domain_discovery_skill

This skill finds and validates a company's official domain using web search, WHOIS lookups, and common TLD checks.
  • Python

42

GitHub Stars

1

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill transilienceai/communitytools --skill domain_discovery

  • SKILL.md3.8 KB

Overview

This skill discovers and validates a company's official domain by combining web search results, WHOIS lookups, DNS checks, and common TLD pattern testing. It prioritizes likely TLDs, gathers ownership signals, and returns a primary domain with alternatives and a confidence score. The goal is accurate domain identification for reconnaissance, bug bounty triage, and security research.

How this skill works

The skill runs a targeted web search for the company name and extracts top domain candidates while filtering out social, news, and directory sites. It then normalizes the company name and probes a prioritized list of TLD variations, checking DNS resolution and basic homepage content. WHOIS queries are performed to extract registrant fields and creation dates. Finally, validation rules combine page title, meta description, WHOIS matches, and social links to produce a confidence rating.

When to use it

  • Initial reconnaissance for a penetration test or bug bounty engagement
  • Validating a suspected corporate domain before outreach or reporting
  • Building an asset inventory for security assessments
  • Resolving ambiguous domain candidates found during automated scans
  • Prioritizing targets when multiple similar domains exist

Best practices

  • Normalize company names (lowercase, strip punctuation) before TLD testing
  • Treat WHOIS as supporting evidence; registrar privacy is common
  • Respect rate limits for web search and WHOIS queries to avoid blocks
  • Record search queries and evidence for auditability and reporting
  • Never attempt login or intrusive actions; limit checks to public data

Example use cases

  • Search for the official domain of a newly disclosed startup before reporting a vulnerability
  • Confirm whether a suspicious email domain matches a target company's official domain
  • Enumerate and validate alternative TLDs to expand an asset inventory
  • Use WHOIS creation dates and registrant names to spot spoof or phishing domains
  • Filter automated scan results by confidence to prioritize manual review

FAQ

The skill falls back to DNS, homepage content, and social link signals and lowers confidence if WHOIS evidence is unavailable.

How is the confidence score computed?

Signals are weighted (title, WHOIS, meta description, social links) and combined into High, Medium, or Low confidence tiers.

Can this skill test uncommon or country TLDs?

Yes—you can extend the TLD list, but the skill prioritizes common TLDs by default and will test additional patterns when configured.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational