c5efd123533c73fe064a3daaa18cc46
MD5 0b90542c5aa393707143e6e0c7c03392
BLAKE2b-256 72590415e862085bec6788d45ea7184b4053ec266484cf30ca9191d4310e1801

See more details on using hashes here.

Provenance

The following attestation bundles were made for domain_scout_ct-0.4.0.tar.gz:

Publisher: release.yml on minghsuy/domain-scout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file domain_scout_ct-0.4.0-py3-none-any.whl.

File metadata

File hashes

Hashes for domain_scout_ct-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 97c83912f145774444cd9c5f0a1cff49710408e3d7e40d595fb2b954eec7f4c9
MD5 bef58383b6f1071893ed32442de2c414
BLAKE2b-256 393a09ac3ecf97ca46a8dcf27892a1525ca1da1b9c716edb561e333e8a0449c7

See more details on using hashes here.

Provenance

The following attestation bundles were made for domain_scout_ct-0.4.0-py3-none-any.whl:

Publisher: release.yml on minghsuy/domain-scout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page