@@ -119,9 +119,26 @@ Interactive docs at: http://localhost:8000/docs
119119"Monitor AS13335 for changes since last baseline."
120120```
121121
122+ ** Phase 5 — DNS intelligence:**
123+ ```
124+ "What DNS records does cloudflare.com have?"
125+ "Is the DNSSEC chain valid for google.com?"
126+ "Check if 1.2.3.4 is on any spam blocklist."
127+ "Audit the email security posture of example.com."
128+ "Has my DNS change for api.example.com propagated globally yet?"
129+ ```
130+
131+ ** Phase 6 — TLS, certificates & threat intel:**
132+ ```
133+ "When does the TLS certificate for cloudflare.com expire?"
134+ "Show me all certificates ever issued for *.example.com."
135+ "Is 198.51.100.1 flagged as malicious — what ports and CVEs does Shodan see?"
136+ "What hostnames has the IP 1.2.3.4 served historically?"
137+ ```
138+
122139---
123140
124- ## All 17 MCP Tools
141+ ## All 27 MCP Tools
125142
126143### Phase 1 — Registry Queries
127144
@@ -155,18 +172,40 @@ Interactive docs at: http://localhost:8000/docs
155172
156173| Tool | Description | Cache TTL |
157174| ------| -------------| -----------|
158- | ` rir_get_peering_info ` | PeeringDB peering data + BGP neighbours for an ASN | 1 hour |
159- | ` rir_lookup_ixps ` | Search Internet Exchange Points globally | 6 hours |
175+ | ` rir_peering_info ` | PeeringDB peering data + BGP neighbours for an ASN | 1 hour |
176+ | ` rir_ixp_lookup ` | Search Internet Exchange Points globally | 6 hours |
160177| ` rir_network_health ` | RPKI + BGP + RDAP health composite check | 5 min |
161178| ` rir_change_monitor ` | Detect changes since last baseline (delta report) | live |
162179
180+ ### Phase 5 — DNS Intelligence
181+
182+ | Tool | Description | Cache TTL |
183+ | ------| -------------| -----------|
184+ | ` peerglass_dns_resolve ` | DNS resolution with RDAP IP correlation (A/AAAA/PTR/MX/TXT/NS…) | 5 min |
185+ | ` peerglass_dns_enumerate ` | Full DNS record enumeration — all types in one call + SPF/DMARC extraction | 5 min |
186+ | ` peerglass_dns_dnssec ` | DNSSEC chain-of-trust validation (SECURE / INSECURE / BOGUS / INDETERMINATE) | 5 min |
187+ | ` peerglass_dns_dnsbl ` | DNS blocklist check against 30 RBLs in parallel (Spamhaus, Barracuda, SORBS…) | 15 min |
188+ | ` peerglass_dns_email_security ` | Email security audit: SPF, DMARC, DKIM, MX, BIMI + risk score | 15 min |
189+ | ` peerglass_dns_propagation ` | DNS propagation check across 10 global resolvers simultaneously | live |
190+
191+ ### Phase 6 — TLS, Certificates & Threat Intelligence
192+
193+ | Tool | Description | Cache TTL |
194+ | ------| -------------| -----------|
195+ | ` peerglass_tls_inspect ` | TLS certificate inspection: subject, SANs, expiry, cipher suite, HSTS | 1 hour |
196+ | ` peerglass_ct_logs ` | Certificate Transparency log search via crt.sh — discover all certs ever issued | 6 hours |
197+ | ` peerglass_threat_intel ` | Threat intelligence: Shodan InternetDB (open ports, CVEs) + GreyNoise (classification, risk score) | 15 min |
198+ | ` peerglass_passive_dns ` | Passive DNS history via RIPE Stat — what IPs/hostnames were associated over time | 12 hours |
199+
163200---
164201
165- ## REST API — 15 Endpoints
202+ ## REST API — 25 Endpoints
166203
167204PeerGlass exposes every tool as a REST endpoint, allowing integration with
168205dashboards, scripts, and CI/CD pipelines — no Claude required.
169206
207+ ** Registry & Routing**
208+
170209| Method | Endpoint | Description |
171210| --------| ----------| -------------|
172211| GET | ` /v1/ip/{ip} ` | RDAP lookup for an IP address |
@@ -185,6 +224,26 @@ dashboards, scripts, and CI/CD pipelines — no Claude required.
185224| GET | ` /v1/health/{resource} ` | Composite network health check |
186225| GET | ` /v1/monitor/{resource} ` | Change monitoring (delta) |
187226
227+ ** DNS Intelligence**
228+
229+ | Method | Endpoint | Description |
230+ | --------| ----------| -------------|
231+ | GET | ` /v1/dns/resolve/{target} ` | DNS resolution + RDAP IP correlation |
232+ | GET | ` /v1/dns/enumerate/{domain} ` | Full DNS record enumeration (all types) |
233+ | GET | ` /v1/dns/dnssec/{domain} ` | DNSSEC chain-of-trust validation |
234+ | GET | ` /v1/dns/dnsbl/{ip} ` | DNS blocklist check (30 RBLs in parallel) |
235+ | GET | ` /v1/dns/email/{domain} ` | Email security audit (SPF/DMARC/DKIM/BIMI) |
236+ | GET | ` /v1/dns/propagation/{domain} ` | DNS propagation across 10 global resolvers |
237+
238+ ** TLS, Certificates & Threat Intel**
239+
240+ | Method | Endpoint | Description |
241+ | --------| ----------| -------------|
242+ | GET | ` /v1/tls/{hostname} ` | TLS certificate inspection |
243+ | GET | ` /v1/ct/{domain} ` | Certificate Transparency log search |
244+ | GET | ` /v1/threat/{ip} ` | Threat intelligence (Shodan + GreyNoise) |
245+ | GET | ` /v1/pdns/{resource} ` | Passive DNS history (RIPE Stat) |
246+
188247** Quick example:**
189248
190249``` bash
@@ -199,6 +258,30 @@ curl http://localhost:8000/v1/peering/AS15169
199258
200259# List AFRINIC delegated IPv4 blocks (allocated + Ghana), paginated
201260curl " http://localhost:8000/v1/stats/ipv4?rir=AFRINIC&include_blocks=true&status=allocated&country=GH&limit=5&offset=0&format=json"
261+
262+ # DNS — enumerate all record types for a domain
263+ curl http://localhost:8000/v1/dns/enumerate/cloudflare.com
264+
265+ # DNS — check email security (SPF/DMARC/DKIM)
266+ curl http://localhost:8000/v1/dns/email/cloudflare.com
267+
268+ # DNS — check if an IP is on any blocklist
269+ curl http://localhost:8000/v1/dns/dnsbl/1.2.3.4
270+
271+ # DNS — check propagation across 10 global resolvers
272+ curl " http://localhost:8000/v1/dns/propagation/cloudflare.com?record_type=A"
273+
274+ # TLS — inspect certificate for a hostname
275+ curl http://localhost:8000/v1/tls/cloudflare.com
276+
277+ # Certificates — find all certs ever issued for a domain
278+ curl http://localhost:8000/v1/ct/cloudflare.com
279+
280+ # Threat intel — open ports, CVEs, risk score for an IP
281+ curl http://localhost:8000/v1/threat/1.2.3.4
282+
283+ # Passive DNS — what hostnames has this IP served?
284+ curl http://localhost:8000/v1/pdns/1.1.1.1
202285```
203286
204287Interactive docs (Swagger UI): http://localhost:8000/docs
@@ -292,7 +375,7 @@ You should run both — they catch different categories of problems.
292375| 5 | User-Agent | Updated to ` peerglass/1.0.0 ` |
293376| 6 | MCP server name | ` "peerglass" ` |
294377| 7 | Tool count | Exactly 17 ` @mcp.tool() ` decorators in ` server.py ` |
295- | 8 | REST endpoints | All 15 routes present in ` api.py ` |
378+ | 8 | REST endpoints | All 25 routes present in ` api.py ` |
296379| 9 | FastAPI runtime | TestClient hits 3 endpoints in-memory, validates responses |
297380| 10 | README | PeerGlass branding, 27 tools, RDAP note all present |
298381
@@ -319,7 +402,7 @@ PEERGLASS — COMPLETE TEST SUITE
319402...
320403
321404✅ ALL TESTS PASSED — 0 errors
322- Python files: 7 | MCP tools: 17 | REST endpoints: 15
405+ Python files: 7 | MCP tools: 27 | REST endpoints: 25
323406 Protocol: RDAP throughout (RFC 7480-7484)
324407 Branding: PeerGlass throughout
325408============================================================
0 commit comments