DomainShield is a comprehensive DNS & Email Security Auditor that performs automated security assessments for domain infrastructure. It identifies vulnerabilities in DNS configuration, email authentication, and network services, generating professional security reports.
-
DNS Infrastructure Analysis
- Name server distribution & subnet diversity
- DNS security extensions (DNSSEC) validation
- Open resolver testing
- Name server responsiveness checks
-
Email Security Validation
- SPF record configuration & syntax checking
- DKIM record discovery & validation
- DMARC policy analysis & reporting
- Email spoofing vulnerability detection
-
Network Security Scanning
- Common service port detection
- SSL/TLS certificate validation
- Service exposure analysis
- Security header verification
- HTML Reports with dark theme and high contrast
- Detailed Technical Findings with Proof of Concept
- Color-coded Severity Levels (Critical, High, Medium, Low)
- Actionable Recommendations for remediation
- Executive Summary for quick overview
- Color-blind friendly design
- Kali Linux or any Linux distribution
- Basic tools:
dig,whois,nslookup,curl,openssl,nc
# Clone the repository
git clone https://github.com/Debajyoti0-0/DomainShield.git
cd DomainShield
# Run the installer (automatically installs all dependencies)
chmod +x install.sh
./install.shThe installer will automatically:
- Detect your package manager (apt, yum, dnf, pacman, zypper)
- Install all required tools
- Create a global symlink for easy access
If you prefer to install tools manually:
Ubuntu/Debian:
sudo apt update && sudo apt install -y dnsutils whois curl openssl netcatCentOS/RHEL/Fedora:
sudo yum install -y bind-utils whois curl openssl nc
# or for Fedora:
sudo dnf install -y bind-utils whois curl openssl ncArch Linux:
sudo pacman -Sy --noconfirm bind-tools whois curl openssl netcat# After installation, use from anywhere:
domainshield example.com
# Or using the direct script:
./DomainShield.sh example.com╔════════════════════════════════════════════════════════════════╗
║ DomainShield ║
║ DNS & EMAIL SECURITY AUDITOR ║
║ Automated Assessment Tool ║
╚════════════════════════════════════════════════════════════════╝
USAGE:
./DomainShield.sh [OPTIONS] <domain>
DESCRIPTION:
Comprehensive automated security assessment for DNS and email infrastructure.
Performs multiple security checks and generates professional reports.
OPTIONS:
-h, --help Show this help message and exit
-v, --verbose Enable verbose output during assessment
-q, --quiet Suppress non-essential output
-o, --output DIR Custom output directory (default: auto-generated)
-r, --report-only Generate report from existing data (not implemented)
--no-html Generate only text report, no HTML
--no-network Skip network port scanning
--dns-only Perform only DNS-related checks
--email-only Perform only email security checks
EXAMPLES:
./DomainShield.sh example.com # Full assessment
./DomainShield.sh -v example.com # Verbose mode
./DomainShield.sh -o my_report example.com # Custom output dir
./DomainShield.sh --dns-only example.com # DNS checks only
./DomainShield.sh --email-only example.com # Email checks only
CHECKS PERFORMED:
[✓] DNS Infrastructure Security
[✓] Name Server Distribution & Subnet Diversity
[✓] Email Authentication (SPF, DKIM, DMARC)
[✓] SSL/TLS Certificate Validation
[✓] Network Service Exposure
[✓] DNS Security Extensions (DNSSEC)
[✓] Open Resolver Testing
OUTPUT:
[📄] full_report.html - Professional HTML report
[📄] technical_report.txt - Detailed technical findings
[📁] mail_security_audit_<domain>_<timestamp>/ - Report directory
REQUIREMENTS:
dig, whois, nslookup, curl, openssl, nc (netcat)
EXIT CODES:
[0] - Success
[1] - Missing domain or argument error
[2] - Required tools not installed
[3] - Assessment failed
NOTE: This tool is for authorized security assessments only.
Always ensure you have permission to test the target domain.
Author: Debajyoti0-0 | The DomainShield | Version: 1.0Comprehensive Assessment
domainshield example.comPerforms full DNS, email, and network security assessment
Verbose Mode
domainshield -v example.comShows detailed progress during assessment
Quiet Mode
domainshield -q example.comShows only the summary report
DNS-Only Assessment
domainshield --dns-only example.comFocuses only on DNS infrastructure security
Custom Output Directory
domainshield -o my_security_report example.comSaves reports to custom directory
Skip Network Scanning
domainshield --no-network example.comPerforms assessment without port scanning
Text-Only Report
domainshield --no-html example.comGenerates only technical text report
- ✅ Name server redundancy & distribution
- ✅ Subnet diversity (single point of failure detection)
- ✅ DNSSEC implementation
- ✅ Open DNS resolvers
- ✅ Name server responsiveness
- ✅ Name server count validation
- ✅ SPF record presence & configuration
- ✅ SPF syntax validation
- ✅ DKIM record discovery
- ✅ DMARC policy enforcement
- ✅ Email spoofing protection
- ✅ Proper email authentication setup
- ✅ DMARC reporting configuration
- ✅ SSL/TLS certificate validity
- ✅ Certificate expiration monitoring
- ✅ Common service exposure (SSH, SMTP, DNS, FTP, etc.)
- ✅ Service accessibility checks
- ✅ Open port detection
Want to see what DomainShield reports look like before running it? Check out the sample reports in the Sample_Report/ directory:
- Sample_Report/full_report.html - See a complete assessment report with findings, recommendations, and proof of concept evidence
╔════════════════════════════════════════════════════════════════╗
║ DomainShield ║
║ DNS & EMAIL SECURITY AUDITOR ║
║ Automated Assessment Tool ║
╚════════════════════════════════════════════════════════════════╝
=== ASSESSMENT SUMMARY ===
Critical: 0
High: 4
Medium: 2
Low: 2
Passed: 8
mail_security_audit_example.com_2024-01-15_14-30-00/
├── full_report.html # Professional HTML report
└── technical_report.txt # Detailed technical findings
# Assess multiple domains
for domain in example.com test.org demo.net; do
domainshield -q $domain
done# Example CI integration
domainshield --quiet example.com
if [ $? -eq 0 ]; then
echo "Security assessment passed"
else
echo "Security issues found - check reports"
exit 1
fi# Email security only
domainshield --email-only example.com
# DNS infrastructure only
domainshield --dns-only example.com
# Without network scans (firewall friendly)
domainshield --no-network example.comDomainShield/
├── DomainShield.sh # Main assessment script
├── install.sh # Automatic dependency installer
├── Uninstall.sh # Clean uninstaller
├── Img/
│ ├── DomainShield-Preview.png # Project logo
│ └── DomainShield.png # Project logo (not Preview.png)
├── Sample_Report/ # Example reports
│ ├── full_report.html # Sample HTML report
│ └── DomainShield-Preview.png # Logo preview
├── README.md # This file
└── reports/ # Generated reports (example)
└── mail_security_audit_example.com_2024-01-15_14-30-00/
├── full_report.html
└── technical_report.txt
- Professional Dark Theme with high contrast
- Color-blind Friendly headers and indicators
- Interactive Elements with hover effects
- Responsive Design for all devices
- Executive Summary with severity breakdown
- Technical Details with proof of concept
- Actionable Recommendations for each finding
- Assessment Methodology documentation
- Structured Findings by severity level
- Technical Evidence for each vulnerability
- Remediation Guidance with priority levels
- Raw DNS Records for manual verification
- Tool Usage information
./install.shAutomatically installs dependencies and creates symlink
./Uninstall.shRemoves symlink and optionally uninstalls tools
After installation, use domainshield from any directory:
domainshield example.com- Use only on domains you own or have explicit permission to test
- Obtain proper authorization before conducting security assessments
- Comply with all applicable laws and regulations
- Respect rate limiting and scanning policies
This tool is designed for:
- Security professionals conducting authorized assessments
- System administrators auditing their infrastructure
- Security researchers with proper permissions
- Educational and training purposes
- Personal website security testing
If you discover vulnerabilities in third-party systems:
- Follow responsible disclosure practices
- Contact the appropriate security team
- Provide clear reproduction steps
- Allow reasonable time for remediation
We welcome contributions from the security community!
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- New security checks and validations
- Improved reporting formats
- Additional output formats (JSON, CSV, etc.)
- Enhanced visualization features
- Performance optimizations
- Documentation improvements
git clone https://github.com/Debajyoti0-0/DomainShield.git
cd DomainShield
chmod +x DomainShield.sh
# Test your changes
./DomainShield.sh example.comThis project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
Debajyoti0-0
- GitHub: @Debajyoti0-0
- Tool: DomainShield - DNS & Email Security Auditor
- Security community for best practices and methodologies
- Open source tools that make this project possible
- Contributors and testers who help improve DomainShield
- Color-blind accessibility guidelines and resources
- DNSViz - DNS visualization tool
- MXToolbox - Email and DNS diagnostic tools
- SSL Labs - SSL/TLS assessment
🔒 Secure Your Domain Infrastructure with DomainShield - Automated DNS & Email Security Auditing
"Prevention is better than cure - especially in cybersecurity"
If you encounter any issues or have questions:
- Check the Issues page
- Create a new issue with detailed information
- Provide the domain tested and error messages if any
When reporting bugs, please include:
- DomainShield version (run
domainshield --help) - Your operating system and version
- The exact command you ran
- Full error output
- Steps to reproduce the issue
⭐ If you find DomainShield useful, please consider giving it a star on GitHub!