Skip to content

Commit 787eb8d

Browse files
committed
docs: update README to reflect all 27 MCP tools and 25 REST endpoints
- Renamed 'All 17 MCP Tools' section to 'All 27 MCP Tools' - Added Phase 5 DNS Intelligence table (6 new tools) - Added Phase 6 TLS/Certificates/Threat Intel table (4 new tools) - Updated REST API section from 15 to 25 endpoints with grouped tables - Added curl examples for all new DNS, TLS, CT, threat intel, PDNS endpoints - Added Phase 5 and Phase 6 natural language example queries - Fixed expected test output in README (17→27 tools, 15→25 endpoints) - All static tests pass (27 tools, 25 endpoints, 0 errors) https://claude.ai/code/session_01HbqpFDHjFtjBm3Kf6e6YAp
1 parent 316f62b commit 787eb8d

1 file changed

Lines changed: 89 additions & 6 deletions

File tree

README.md

Lines changed: 89 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -119,9 +119,26 @@ Interactive docs at: http://localhost:8000/docs
119119
"Monitor AS13335 for changes since last baseline."
120120
```
121121

122+
**Phase 5 — DNS intelligence:**
123+
```
124+
"What DNS records does cloudflare.com have?"
125+
"Is the DNSSEC chain valid for google.com?"
126+
"Check if 1.2.3.4 is on any spam blocklist."
127+
"Audit the email security posture of example.com."
128+
"Has my DNS change for api.example.com propagated globally yet?"
129+
```
130+
131+
**Phase 6 — TLS, certificates & threat intel:**
132+
```
133+
"When does the TLS certificate for cloudflare.com expire?"
134+
"Show me all certificates ever issued for *.example.com."
135+
"Is 198.51.100.1 flagged as malicious — what ports and CVEs does Shodan see?"
136+
"What hostnames has the IP 1.2.3.4 served historically?"
137+
```
138+
122139
---
123140

124-
## All 17 MCP Tools
141+
## All 27 MCP Tools
125142

126143
### Phase 1 — Registry Queries
127144

@@ -155,18 +172,40 @@ Interactive docs at: http://localhost:8000/docs
155172

156173
| Tool | Description | Cache TTL |
157174
|------|-------------|-----------|
158-
| `rir_get_peering_info` | PeeringDB peering data + BGP neighbours for an ASN | 1 hour |
159-
| `rir_lookup_ixps` | Search Internet Exchange Points globally | 6 hours |
175+
| `rir_peering_info` | PeeringDB peering data + BGP neighbours for an ASN | 1 hour |
176+
| `rir_ixp_lookup` | Search Internet Exchange Points globally | 6 hours |
160177
| `rir_network_health` | RPKI + BGP + RDAP health composite check | 5 min |
161178
| `rir_change_monitor` | Detect changes since last baseline (delta report) | live |
162179

180+
### Phase 5 — DNS Intelligence
181+
182+
| Tool | Description | Cache TTL |
183+
|------|-------------|-----------|
184+
| `peerglass_dns_resolve` | DNS resolution with RDAP IP correlation (A/AAAA/PTR/MX/TXT/NS…) | 5 min |
185+
| `peerglass_dns_enumerate` | Full DNS record enumeration — all types in one call + SPF/DMARC extraction | 5 min |
186+
| `peerglass_dns_dnssec` | DNSSEC chain-of-trust validation (SECURE / INSECURE / BOGUS / INDETERMINATE) | 5 min |
187+
| `peerglass_dns_dnsbl` | DNS blocklist check against 30 RBLs in parallel (Spamhaus, Barracuda, SORBS…) | 15 min |
188+
| `peerglass_dns_email_security` | Email security audit: SPF, DMARC, DKIM, MX, BIMI + risk score | 15 min |
189+
| `peerglass_dns_propagation` | DNS propagation check across 10 global resolvers simultaneously | live |
190+
191+
### Phase 6 — TLS, Certificates & Threat Intelligence
192+
193+
| Tool | Description | Cache TTL |
194+
|------|-------------|-----------|
195+
| `peerglass_tls_inspect` | TLS certificate inspection: subject, SANs, expiry, cipher suite, HSTS | 1 hour |
196+
| `peerglass_ct_logs` | Certificate Transparency log search via crt.sh — discover all certs ever issued | 6 hours |
197+
| `peerglass_threat_intel` | Threat intelligence: Shodan InternetDB (open ports, CVEs) + GreyNoise (classification, risk score) | 15 min |
198+
| `peerglass_passive_dns` | Passive DNS history via RIPE Stat — what IPs/hostnames were associated over time | 12 hours |
199+
163200
---
164201

165-
## REST API — 15 Endpoints
202+
## REST API — 25 Endpoints
166203

167204
PeerGlass exposes every tool as a REST endpoint, allowing integration with
168205
dashboards, scripts, and CI/CD pipelines — no Claude required.
169206

207+
**Registry & Routing**
208+
170209
| Method | Endpoint | Description |
171210
|--------|----------|-------------|
172211
| GET | `/v1/ip/{ip}` | RDAP lookup for an IP address |
@@ -185,6 +224,26 @@ dashboards, scripts, and CI/CD pipelines — no Claude required.
185224
| GET | `/v1/health/{resource}` | Composite network health check |
186225
| GET | `/v1/monitor/{resource}` | Change monitoring (delta) |
187226

227+
**DNS Intelligence**
228+
229+
| Method | Endpoint | Description |
230+
|--------|----------|-------------|
231+
| GET | `/v1/dns/resolve/{target}` | DNS resolution + RDAP IP correlation |
232+
| GET | `/v1/dns/enumerate/{domain}` | Full DNS record enumeration (all types) |
233+
| GET | `/v1/dns/dnssec/{domain}` | DNSSEC chain-of-trust validation |
234+
| GET | `/v1/dns/dnsbl/{ip}` | DNS blocklist check (30 RBLs in parallel) |
235+
| GET | `/v1/dns/email/{domain}` | Email security audit (SPF/DMARC/DKIM/BIMI) |
236+
| GET | `/v1/dns/propagation/{domain}` | DNS propagation across 10 global resolvers |
237+
238+
**TLS, Certificates & Threat Intel**
239+
240+
| Method | Endpoint | Description |
241+
|--------|----------|-------------|
242+
| GET | `/v1/tls/{hostname}` | TLS certificate inspection |
243+
| GET | `/v1/ct/{domain}` | Certificate Transparency log search |
244+
| GET | `/v1/threat/{ip}` | Threat intelligence (Shodan + GreyNoise) |
245+
| GET | `/v1/pdns/{resource}` | Passive DNS history (RIPE Stat) |
246+
188247
**Quick example:**
189248

190249
```bash
@@ -199,6 +258,30 @@ curl http://localhost:8000/v1/peering/AS15169
199258

200259
# List AFRINIC delegated IPv4 blocks (allocated + Ghana), paginated
201260
curl "http://localhost:8000/v1/stats/ipv4?rir=AFRINIC&include_blocks=true&status=allocated&country=GH&limit=5&offset=0&format=json"
261+
262+
# DNS — enumerate all record types for a domain
263+
curl http://localhost:8000/v1/dns/enumerate/cloudflare.com
264+
265+
# DNS — check email security (SPF/DMARC/DKIM)
266+
curl http://localhost:8000/v1/dns/email/cloudflare.com
267+
268+
# DNS — check if an IP is on any blocklist
269+
curl http://localhost:8000/v1/dns/dnsbl/1.2.3.4
270+
271+
# DNS — check propagation across 10 global resolvers
272+
curl "http://localhost:8000/v1/dns/propagation/cloudflare.com?record_type=A"
273+
274+
# TLS — inspect certificate for a hostname
275+
curl http://localhost:8000/v1/tls/cloudflare.com
276+
277+
# Certificates — find all certs ever issued for a domain
278+
curl http://localhost:8000/v1/ct/cloudflare.com
279+
280+
# Threat intel — open ports, CVEs, risk score for an IP
281+
curl http://localhost:8000/v1/threat/1.2.3.4
282+
283+
# Passive DNS — what hostnames has this IP served?
284+
curl http://localhost:8000/v1/pdns/1.1.1.1
202285
```
203286

204287
Interactive docs (Swagger UI): http://localhost:8000/docs
@@ -292,7 +375,7 @@ You should run both — they catch different categories of problems.
292375
| 5 | User-Agent | Updated to `peerglass/1.0.0` |
293376
| 6 | MCP server name | `"peerglass"` |
294377
| 7 | Tool count | Exactly 17 `@mcp.tool()` decorators in `server.py` |
295-
| 8 | REST endpoints | All 15 routes present in `api.py` |
378+
| 8 | REST endpoints | All 25 routes present in `api.py` |
296379
| 9 | FastAPI runtime | TestClient hits 3 endpoints in-memory, validates responses |
297380
| 10 | README | PeerGlass branding, 27 tools, RDAP note all present |
298381

@@ -319,7 +402,7 @@ PEERGLASS — COMPLETE TEST SUITE
319402
...
320403
321404
✅ ALL TESTS PASSED — 0 errors
322-
Python files: 7 | MCP tools: 17 | REST endpoints: 15
405+
Python files: 7 | MCP tools: 27 | REST endpoints: 25
323406
Protocol: RDAP throughout (RFC 7480-7484)
324407
Branding: PeerGlass throughout
325408
============================================================

0 commit comments

Comments
 (0)