☀️ 🌙

GlobalDetect CLI

Enterprise Network Engineering Toolkit for Internet-Scale Operations

by DNSScience.io

Carrier-Grade Enterprise-Ready Open Source
Home Explorer Tools
Docs
API Reference CLI Tools DNSNet Toolkit GlobalDetect CLI Docker Client
Pricing View on GitHub

Why GlobalDetect CLI?

Built for global enterprise networks and carrier-grade facilities operating infrastructure at "Internet Scale." GlobalDetect provides a comprehensive CLI toolkit that network engineers need for daily operations - from IP management and BGP analysis to security intelligence and complete network inventory management.

  • Complete Network Toolkit: IP/CIDR management, BGP analysis, DNS utilities, diagnostics, packet capture, and security intelligence in one tool.
  • Internet-Scale Operations: Designed for ISPs, data centers, and enterprises managing thousands of devices across global networks.
  • Network Inventory: Discover, catalog, and manage systems, switches, locations, and interfaces with full lifecycle tracking.
  • Security Intelligence: RBL checking against 50+ providers, dark web/Tor exit node detection, SSL certificate analysis, and threat feeds.
  • Agent-Based Monitoring: Deploy agents across your infrastructure for centralized inventory and real-time status reporting.
  • External Service Integration: IPInfo.io, AbuseIPDB, Cloudflare Radar, and DNS Science.io threat intelligence built-in.
ISP Operations Data Center Networks Enterprise NOC Carrier Networks Cloud Infrastructure

Table of Contents

Installation

Quick Install

# Clone the repository
git clone https://github.com/straticus1/dnsscience-globalconnect.git
cd dnsscience-globalconnect

# Option 1: Virtual environment (development)
./install.sh --venv
source venv/bin/activate

# Option 2: System-wide installation
./install.sh --system

# Option 3: User installation (no sudo)
./install.sh --user

Requirements

  • Python 3.10 or higher
  • Network access for external API integrations
  • Root/sudo for packet capture and neighbor discovery features

Verify Installation

# Check version and available commands
globaldetect --help

# Test basic functionality
globaldetect ip info 8.8.8.8

IP/CIDR Management

Complete IPv4 and IPv6 address management with subnet calculations, CIDR operations, and bogon detection.

globaldetect ip info

Get detailed information about any IP address, optionally with geolocation data.

# Basic IP information
globaldetect ip info 192.168.1.1

# With geolocation (requires IPInfo.io token)
globaldetect ip info 8.8.8.8 --geolocate

# IPv6 support
globaldetect ip info 2001:4860:4860::8888 --geolocate
globaldetect ip calc

Perform subnet calculations showing network address, broadcast, usable hosts, and more.

# Calculate subnet details
globaldetect ip calc 10.0.0.0/24

# Output includes:
#   Network: 10.0.0.0
#   Broadcast: 10.0.0.255
#   First usable: 10.0.0.1
#   Last usable: 10.0.0.254
#   Total hosts: 254

# Calculate for larger blocks
globaldetect ip calc 172.16.0.0/12
globaldetect ip split

Divide a CIDR block into smaller subnets - essential for network planning.

# Split /24 into /26 subnets
globaldetect ip split 192.168.1.0/24 --prefix 26

# Output:
#   192.168.1.0/26 (64 addresses)
#   192.168.1.64/26 (64 addresses)
#   192.168.1.128/26 (64 addresses)
#   192.168.1.192/26 (64 addresses)

# Split a /16 into /20 blocks
globaldetect ip split 10.0.0.0/16 --prefix 20
globaldetect ip merge

Combine adjacent CIDR blocks into larger supernets for route aggregation.

# Merge adjacent blocks
globaldetect ip merge 192.168.0.0/24 192.168.1.0/24
# Result: 192.168.0.0/23

# Merge multiple blocks from file
globaldetect ip merge --file prefixes.txt
globaldetect ip bogon

Identify reserved, private, and bogon IP addresses that shouldn't be routed publicly.

# Check if IP is a bogon
globaldetect ip bogon 192.168.1.1
# Result: TRUE - RFC 1918 Private Address

globaldetect ip bogon 8.8.8.8
# Result: FALSE - Publicly Routable

# Useful for validating BGP announcements
globaldetect ip bogon 0.0.0.0/8
globaldetect ip bogon 224.0.0.0/4  # Multicast
globaldetect ip contains

Verify if an IP address is within a specific CIDR range - useful for ACL validation.

# Check if IP is in range
globaldetect ip contains 10.0.0.0/8 10.50.25.100
# Result: TRUE

globaldetect ip contains 192.168.1.0/24 192.168.2.50
# Result: FALSE

# Validate against multiple ranges
for ip in 10.1.1.1 172.16.5.5 192.168.1.1; do
    globaldetect ip contains 10.0.0.0/8 $ip
done

BGP/Routing Analysis

Comprehensive BGP and routing intelligence for understanding Internet topology and peering relationships.

globaldetect bgp asinfo

Get detailed Autonomous System information including name, country, and announced prefixes.

# Get AS information
globaldetect bgp asinfo 15169
# Output:
#   AS Number: 15169
#   Name: GOOGLE
#   Country: US
#   Prefixes IPv4: 1500+
#   Prefixes IPv6: 500+

# Lookup by IP
globaldetect bgp asinfo --ip 8.8.8.8
globaldetect bgp prefixes

List all prefixes announced by an Autonomous System.

# List all prefixes for an AS
globaldetect bgp prefixes 13335
# Lists all Cloudflare announced prefixes

# Filter by IPv4 or IPv6
globaldetect bgp prefixes 13335 --ipv4-only
globaldetect bgp prefixes 13335 --ipv6-only

# Export to file for analysis
globaldetect bgp prefixes 15169 --output google-prefixes.txt
globaldetect bgp peers

Retrieve peering information from PeeringDB for an AS.

# Get peering data
globaldetect bgp peers 32934
# Shows Facebook's peering locations, policies, and contact info

# Useful for peering coordination
globaldetect bgp peers 2906  # Netflix
globaldetect bgp peers 16509 # Amazon
globaldetect bgp whois

Perform BGP-specific WHOIS lookups.

# WHOIS lookup for AS
globaldetect bgp whois AS15169

# WHOIS for IP block
globaldetect bgp whois 8.8.8.0/24

Use Case: Peering Research

# Research a potential peering partner
globaldetect bgp asinfo 20940        # Get AS details (Akamai)
globaldetect bgp prefixes 20940      # See their announcements
globaldetect bgp peers 20940         # Find peering locations

Routing Protocol Analysis NEW

Analyze routing protocols including OSPF, IS-IS, EIGRP, and BGP. Query route tables, discover neighbors, and take snapshots for comparison.

globaldetect routing table

Query and filter the local routing table.

# Query local routing table
globaldetect routing table

# Filter by destination
globaldetect routing table --dest 10.0.0.0/8

# Filter by protocol
globaldetect routing table --protocol ospf

# Show IPv6 routes
globaldetect routing table --ipv6

# JSON output
globaldetect routing table --json-output
globaldetect routing neighbors

Discover routing protocol neighbors.

# Show OSPF neighbors
globaldetect routing neighbors ospf

# Show BGP neighbors with details
globaldetect routing neighbors bgp -v

# Show IS-IS adjacencies
globaldetect routing neighbors isis

# Show EIGRP neighbors
globaldetect routing neighbors eigrp
globaldetect routing snapshot

Take and compare routing table snapshots for change detection.

# Create a snapshot
globaldetect routing snapshot create --name "before-maintenance"

# List all snapshots
globaldetect routing snapshot list

# Compare snapshots
globaldetect routing snapshot diff before-maintenance after-maintenance

# Export snapshot to file
globaldetect routing snapshot export before-maintenance --output routes.json
globaldetect routing analyze

Analyze routing topology and detect issues.

# Analyze OSPF topology
globaldetect routing analyze ospf --area 0

# Check for routing loops
globaldetect routing analyze loops --dest 192.168.1.0/24

# Trace route through routing tables
globaldetect routing trace 10.0.50.1

# Find best path to destination
globaldetect routing analyze path 8.8.8.8

Use Case: Maintenance Window Validation

# Before maintenance - capture baseline
globaldetect routing snapshot create --name "pre-maintenance"
globaldetect routing neighbors ospf > neighbors-before.txt

# After maintenance - compare
globaldetect routing snapshot create --name "post-maintenance"
globaldetect routing snapshot diff pre-maintenance post-maintenance

# Verify convergence
globaldetect routing analyze ospf --check convergence

DNS Utilities

Complete DNS toolkit for queries, propagation checking, and delegation chain analysis.

globaldetect dns query

Query DNS records of any type from specified or default resolvers.

# Query A records
globaldetect dns query example.com A

# Query specific record types
globaldetect dns query example.com AAAA
globaldetect dns query example.com TXT
globaldetect dns query example.com CAA
globaldetect dns query _dmarc.example.com TXT

# Use specific resolver
globaldetect dns query example.com A --resolver 1.1.1.1

# Query DNSSEC records
globaldetect dns query example.com DNSKEY
globaldetect dns query example.com DS
globaldetect dns propagation

Check DNS propagation across global resolvers - essential for validating DNS changes.

# Check propagation worldwide
globaldetect dns propagation example.com A

# Output shows results from:
#   Google (8.8.8.8)
#   Cloudflare (1.1.1.1)
#   Quad9 (9.9.9.9)
#   OpenDNS (208.67.222.222)
#   + regional resolvers

# Check specific record type propagation
globaldetect dns propagation example.com MX
globaldetect dns propagation example.com TXT
globaldetect dns trace

Trace the full DNS delegation chain from root to authoritative servers.

# Trace delegation chain
globaldetect dns trace example.com

# Output shows:
#   . (root) -> com. (TLD) -> example.com (authoritative)
#   Including NS records and glue at each level

# Useful for debugging delegation issues
globaldetect dns trace subdomain.example.com
globaldetect dns mx

Query mail servers with priority ordering.

# Get MX records with priorities
globaldetect dns mx google.com
# Output:
#   10 smtp.google.com
#   20 smtp2.google.com
#   30 smtp3.google.com

# Validate mail configuration
globaldetect dns mx yourdomain.com
globaldetect dns reverse

Perform PTR (reverse DNS) lookups.

# Reverse lookup
globaldetect dns reverse 8.8.8.8
# Result: dns.google

# Verify reverse DNS for your mail servers
globaldetect dns reverse 192.0.2.25

Network Diagnostics

Essential network diagnostic tools with enhanced features for troubleshooting.

globaldetect diag ping

ICMP ping with statistics and optional continuous mode.

# Basic ping
globaldetect diag ping 8.8.8.8

# Specify count
globaldetect diag ping 8.8.8.8 --count 10

# Continuous ping with statistics
globaldetect diag ping 8.8.8.8 --continuous

# Set packet size
globaldetect diag ping 8.8.8.8 --size 1400
globaldetect diag traceroute

Path tracing with optional GeoIP enrichment per hop.

# Basic traceroute
globaldetect diag traceroute example.com

# With geolocation per hop (requires IPInfo token)
globaldetect diag traceroute example.com --geoip

# Output includes:
#   Hop 1: 192.168.1.1 (1.2ms) - Local Router
#   Hop 2: 10.0.0.1 (5.3ms) - New York, US
#   Hop 3: 72.14.215.85 (12.1ms) - Google, Mountain View, US
#   ...
globaldetect diag mtu

Discover Path MTU to identify fragmentation issues.

# Discover path MTU
globaldetect diag mtu example.com

# Output:
#   Path MTU: 1500 bytes
#   Fragmentation: None detected

# Useful for VPN/tunnel troubleshooting
globaldetect diag mtu vpn-endpoint.example.com
globaldetect diag port

TCP port connectivity verification.

# Check single port
globaldetect diag port example.com 443

# Check multiple ports
globaldetect diag port example.com 80,443,8080

# Check common service ports
globaldetect diag port mail.example.com 25,465,587,993

Use Case: Connectivity Troubleshooting

# Full connectivity diagnosis
globaldetect dns query problematic-site.com A
globaldetect diag ping problematic-site.com --count 5
globaldetect diag traceroute problematic-site.com --geoip
globaldetect diag port problematic-site.com 443
globaldetect diag mtu problematic-site.com

Global Traceroute NEW

Trace network paths from 200+ Cloudflare edge locations worldwide. Visualize routing, detect anomalies, and analyze path diversity across the global Internet.

Why Global Traceroute?

Standard traceroute only shows the path from your location. Global Traceroute leverages Cloudflare's worldwide edge network to trace paths from multiple continents simultaneously, revealing:

  • Geographic Routing Issues: Detect when traffic is routed through unexpected countries
  • BGP Path Analysis: Compare AS paths from different vantage points
  • Latency Variations: Identify regional performance differences
  • Routing Anomalies: Detect suspicious path changes or hijacking
globaldetect trace global

Run traceroutes from multiple Cloudflare edge locations worldwide.

# Global traceroute from all regions
globaldetect trace global example.com

# Select specific source regions
globaldetect trace global example.com --sources "US,EU,APAC"

# Trace from specific Cloudflare locations
globaldetect trace global example.com --locations "SJC,LHR,NRT,SYD"

# Output includes results from 200+ locations:
#   Source: San Jose (SJC)
#   Hops: 12 | Latency: 45ms | Path: AS15169 → AS3356 → AS13335
#
#   Source: London (LHR)
#   Hops: 14 | Latency: 78ms | Path: AS3356 → AS1299 → AS13335
#
#   Source: Tokyo (NRT)
#   Hops: 11 | Latency: 125ms | Path: AS4713 → AS2914 → AS13335
globaldetect trace visual

Generate visual traceroute with interactive map output.

# Visual traceroute with map
globaldetect trace visual example.com --output map.html

# Include all hop geolocation
globaldetect trace visual example.com --geoip --output trace.html

# JSON output for integration
globaldetect trace visual example.com --format json

# Output includes per-hop:
#   {
#     "hop": 5,
#     "ip": "72.14.215.85",
#     "hostname": "google-router.net",
#     "latency_ms": 12.5,
#     "location": {
#       "city": "Mountain View",
#       "country": "US",
#       "lat": 37.3861,
#       "lon": -122.0839
#     },
#     "asn": 15169,
#     "org": "Google LLC"
#   }
globaldetect trace analyze

Analyze traceroute results for anomalies and security issues.

# Analyze for routing anomalies
globaldetect trace analyze example.com

# Detects:
#   - Country bouncing (US → RU → US suspicious routing)
#   - Latency spikes (>100ms between hops)
#   - AS path anomalies
#   - Potential BGP hijacking indicators
#   - Unexpected geographic routing

# Compare paths over time
globaldetect trace analyze example.com --historical --days 7

# Alert on routing changes
globaldetect trace analyze example.com --alert-on-change
globaldetect trace compare

Compare traceroutes from multiple sources to detect path diversity.

# Compare paths from different regions
globaldetect trace compare example.com --sources "US-WEST,US-EAST,EU-WEST,APAC"

# Output shows path diversity:
#   Path Diversity Analysis for example.com
#   ═══════════════════════════════════════
#
#   Common ASes (all paths): AS13335, AS3356
#   Unique to US-WEST: AS6939
#   Unique to EU-WEST: AS1299
#
#   Latency Range: 45ms - 180ms
#   Hop Count Range: 11 - 16
#
#   Recommendations:
#   - Consider peering in APAC for reduced latency
#   - Path diversity is healthy (4 unique ingress points)

Available Cloudflare Edge Locations

North America (50+)

  • San Jose (SJC)
  • Los Angeles (LAX)
  • Dallas (DFW)
  • Chicago (ORD)
  • New York (EWR)
  • Miami (MIA)
  • Toronto (YYZ)

Europe (40+)

  • London (LHR)
  • Frankfurt (FRA)
  • Amsterdam (AMS)
  • Paris (CDG)
  • Stockholm (ARN)
  • Warsaw (WAW)
  • Madrid (MAD)

Asia Pacific (60+)

  • Tokyo (NRT)
  • Singapore (SIN)
  • Hong Kong (HKG)
  • Sydney (SYD)
  • Mumbai (BOM)
  • Seoul (ICN)
  • Melbourne (MEL)

Other Regions (50+)

  • Sao Paulo (GRU)
  • Johannesburg (JNB)
  • Dubai (DXB)
  • Tel Aviv (TLV)
  • Buenos Aires (EZE)
  • Lagos (LOS)
  • Cairo (CAI)

Use Case: Investigating Geographic Routing Issues

# A European user reports slow access to your US-hosted service
# Investigate from multiple European vantage points

globaldetect trace global api.yourservice.com --sources "EU"

# Analyze the paths for issues
globaldetect trace analyze api.yourservice.com --focus latency

# Compare EU vs US perspective
globaldetect trace compare api.yourservice.com --sources "EU-WEST,US-EAST"

# If you find traffic routing through unexpected locations:
globaldetect trace analyze api.yourservice.com --detect-anomalies

DHCP Troubleshooting NEW

DHCP client operations for network troubleshooting. Debug relay agent issues (Option 82), test PXE boot configurations, and discover rogue DHCP servers.

Root Required

DHCP operations require root privileges or CAP_NET_RAW capability.

globaldetect dhcp discover

Send DHCPDISCOVER and show available DHCP servers.

# Basic discovery
sudo globaldetect dhcp discover

# Verbose output for troubleshooting
sudo globaldetect dhcp discover -v

# Discovery on specific interface
sudo globaldetect dhcp discover -i eth0

# PXE boot discovery
sudo globaldetect dhcp discover -v --pxe

# UEFI PXE discovery
sudo globaldetect dhcp discover -v --pxe --pxe-arch 7
globaldetect dhcp obtain

Obtain a full DHCP lease (DORA process).

# Full DORA handshake with verbose output
sudo globaldetect dhcp obtain -v

# On specific interface
sudo globaldetect dhcp obtain -i eth0 -v

# Test PXE boot configuration (UEFI)
sudo globaldetect dhcp obtain -v --pxe --pxe-arch 7

# With custom hostname
sudo globaldetect dhcp obtain -v -h myhost

# Override MAC address
sudo globaldetect dhcp obtain -v -m aa:bb:cc:dd:ee:ff
globaldetect dhcp release

Release a DHCP lease.

# Release a lease
sudo globaldetect dhcp release --ip 192.168.1.100 --server 192.168.1.1

# With specific MAC
sudo globaldetect dhcp release --ip 192.168.1.100 --server 192.168.1.1 -m aa:bb:cc:dd:ee:ff
globaldetect dhcp inform

Send DHCPINFORM to get configuration without requesting IP.

# Get config options for static IP
sudo globaldetect dhcp inform --ip 192.168.1.100 -v

# Get PXE boot configuration
sudo globaldetect dhcp inform --ip 192.168.1.100 --pxe -v
globaldetect dhcp servers

Discover all DHCP servers (detect rogues).

# Find all DHCP servers on network
sudo globaldetect dhcp servers -v

# Extended timeout for slow networks
sudo globaldetect dhcp servers -t 15

# JSON output
sudo globaldetect dhcp servers --json-output

Use Case: PXE Boot Troubleshooting

# Test PXE boot configuration for UEFI clients
sudo globaldetect dhcp obtain -v --pxe --pxe-arch 7

# Check what TFTP server and bootfile are offered
# Output includes:
#   Next Server (siaddr): 192.168.1.10
#   TFTP Server: 192.168.1.10
#   Boot File: efi/boot/grubx64.efi

# Test relay agent (Option 82) visibility
sudo globaldetect dhcp discover -v -i eth0
# Shows Circuit ID and Remote ID if present

Packet Crafting & Protocol Testing NEW

User-friendly network protocol testing with pre-built templates. Uses scapy when available for advanced packet crafting.

globaldetect packet protocols

List available protocol templates.

# Show all supported protocols
globaldetect packet protocols

# Shows availability, root requirements, and default ports
globaldetect packet ntp

Test NTP servers and measure time synchronization.

# Query specific NTP server
globaldetect packet ntp time.google.com

# Query pool.ntp.org
globaldetect packet ntp --pool pool

# Query all known NTP pools
globaldetect packet ntp --all-pools

# Multiple queries for statistics
globaldetect packet ntp pool.ntp.org -c 5 -v

# Output includes:
#   Server Time, Stratum, Reference ID
#   Clock Offset, Round Trip Delay
#   Response Time
globaldetect packet ping

ICMP ping with TCP fallback.

# Basic ping
globaldetect packet ping example.com

# Custom count and timeout
globaldetect packet ping example.com -c 10 -t 1

# JSON output
globaldetect packet ping example.com --json-output
globaldetect packet tcp

TCP connection test with banner grabbing.

# Test SSH
globaldetect packet tcp example.com 22

# Test HTTPS with verbose
globaldetect packet tcp example.com 443 -v

# Custom timeout
globaldetect packet tcp example.com 80 -t 10
globaldetect packet syn-scan

TCP SYN scan (half-open) - requires scapy and root.

# Scan specific ports
sudo globaldetect packet syn-scan example.com 22,80,443

# Scan port range
sudo globaldetect packet syn-scan example.com 1-100

# Custom timeout
sudo globaldetect packet syn-scan example.com 1-1000 -t 1
globaldetect packet arp-scan

ARP scan for local host discovery - requires scapy and root.

# Scan local subnet
sudo globaldetect packet arp-scan 192.168.1.0/24

# Scan smaller range
sudo globaldetect packet arp-scan 10.0.0.1-10

# Custom timeout
sudo globaldetect packet arp-scan 192.168.1.0/24 -t 5

Netcat Network Utility NEW

Versatile networking tool for TCP/UDP connections, listening, and port scanning with optional TLS encryption.

globaldetect nc connect

Connect to a remote host.

# Simple connection
globaldetect nc connect example.com 80

# Connect with TLS
globaldetect nc connect example.com 443 --tls yes

# Test connection only (zero-I/O mode)
globaldetect nc connect example.com 22 -z

# UDP connection
globaldetect nc connect example.com 53 --udp

# With verbose and hex dump
globaldetect nc connect example.com 443 --tls yes -v -x

# Custom source address
globaldetect nc connect example.com 80 -s 192.168.1.100 -p 12345

# Skip TLS verification
globaldetect nc connect example.com 443 --tls yes --no-verify
globaldetect nc listen

Listen for incoming connections.

# Listen on a port
globaldetect nc listen 8080

# Listen with TLS
globaldetect nc listen 8443 --tls yes --ssl-cert cert.pem --ssl-key key.pem

# Keep listening after disconnect
globaldetect nc listen 8080 -k

# UDP listener
globaldetect nc listen 5353 --udp

# Bind to specific address
globaldetect nc listen 8080 -s 127.0.0.1
globaldetect nc scan

Port scanning utility.

# Scan common ports (top 100)
globaldetect nc scan example.com common

# Scan port range
globaldetect nc scan example.com 1-1000

# Scan specific ports
globaldetect nc scan example.com 22,80,443,8080

# Verbose output
globaldetect nc scan example.com 1-100 -v

# JSON output
globaldetect nc scan example.com common --json-output

Use Case: Quick Service Testing

# Test if web server responds
globaldetect nc connect web.example.com 443 --tls yes -z

# Test mail server
globaldetect nc connect mail.example.com 25 -z

# Grab SSH banner
globaldetect nc connect server.example.com 22 -v

# Test database connectivity
globaldetect nc connect db.example.com 5432 -z

Reconnaissance & Security

Security-focused reconnaissance tools for authorized testing and assessment.

globaldetect recon scan

Port scanning with service detection for authorized targets.

# Scan common ports
globaldetect recon scan target.example.com

# Scan specific port range
globaldetect recon scan target.example.com --ports 1-1024

# Scan with service version detection
globaldetect recon scan target.example.com --service-detection

# Quick scan (top 100 ports)
globaldetect recon scan target.example.com --quick
globaldetect recon ssl

SSL/TLS certificate analysis with security grading.

# Analyze SSL certificate
globaldetect recon ssl example.com

# Output includes:
#   Subject: *.example.com
#   Issuer: Let's Encrypt
#   Valid From: 2024-01-01
#   Valid Until: 2024-04-01
#   Days Until Expiry: 45
#   Grade: A+
#   Protocols: TLSv1.2, TLSv1.3
#   Cipher Suites: (listed)
#   HSTS: Enabled
#   Certificate Chain: Valid

# Check multiple domains
for domain in example.com api.example.com mail.example.com; do
    globaldetect recon ssl $domain
done
globaldetect recon profile

Comprehensive target profiling combining multiple reconnaissance methods.

# Full target profile
globaldetect recon profile example.com

# Combines:
#   - DNS records (A, AAAA, MX, TXT, CAA)
#   - WHOIS information
#   - SSL certificate analysis
#   - Open ports
#   - HTTP headers
#   - Technology detection

Authorization Required

Only use reconnaissance tools against systems you own or have explicit written authorization to test. Unauthorized scanning may violate laws and terms of service.

RBL/Blacklist Checking

Check IP addresses against 50+ Real-time Blackhole Lists to detect spam, malware, and abuse listings.

globaldetect rbl check

Check a single IP against all configured RBL providers.

# Check IP against all RBLs
globaldetect rbl check 192.0.2.1

# Output:
#   Checking 192.0.2.1 against 50+ RBL providers...
#
#   LISTED:
#     - Spamhaus ZEN: Listed (SBL)
#     - Barracuda: Listed
#
#   CLEAN:
#     - SpamCop: Not Listed
#     - SORBS: Not Listed
#     - UCEProtect L1: Not Listed
#     ... (48 more providers)
#
#   Summary: 2 listings found
globaldetect rbl batch

Check multiple IPs in batch mode - perfect for auditing IP space.

# Check multiple IPs
globaldetect rbl batch 192.0.2.1 192.0.2.2 192.0.2.3

# Check from file
globaldetect rbl batch --file mail-servers.txt

# Export results to CSV
globaldetect rbl batch --file ips.txt --output results.csv
globaldetect rbl list

View all supported RBL providers.

# List all RBL providers
globaldetect rbl list

# Providers include:
#   - Spamhaus (SBL, XBL, PBL, ZEN)
#   - Barracuda Central
#   - SpamCop
#   - SORBS (various lists)
#   - UCEProtect (L1, L2, L3)
#   - SURBL
#   - URIBL
#   - And 40+ more...

Use Case: Mail Server IP Audit

# Audit all mail server IPs before sending campaigns
echo "192.0.2.10
192.0.2.11
192.0.2.12" > mail-ips.txt

globaldetect rbl batch --file mail-ips.txt --output audit-results.csv

# Check your sending reputation
globaldetect rbl check $(dig +short yourmailserver.com A)

Dark Web Intelligence

Identify IP addresses associated with Tor exit nodes and dark web infrastructure.

globaldetect darkweb tor

Check if an IP is a known Tor exit node.

# Check for Tor exit node
globaldetect darkweb tor 185.220.101.1

# Output:
#   IP: 185.220.101.1
#   Tor Exit Node: YES
#   First Seen: 2023-06-15
#   Exit Policy: Accepts all ports
globaldetect darkweb check

Comprehensive dark web association check.

# Full dark web check
globaldetect darkweb check 192.0.2.1

# Checks:
#   - Tor exit node database
#   - Known proxy/VPN endpoints
#   - Bulletproof hosting ranges
#   - Historic abuse reports
globaldetect darkweb batch

Batch checking for multiple IPs.

# Check firewall logs for Tor nodes
globaldetect darkweb batch --file suspicious-ips.txt

Use Case: Security Monitoring

# Integrate with your SIEM - check source IPs from auth failures
cat /var/log/auth.log | grep "Failed password" | \
    awk '{print $NF}' | sort -u > failed-ips.txt

globaldetect darkweb batch --file failed-ips.txt
globaldetect rbl batch --file failed-ips.txt

Have I Been Pwned Integration NEW

Check emails and passwords against the Have I Been Pwned breach database. Uses k-Anonymity for password checks to protect your credentials.

globaldetect hibp email

Check if an email has been involved in data breaches.

# Check single email
globaldetect hibp email user@example.com

# Verbose output with breach details
globaldetect hibp email user@example.com -v

# Check multiple emails from file
globaldetect hibp email --file emails.txt

# JSON output
globaldetect hibp email user@example.com --json-output
globaldetect hibp password

Check if a password has been exposed in breaches (uses k-Anonymity).

# Check password (prompts for input)
globaldetect hibp password

# Check passwords from file
globaldetect hibp password --file passwords.txt

# Output shows exposure count
# "This password has been seen 12,458 times in breaches"

Privacy Protected

Password checks use k-Anonymity - only the first 5 characters of the SHA-1 hash are sent to the API. Your actual password never leaves your machine. The response contains all hashes matching that prefix, and the check is done locally.

globaldetect hibp domain

Search for breaches affecting a domain (requires API key).

# Search domain breaches
globaldetect hibp domain example.com

# List all breached emails for domain
globaldetect hibp domain example.com --list-emails
globaldetect hibp breaches

Query the breach database.

# List all known breaches
globaldetect hibp breaches

# Get details about specific breach
globaldetect hibp breach "LinkedIn"

# Search breaches by criteria
globaldetect hibp breaches --domain linkedin.com

Use Case: Corporate Security Audit

# Export employee emails
cat /etc/aliases | awk '{print $2}' > employee-emails.txt

# Check all for breaches
globaldetect hibp email --file employee-emails.txt --output breach-report.csv

# Identify compromised accounts for password reset

Firewall Rule Analysis NEW

Parse and analyze firewall rules from multiple platforms including iptables, ipfilter, CheckPoint, and pf.

globaldetect firewall parse

Parse firewall rules from various formats.

# Parse iptables rules
globaldetect firewall parse --format iptables rules.txt

# Parse pf rules
globaldetect firewall parse --format pf /etc/pf.conf

# Parse CheckPoint rules
globaldetect firewall parse --format checkpoint policy.txt

# Parse ipfilter rules
globaldetect firewall parse --format ipfilter rules.conf

# JSON output
globaldetect firewall parse --format iptables rules.txt --json-output
globaldetect firewall analyze

Analyze rules for security issues.

# Find overly permissive rules
globaldetect firewall analyze rules.txt --check permissive

# Find shadowed rules (rules that never match)
globaldetect firewall analyze rules.txt --check shadows

# Find duplicate rules
globaldetect firewall analyze rules.txt --check duplicates

# Full security audit
globaldetect firewall audit rules.txt
globaldetect firewall convert

Convert between firewall formats.

# Convert iptables to pf
globaldetect firewall convert --from iptables --to pf rules.txt

# Convert to JSON for processing
globaldetect firewall parse --format iptables rules.txt --json-output

# Convert checkpoint to iptables
globaldetect firewall convert --from checkpoint --to iptables policy.txt
globaldetect firewall test

Test if traffic would be allowed or denied.

# Test specific traffic
globaldetect firewall test rules.txt \
    --src 192.168.1.100 \
    --dst 10.0.0.1 \
    --dport 443 \
    --proto tcp

# Test from file of traffic patterns
globaldetect firewall test rules.txt --traffic-file flows.csv

# Output shows which rule matches and action

Use Case: Firewall Migration

# Export current iptables rules
iptables-save > current-rules.txt

# Analyze for issues before migration
globaldetect firewall analyze current-rules.txt

# Convert to pf for BSD migration
globaldetect firewall convert --from iptables --to pf current-rules.txt > pf.conf

# Verify the conversion
globaldetect firewall test pf.conf --traffic-file test-flows.csv

Network Discovery (CDP/LLDP)

Discover network neighbors using Layer 2 discovery protocols. Essential for network documentation and troubleshooting.

globaldetect neighbors discover

Automatically detect neighbors using both CDP and LLDP.

# Discover all neighbors (requires root)
sudo globaldetect neighbors discover

# Output:
#   Interface: eth0
#   Neighbors found:
#     - switch01.dc1 (Cisco Nexus 9000)
#       Port: Ethernet1/15
#       VLAN: 100
#       IP: 10.0.1.1
#     - switch02.dc1 (Arista DCS-7050)
#       Port: Et49
#       IP: 10.0.1.2
globaldetect neighbors cdp

Listen specifically for Cisco Discovery Protocol packets.

# Listen for CDP on specific interface
sudo globaldetect neighbors cdp --interface eth0

# Listen for specified duration
sudo globaldetect neighbors cdp --interface eth0 --timeout 60
globaldetect neighbors lldp

Listen for Link Layer Discovery Protocol packets.

# Listen for LLDP
sudo globaldetect neighbors lldp --interface eth0

# Captures:
#   - System name and description
#   - Port ID and description
#   - Management addresses
#   - System capabilities
#   - VLAN information
globaldetect neighbors interfaces

List all network interfaces available for discovery.

# List interfaces
globaldetect neighbors interfaces

# Output:
#   eth0: 10.0.1.100/24 (UP)
#   eth1: 192.168.1.100/24 (UP)
#   mgmt0: 172.16.0.10/24 (UP)

Packet Capture & Analysis

Capture and analyze network traffic with specialized filters for common protocols and Layer 2/3 issues.

globaldetect cap capture

Capture traffic with protocol-specific filters.

# Capture DNS traffic
sudo globaldetect cap capture --filter dns --interface eth0

# Capture SMTP traffic for mail debugging
sudo globaldetect cap capture --filter smtp --interface eth0

# Capture SSL/TLS handshakes
sudo globaldetect cap capture --filter ssl --interface eth0

# Capture BGP sessions
sudo globaldetect cap capture --filter bgp --interface eth0

# Save to PCAP file
sudo globaldetect cap capture --filter dns --output dns-traffic.pcap
globaldetect cap analyze

Analyze PCAP files for Layer 2/3 issues and anomalies.

# Analyze captured traffic
globaldetect cap analyze traffic.pcap

# Detects:
#   - Broadcast storms
#   - ARP anomalies (spoofing, floods)
#   - STP issues (topology changes, root changes)
#   - TCP retransmissions and resets
#   - DNS failures and timeouts
#   - SSL/TLS handshake failures
#   - Duplicate IP addresses
globaldetect cap live

Real-time packet monitoring with filtering.

# Live monitoring
sudo globaldetect cap live --interface eth0

# With BPF filter
sudo globaldetect cap live --interface eth0 --bpf "port 53 or port 80"
globaldetect cap protocols

List available protocol filters.

# Show available filters
globaldetect cap protocols

# Available:
#   dns   - DNS queries and responses
#   smtp  - SMTP mail traffic
#   ssl   - SSL/TLS handshakes
#   bgp   - BGP session traffic
#   icmp  - ICMP/ping traffic
#   arp   - ARP requests/replies
#   dhcp  - DHCP traffic
#   ntp   - NTP traffic

Use Case: Troubleshooting Network Issues

# Capture traffic during issue window
sudo globaldetect cap capture --interface eth0 --duration 300 \
    --output issue-capture.pcap

# Analyze for common problems
globaldetect cap analyze issue-capture.pcap

# Look for specific issues
globaldetect cap analyze issue-capture.pcap --focus arp
globaldetect cap analyze issue-capture.pcap --focus tcp-issues

Device Configuration Backup NEW

Automated backup of network device configurations with support for Cisco, Juniper, Fortinet, Palo Alto, Arista, and more.

Supported Platforms

Cisco

  • IOS / IOS-XE
  • IOS-XR
  • NX-OS
  • ASA

Juniper

  • Junos (SRX, EX)
  • QFX Series
  • MX Series

Security

  • Fortinet FortiOS
  • Palo Alto PAN-OS
  • CheckPoint

Other

  • Arista EOS
  • Linux/Unix
  • Generic SSH
globaldetect backup device

Backup a single device configuration.

# Backup a Cisco IOS device
globaldetect backup device router1.example.com --platform cisco_ios

# Backup with specific credentials
globaldetect backup device router1.example.com --platform cisco_ios \
    --username admin --password secret

# Backup to specific directory
globaldetect backup device router1.example.com --platform junos \
    --output /backups/network/

# Backup with SSH key
globaldetect backup device fw1.example.com --platform palo_alto \
    --key ~/.ssh/network_key
globaldetect backup inventory

Backup multiple devices from inventory file.

# Backup all devices in inventory
globaldetect backup inventory inventory.yaml

# Parallel backups for speed
globaldetect backup inventory inventory.yaml --parallel 10

# Filter by group
globaldetect backup inventory inventory.yaml --group core-routers

# Quiet mode for cron
globaldetect backup inventory inventory.yaml --quiet

Inventory File Format

# inventory.yaml
devices:
  - hostname: router1.example.com
    platform: cisco_ios
    groups: [core-routers]

  - hostname: fw1.example.com
    platform: palo_alto
    groups: [firewalls]

  - hostname: switch1.example.com
    platform: arista_eos
    groups: [switches]

credentials:
  default:
    username: ${BACKUP_USER}
    password: ${BACKUP_PASS}
globaldetect backup diff

Compare configuration backups.

# Compare two backups
globaldetect backup diff router1-2024-01-01.txt router1-2024-01-15.txt

# Show changes for device over time
globaldetect backup history router1.example.com

# Find configuration drift
globaldetect backup diff --baseline golden-config.txt --current latest.txt

Use Case: Automated Daily Backups

# Crontab entry for daily backups at 2 AM
0 2 * * * globaldetect backup inventory /etc/globaldetect/inventory.yaml --quiet

# With rotation - keep 30 days
0 2 * * * globaldetect backup inventory /etc/globaldetect/inventory.yaml \
    --output /backups/network/$(date +\%Y-\%m-\%d)/ --quiet

# Clean up old backups
find /backups/network/ -mtime +30 -type d -exec rm -rf {} \;

Secrets Management NEW

Secure credential storage with support for SQLite, PostgreSQL, and Confidant backends. Includes user management, SSH key handling, and MFA support.

globaldetect secrets secret

Manage secrets (credentials, API keys, etc.).

# Add a secret (prompts for value)
globaldetect secrets secret add --name "db-password" --type database

# Add with value
globaldetect secrets secret add --name "api-key" --value "sk-xxx" --type api_key

# Add with tags and owner
globaldetect secrets secret add --name "prod-db" --type database \
    --owner jsmith --tag production --tag database

# List all secrets
globaldetect secrets secret list

# Filter by type
globaldetect secrets secret list --type api_key

# Get secret (value hidden by default)
globaldetect secrets secret get db-password

# Show secret value
globaldetect secrets secret get db-password --show-value

# Delete secret
globaldetect secrets secret delete secret-id -y
globaldetect secrets user

Manage users with Unix account integration.

# Add a user
globaldetect secrets user add --username jsmith --email jsmith@example.com \
    --full-name "John Smith" --uid 1001 --gid 1001

# Add user with groups
globaldetect secrets user add --username ops1 -g wheel -g docker -g netops

# List users
globaldetect secrets user list

# Filter by group
globaldetect secrets user list --group netops

# Set user password
globaldetect secrets user set-password jsmith

# Add SSH key to user
globaldetect secrets user add-ssh-key jsmith --key-file ~/.ssh/id_ed25519.pub

# Generate new SSH keypair for user
globaldetect secrets user add-ssh-key jsmith --generate --key-type ed25519

# Link user to AWS ARN
globaldetect secrets user link-arn jsmith arn:aws:iam::123456789:user/jsmith
globaldetect secrets mfa

Multi-factor authentication management.

# Set up TOTP for user
globaldetect secrets mfa setup-totp jsmith

# Output includes:
#   Secret key for authenticator app
#   Provisioning URI for QR code
#   Verification prompt

# Verify a TOTP code
globaldetect secrets mfa verify-totp SECRET123 123456
globaldetect secrets passwd

Generate Unix password files.

# Generate passwd/shadow/group files
globaldetect secrets passwd generate --output /etc/globaldetect/

# Generate for specific group only
globaldetect secrets passwd generate --group admins --output /tmp/

# Export authorized_keys for all users
globaldetect secrets passwd export-keys --output /home/

# Generate individual file types
globaldetect secrets passwd generate --format passwd --output /etc/
globaldetect secrets passwd generate --format shadow --output /etc/
globaldetect secrets config

Backend configuration.

# Show current configuration
globaldetect secrets config --show

# Configure via environment
export GLOBALDETECT_SECRETS_BACKEND=postgresql
export GLOBALDETECT_DB_URL="postgresql://user:pass@localhost/secrets"

# Or use Confidant
export GLOBALDETECT_SECRETS_BACKEND=confidant
export GLOBALDETECT_CONFIDANT_URL=https://confidant.example.com

Data Center & Facility Management NEW

Query and manage global data center information from PeeringDB, including facilities, networks, carriers, and Internet Exchanges.

globaldetect facility sync

Sync data from PeeringDB.

# Full sync from PeeringDB
globaldetect facility sync --full

# Incremental sync (for cron jobs)
globaldetect facility sync --quiet

# Sync facilities only (faster)
globaldetect facility sync --facilities-only

# View sync history
globaldetect facility sync-history
globaldetect facility search

Search facilities with tier classification.

# Search by location
globaldetect facility search --city Ashburn
globaldetect facility search --country US --state Virginia

# Search by owner
globaldetect facility search --owner Equinix

# Search Tier 1 facilities (100+ networks)
globaldetect facility search --country US --tier 1

# Search by region
globaldetect facility search --region EU --tier 1
globaldetect facility search --region APAC --min-networks 50

# Available regions: NA, SA, EU, APAC, MEA

# Search by codes
globaldetect facility search --clli DLLSTX
globaldetect facility search --site-code DC1

# Sort options
globaldetect facility search --country US --sort networks

Facility Tier Classification

Tier Networks Description
1 100+ Major global hubs (Equinix Ashburn, etc.)
2 30-99 Significant regional facilities
3 10-29 Smaller regional/metro facilities
4 <10 Local/edge facilities
globaldetect facility info

Get detailed facility information.

# Get facility details by PeeringDB ID
globaldetect facility info 1234

# Output includes:
#   Location, owner, contact info
#   CLLI code, site code
#   Networks present
#   Carriers present
#   Internet Exchanges

# Live query from PeeringDB API
globaldetect facility live 1234
globaldetect facility networks

Search networks in PeeringDB.

# Search by name
globaldetect facility networks --name Cloudflare

# Search by ASN
globaldetect facility networks --asn 13335

# Filter by type (NSP, ISP, Content, etc.)
globaldetect facility networks --type Content
globaldetect facility carriers / exchanges

Search carriers and Internet Exchanges.

# Search carriers
globaldetect facility carriers --name Zayo

# Search Internet Exchanges
globaldetect facility exchanges --country US
globaldetect facility exchanges --name DE-CIX
globaldetect facility stats

Show database statistics.

# Show database statistics
globaldetect facility stats

# Output:
#   Total facilities, networks, carriers, exchanges
#   Top countries by facility count
#   Last sync timestamp

Use Case: Peering Location Research

# Find Tier 1 facilities in North America
globaldetect facility search --region NA --tier 1

# See which networks are at Equinix Ashburn
globaldetect facility info 123

# Find where Cloudflare has presence
globaldetect facility networks --asn 13335

# Find Internet Exchanges in Europe
globaldetect facility exchanges --region EU

HTTP Testing & Benchmarking

Complete HTTP testing toolkit for API validation, security header inspection, and load testing.

globaldetect http request

Full-featured HTTP client for custom requests.

# GET request with headers
globaldetect http request https://api.example.com/status \
    --header "Authorization: Bearer TOKEN"

# POST with JSON body
globaldetect http request https://api.example.com/data \
    --method POST \
    --header "Content-Type: application/json" \
    --body '{"key": "value"}'

# Follow redirects and show full response
globaldetect http request https://example.com --follow --verbose
globaldetect http get / post

Convenient shortcuts for GET and POST requests.

# Quick GET
globaldetect http get https://api.example.com/users

# Quick POST
globaldetect http post https://api.example.com/users \
    --data '{"name": "test"}'
globaldetect http validate

Validate endpoint responses against expected values.

# Validate status code and body
globaldetect http validate https://api.example.com/health \
    --expect-status 200 \
    --expect-body "ok"

# Validate JSON response
globaldetect http validate https://api.example.com/status \
    --expect-json '{"status": "healthy"}'
globaldetect http bench

HTTP load testing and benchmarking.

# Basic load test
globaldetect http bench https://api.example.com/endpoint \
    --requests 1000 \
    --concurrency 10

# Output:
#   Total Requests: 1000
#   Successful: 998
#   Failed: 2
#   Avg Latency: 45ms
#   P95 Latency: 120ms
#   P99 Latency: 250ms
#   Requests/sec: 150
globaldetect http headers

Inspect and analyze security headers.

# Analyze security headers
globaldetect http headers https://example.com

# Output:
#   Security Headers Analysis:
#
#   Strict-Transport-Security: max-age=31536000
#   Content-Security-Policy: default-src 'self'
#   X-Frame-Options: DENY
#   X-Content-Type-Options: nosniff
#   X-XSS-Protection: 1; mode=block
#   Referrer-Policy: strict-origin-when-cross-origin
#
#   Grade: A
#   Missing: Permissions-Policy

Network Inventory Management

Complete network inventory system for tracking systems, switches, interfaces, and physical locations at enterprise scale.

Catalog Discovery

globaldetect catalog

Discover and catalog network devices.

# Scan subnet and auto-catalog discovered systems
globaldetect catalog scan 10.0.1.0/24

# Discover local system and add to inventory
globaldetect catalog local

# Import from file
globaldetect catalog import --file inventory.csv

System Management

globaldetect system

Manage system inventory with full lifecycle tracking.

# Add a new system
globaldetect system add \
    --hostname web01.dc1 \
    --type server \
    --os "Ubuntu 22.04" \
    --location dc1-rack15-u20

# Add with multiple interfaces
globaldetect system add \
    --hostname db01.dc1 \
    --interface eth0:10.0.1.50:primary \
    --interface eth1:10.0.2.50:storage \
    --interface mgmt0:172.16.0.50:management

# List all systems
globaldetect system list

# Show system details
globaldetect system show web01.dc1

# Update system
globaldetect system update web01.dc1 --status maintenance

# Search by hostname or IP
globaldetect system search "web*"
globaldetect system search --ip 10.0.1.50

# Delete system
globaldetect system delete web01.dc1

Interface Roles

Track interface roles: primary, management, storage, backup, cluster

Switch Management

globaldetect switch

Manage switch inventory and port connections.

# Add switch
globaldetect switch add \
    --hostname sw01.dc1 \
    --model "Cisco Nexus 9336C-FX2" \
    --ports 36 \
    --location dc1-rack01-u40

# List switches
globaldetect switch list

# Show switch with connected systems
globaldetect switch show sw01.dc1

# Track port connectivity
globaldetect switch connect sw01.dc1 --port Et1/15 --system web01.dc1

Location Management

globaldetect location

Manage physical locations - datacenters, racks, and positions.

# Add datacenter
globaldetect location add \
    --name dc1 \
    --type datacenter \
    --city "New York" \
    --country US

# Add rack
globaldetect location add \
    --name dc1-rack15 \
    --type rack \
    --parent dc1 \
    --units 42

# List locations
globaldetect location list

# Show location with equipment
globaldetect location show dc1-rack15

Database Management

globaldetect db

Manage the inventory database.

# Initialize database schema
globaldetect db init

# Show database statistics
globaldetect db stats

# Output:
#   Database: inventory.db (SQLite)
#   Systems: 1,547
#   Switches: 89
#   Locations: 12
#   Interfaces: 4,892

# Using PostgreSQL
export GLOBALDETECT_DB="postgresql://user:pass@localhost/inventory"
globaldetect db init

Use Case: Data Center Inventory

# Set up inventory structure
globaldetect location add --name dc1 --type datacenter --city "New York"
globaldetect location add --name dc1-rack01 --type rack --parent dc1

# Add network equipment
globaldetect switch add --hostname spine01 --model "Arista 7280" \
    --location dc1-rack01-u40

# Add servers
for i in {1..10}; do
    globaldetect system add \
        --hostname "web${i}.dc1" \
        --interface "eth0:10.0.1.${i}:primary" \
        --location "dc1-rack01-u${i}"
done

# Generate inventory report
globaldetect system list --format csv > inventory.csv

Agent Mode & Inventory Server

Deploy agents across your infrastructure for centralized inventory management and real-time monitoring.

Agent Mode

globaldetect agent

Run as an agent that reports to a central inventory server.

# Run agent daemon
globaldetect agent run \
    --server https://inventory.example.com \
    --api-key YOUR_API_KEY \
    --interval 300

# Preview what would be reported
globaldetect agent info

# Generate agent configuration
globaldetect agent config > /etc/globaldetect/agent.yaml

Inventory Server

globaldetect server

Run the central inventory server that receives agent check-ins.

# Start inventory server
globaldetect server run --port 8443 --ssl

# Generate API key for agents
globaldetect server generate-key --name "dc1-agents"

# Server features:
#   - REST API for agent check-ins
#   - Automatic inventory updates
#   - Change detection and alerting
#   - Historical tracking

Use Case: Enterprise Deployment

# On inventory server
globaldetect server run --port 8443

# Generate keys for each datacenter
globaldetect server generate-key --name dc1-agents > dc1-key.txt
globaldetect server generate-key --name dc2-agents > dc2-key.txt

# Deploy agent on each server (via Ansible, Puppet, etc.)
# /etc/systemd/system/globaldetect-agent.service

# Agents auto-register and report:
#   - System information
#   - Network interfaces
#   - Running services
#   - Hardware details
#   - Installed packages

External Services Integration

Full CLI access to leading threat intelligence, geolocation, and network analysis platforms.

DNS Science Platform Full Access

Complete CLI access to the DNS Science.io platform - the same intelligence powering the web interface.

globaldetect dnsscience

Full DNS Science platform integration.

# Domain threat intelligence
globaldetect dnsscience threat example.com
# Returns: Risk score, threat categories, malware associations

# Domain reputation and history
globaldetect dnsscience reputation example.com
# Returns: Reputation score, historical incidents, trust indicators

# Passive DNS lookups
globaldetect dnsscience pdns example.com
# Returns: Historical DNS records, first/last seen dates, IP history

# Reverse DNS intelligence
globaldetect dnsscience reverse 8.8.8.8
# Returns: All domains historically pointing to this IP

# WHOIS enrichment
globaldetect dnsscience whois example.com
# Returns: Registrar, dates, registrant (where available), related domains

# SSL certificate intelligence
globaldetect dnsscience ssl example.com
# Returns: Cert history, issuers, SAN entries, expiry tracking

# Subdomain enumeration
globaldetect dnsscience subdomains example.com
# Returns: Discovered subdomains from passive sources

# DNS record history
globaldetect dnsscience history example.com --type A
# Returns: All historical A records with timestamps

# Email security analysis
globaldetect dnsscience email example.com
# Returns: SPF, DKIM, DMARC analysis and recommendations

# Full domain profile
globaldetect dnsscience profile example.com --full
# Returns: Combined threat, reputation, DNS, SSL, email analysis
globaldetect dnsscience monitor

Domain monitoring and alerting.

# Add domain to monitoring
globaldetect dnsscience monitor add example.com

# Monitor with specific alerts
globaldetect dnsscience monitor add example.com \
    --alert-dns-change \
    --alert-ssl-expiry \
    --alert-reputation-drop

# List monitored domains
globaldetect dnsscience monitor list

# Check monitoring status
globaldetect dnsscience monitor status example.com

# Get recent alerts
globaldetect dnsscience monitor alerts --days 7

Cloudflare API Full Access

Complete Cloudflare API integration including Radar threat intelligence and network diagnostics.

globaldetect cloudflare radar

Cloudflare Radar threat and traffic intelligence.

# IP threat intelligence
globaldetect cloudflare radar ip 192.0.2.1
# Returns: Threat score, attack types, geographic data

# Domain threat analysis
globaldetect cloudflare radar domain suspicious-site.com
# Returns: Threat categories, malware families, phishing indicators

# ASN intelligence
globaldetect cloudflare radar asn 13335
# Returns: AS ranking, traffic share, attack involvement

# Global attack trends
globaldetect cloudflare radar attacks --period 24h
# Returns: DDoS trends, attack vectors, geographic distribution

# Internet outages
globaldetect cloudflare radar outages
# Returns: Current and recent Internet disruptions worldwide

# Traffic trends by country
globaldetect cloudflare radar traffic --country US --period 7d

# BGP route analysis
globaldetect cloudflare radar bgp --prefix 8.8.8.0/24
# Returns: BGP announcements, path changes, potential hijacks
globaldetect cloudflare diag

Network diagnostics using Cloudflare's global edge network.

# Global traceroute (200+ locations)
globaldetect cloudflare diag traceroute example.com

# Traceroute from specific location
globaldetect cloudflare diag traceroute example.com --from LHR

# DNS resolution from edge
globaldetect cloudflare diag dns example.com --type A

# Connectivity check from multiple edges
globaldetect cloudflare diag connectivity example.com --locations "SJC,LHR,NRT"

# Latency measurement from all regions
globaldetect cloudflare diag latency example.com
globaldetect cloudflare dns

Cloudflare DNS (1.1.1.1) integration.

# DNS over HTTPS query
globaldetect cloudflare dns query example.com A

# Query with DNSSEC validation
globaldetect cloudflare dns query example.com A --dnssec

# Bulk DNS resolution
globaldetect cloudflare dns bulk --file domains.txt --type A

# DNS timing analysis
globaldetect cloudflare dns timing example.com

IPInfo.io Full Access

Enterprise IP intelligence with full geolocation, ASN, company, and privacy detection.

globaldetect ipinfo

Comprehensive IP intelligence.

# Full IP details
globaldetect ipinfo lookup 8.8.8.8
# Returns:
#   IP: 8.8.8.8
#   Hostname: dns.google
#   City: Mountain View
#   Region: California
#   Country: US
#   Location: 37.4056,-122.0775
#   Organization: AS15169 Google LLC
#   Postal: 94043
#   Timezone: America/Los_Angeles

# ASN details
globaldetect ipinfo asn 15169
# Returns: AS name, domain, routes, type (ISP/business/hosting)

# Company information
globaldetect ipinfo company 8.8.8.8
# Returns: Company name, domain, type, employee count

# Privacy/VPN detection
globaldetect ipinfo privacy 192.0.2.1
# Returns: VPN, proxy, Tor, relay, hosting detection flags

# Carrier detection (mobile IPs)
globaldetect ipinfo carrier 203.0.113.1
# Returns: Mobile carrier name, MCC, MNC

# Abuse contact
globaldetect ipinfo abuse 192.0.2.1
# Returns: Abuse contact email, phone, network info

# IP ranges for an organization
globaldetect ipinfo ranges "Google LLC"
# Returns: All IP ranges owned by organization

# Batch lookup
globaldetect ipinfo batch --file ips.txt --output results.json

# IP to ASN mapping
globaldetect ipinfo ip2asn 8.8.8.8

# Hosted domains on IP
globaldetect ipinfo domains 93.184.216.34
# Returns: All domains hosted on this IP

AbuseIPDB

IP abuse and threat reporting database.

globaldetect abuseipdb

Check and report IP abuse.

# Check IP reputation
globaldetect abuseipdb check 192.0.2.1
# Returns:
#   Abuse Confidence: 87%
#   Total Reports: 1,547
#   Last Reported: 2 hours ago
#   Categories: SSH Brute-Force, Web Attack

# Check with verbose output
globaldetect abuseipdb check 192.0.2.1 --verbose
# Includes recent report details

# Report an abusive IP
globaldetect abuseipdb report 192.0.2.1 \
    --categories "18,22" \
    --comment "SSH brute force attack"

# Batch check
globaldetect abuseipdb batch --file suspicious-ips.txt

# Get blacklist
globaldetect abuseipdb blacklist --confidence 90 --limit 10000

# Check subnet
globaldetect abuseipdb check-block 192.0.2.0/24

Integration Summary

DNS Science.io

  • Threat intelligence
  • Domain reputation
  • Passive DNS
  • SSL certificate intel
  • Subdomain discovery
  • Email security (SPF/DKIM/DMARC)
  • Domain monitoring
  • Historical DNS data

Cloudflare

  • Radar threat intel
  • Global traceroute (200+ PoPs)
  • BGP analysis
  • DDoS attack trends
  • Internet outage detection
  • DNS over HTTPS
  • AS rankings
  • Traffic analytics

IPInfo.io

  • IP geolocation
  • ASN details
  • Company information
  • Privacy/VPN detection
  • Carrier detection
  • Abuse contacts
  • IP range lookups
  • Hosted domains

AbuseIPDB

  • IP reputation scores
  • Abuse report history
  • Attack categories
  • Report submission
  • Blacklist downloads
  • Subnet checking
  • Batch lookups
  • Confidence scoring

Use Case: Complete Threat Investigation

# Investigating a suspicious IP from your logs
IP="192.0.2.100"

# Step 1: Get full IP intelligence
globaldetect ipinfo lookup $IP
globaldetect ipinfo privacy $IP

# Step 2: Check abuse history
globaldetect abuseipdb check $IP --verbose

# Step 3: Check Cloudflare threat data
globaldetect cloudflare radar ip $IP

# Step 4: See what domains are hosted there
globaldetect ipinfo domains $IP

# Step 5: Check those domains for threats
globaldetect dnsscience threat $(globaldetect ipinfo domains $IP --first)

# Step 6: Full reverse investigation
globaldetect dnsscience reverse $IP

Configuration

Environment Variables

Variable Description Required
IPINFO_TOKEN IPInfo.io API token for geolocation Optional
ABUSEIPDB_API_KEY AbuseIPDB API key for reputation checks Optional
CLOUDFLARE_API_TOKEN Cloudflare API token for DNS/Radar Optional
DNSSCIENCE_API_KEY DNS Science API key for threat intel Optional
GLOBALDETECT_DB Database connection (SQLite path or PostgreSQL URI) Optional

Configuration File

# ~/.config/globaldetect/config.yaml
database:
  type: postgresql
  host: localhost
  port: 5432
  name: inventory
  user: globaldetect
  password: secure-password

services:
  ipinfo:
    token: your-ipinfo-token
  abuseipdb:
    api_key: your-abuseipdb-key
  cloudflare:
    api_token: your-cloudflare-token
  dnsscience:
    api_key: your-dnsscience-key

agent:
  server: https://inventory.example.com
  api_key: agent-api-key
  interval: 300

logging:
  level: INFO
  file: /var/log/globaldetect.log

Quick Configuration

# Set up configuration interactively
globaldetect config init

# Set individual values
globaldetect config set ipinfo.token YOUR_TOKEN
globaldetect config set database.type sqlite
globaldetect config set database.path ~/inventory.db

# Show current configuration
globaldetect config show
← DNSNet Toolkit CLI Tools →
View on GitHub