Try Claude
DNS & DomainDNS, WHOIS, SSL & domain checks
AI Tools for DevOps Engineers
AI tools that help DevOps engineers scan for CVEs, audit security headers, research cloud architecture, and keep infrastructure running.
Get started for free
Works in Chat, Cowork and Code
PackageCveCvss
openssl/3.0.2CVE-2023-02869.8 CRITICAL
curl/7.88.1CVE-2023-385459.8 CRITICAL
libssl3/3.0.2CVE-2023-02869.8 (inherited)
nginx/1.24.0None found—
3 critical vulnerabilities · immediate upgrade required
Container and infrastructure CVE scanning
Search the full CVE database for vulnerabilities in your container base images, system packages, and infrastructure tools before they ship to production. Catch a critical OpenSSL CVE in your ubuntu:22.04 base before the security team does.
Check for CVEs in these infrastructure packages: nginx/1.24.0, openssl/3.0.2, curl/7.88.1, libssl3/3.0.2. Focus on critical and high severity.
openssl/3.0.2: CVE-2023-0286 (CVSS 9.8) — integer overflow in X.509 parsing, remotely exploitable. curl/7.88.1: CVE-2023-38545 (CVSS 9.8) — SOCKS5 heap overflow. nginx/1.24.0: clean. libssl3: inherited openssl CVE. Upgrade openssl to 3.0.10 and curl to 8.4.0 immediately.
ToolRouter search_cves
PackageCveCvss
openssl/3.0.2CVE-2023-02869.8 CRITICAL
curl/7.88.1CVE-2023-385459.8 CRITICAL
nginx/1.24.0None—
libssl3/3.0.2CVE-2023-02869.8 (inherited)
2 critical CVEs requiring immediate upgrade
Security header and HTTPS configuration audit
Scan production and staging endpoints for missing security headers, weak TLS configurations, and exposed infrastructure information. HSTS, CSP, and CORS misconfigurations are the most common audit failures.
Audit https://myapp.com and https://api.myapp.com for security headers, TLS configuration, and any information disclosure in response headers.
myapp.com: missing Content-Security-Policy, X-Frame-Options absent (clickjacking risk), Server header exposes "nginx/1.24.0 Ubuntu". api.myapp.com: CORS allows *, HSTS max-age only 3600 (should be 31536000), X-Powered-By: Express leaks stack. TLS: TLSv1.0 still enabled (should disable).
ToolRouter scan_url
myapp.com — CSP
MISSING — no Content-Security-Policy header
myapp.com — X-Frame-Options
MISSING — clickjacking risk
api.myapp.com — CORS
Access-Control-Allow-Origin: * — overly permissive
api.myapp.com — HSTS
max-age=3600 — should be 31536000
TLS Version
TLSv1.0 still enabled — should be disabled
Infrastructure architecture research
Research cloud architecture patterns, Kubernetes configurations, and IaC best practices with cited sources. Use it to evaluate AWS vs GCP vs Azure for a specific workload, or benchmark EKS autoscaling configurations for your traffic patterns.
We're seeing 10x traffic spikes every Monday 9am. Compare Kubernetes HPA vs KEDA vs Fargate spot instances for auto-scaling a Node.js API with stateful WebSocket connections.
HPA: CPU/memory-based, 90s scale-up lag — too slow for 9am spikes. KEDA: event-driven, can pre-scale on cron schedule — best fit for predictable spikes. Fargate spot: no node management but 2-min cold start for stateful WebSocket apps is problematic. Recommend KEDA with a scheduled ScaledObject to pre-warm at 8:45am.
ToolRouter research
HPA Verdict
90s scale-up lag — too slow for predictable 9am spikes
KEDA Recommendation
Event-driven, supports cron schedule → pre-warm at 8:45am
Fargate Spot
2-min cold start — problematic for stateful WebSocket connections
Recommendation
KEDA with scheduled ScaledObject → pre-scale before 9am Monday
CI/CD and infrastructure diagrams
Generate pipeline, deployment, and infrastructure diagrams for runbooks, incident response docs, and architecture reviews. Get Mermaid output that renders directly in GitHub pull requests.
Create a CI/CD pipeline diagram: developer pushes → GitHub Actions builds and tests → Docker image pushed to ECR → Helm deploys to EKS staging → manual approval → production rolling deploy.
Generated Mermaid flowchart with 9 steps. Manual approval gate shown as a decision diamond. Rollback path from production failure back to previous Helm release annotated. Parallel test jobs (unit, integration, security scan) shown in the build stage.
ToolRouter render_diagram
Step 1
Developer push → PR → GitHub Actions triggers
Step 2
Parallel: unit tests + integration tests + security scan
Step 3
Docker build → push image to ECR
Step 4
Helm deploy to EKS staging → smoke tests
Step 5
Manual approval gate (decision) → production rolling deploy
DNS, domain, and SSL certificate auditing
Check DNS records, WHOIS registration expiry dates, and SSL certificate validity across all your domains. Catch a certificate expiring in 14 days or a dangling CNAME pointing to a decommissioned service before it causes an incident.
Check DNS records and SSL certificate status for myapp.com, api.myapp.com, and staging.myapp.com. Flag anything expiring in the next 30 days.
myapp.com: SSL expires in 8 days (CRITICAL — renew now). api.myapp.com: SSL valid 87 days. staging.myapp.com: CNAME points to old-staging.heroku.com — that app was deleted (dangling DNS). Recommend: (1) renew myapp.com cert immediately, (2) remove staging CNAME or update target.
ToolRouter check_dns
myapp.com SSL
Expires in 8 days — CRITICAL, renew immediately
api.myapp.com SSL
Valid · 87 days remaining
staging.myapp.com
CNAME → old-staging.heroku.com (app deleted) — dangling DNS
Recommended Actions
(1) Renew myapp.com cert · (2) Remove staging CNAME
Supply chain and package risk auditing
Audit open-source packages added to your infrastructure tooling — Terraform providers, Helm charts, GitHub Actions — for supply chain anomalies, abandoned maintainers, and known advisories before they enter your pipeline.
Audit these Terraform providers and tools before adding to our pipeline: hashicorp/aws@5.40, grafana/grafana@2.15, datadog/datadog@3.35.
hashicorp/aws@5.40: maintained by HashiCorp, clean. grafana/grafana@2.15: clean, actively maintained. datadog/datadog@3.35: clean, no advisories. All three are safe to add. Recommend pinning exact versions in terraform.lock.hcl.
ToolRouter audit_packages
ProviderVersionMaintainer
hashicorp/aws5.40HashiCorp
grafana/grafana2.15Grafana Labs
datadog/datadog3.35Datadog
All 3 providers safe · recommend pinning in terraform.lock.hcl
Ready-to-use prompts
Scan infra packages for CVEs
Check these infrastructure packages for CVEs: nginx/1.24, openssl/3.0, curl/7.88, containerd/1.7, runc/1.1. Flag anything CVSS 8+ and provide the upgrade path.
Audit security headers
Audit https://myapp.com for security headers: Content-Security-Policy, HSTS max-age, X-Frame-Options, X-Content-Type-Options, CORS configuration, and whether the Server header exposes nginx/version.
Research Kubernetes autoscaling
Compare Kubernetes HPA, VPA, and KEDA for scaling a gRPC service handling 5K req/sec baseline with 20x spikes during US market open. Include cold start times and configuration examples.
CI/CD pipeline diagram
Generate a Mermaid CI/CD pipeline diagram: GitHub PR → GitHub Actions (test + security scan + build) → Docker push to ECR → Helm deploy to EKS staging → manual gate → production canary deploy at 10% → full rollout.
Check domain SSL expiry
Check DNS records and SSL certificate expiry for myapp.com, api.myapp.com, admin.myapp.com, and staging.myapp.com. Flag any certs expiring within 30 days and any dangling CNAME records.
Terraform provider risk audit
Audit these Terraform providers for supply chain risk: hashicorp/aws@5.40, hashicorp/kubernetes@2.27, grafana/grafana@2.15. Check for known advisories and maintainer activity.
EKS vs GKE vs AKS comparison
Compare AWS EKS, Google GKE, and Azure AKS for a fintech app requiring SOC 2 compliance, multi-region failover, and <100ms internal service latency. Include managed node group options and upgrade strategies.
Incident runbook diagram
Generate a flowchart for a P1 database incident runbook: alert fires → on-call pages → check Postgres replica lag → if >30s promote replica → redirect traffic → post-mortem Jira ticket.
Tools to power your best work
Security ScannerScan URLs, IPs, domains and files for threats
Web SearchWeb, news, images & maps — one tool
Vulnerability DatabaseSearch CVEs & track new advisories
Deep ResearchAI research reports with citations
Diagram GeneratorRender Mermaid, PlantUML & more
Supply Chain RiskPackage, dependency & exploit risk
165+ tools.
One conversation.
Everything devops engineers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Pre-deployment security gate
Before every production deployment, check infrastructure packages for CVEs, scan endpoints for header issues, and verify domain/SSL health.
Infrastructure architecture decision
Research trade-offs, generate a diagram, and validate the dependency stack before committing to a new infrastructure component.
Incident response documentation
After resolving an incident, diagram the failure mode, look up any CVEs involved, and create runbook documentation.
Frequently Asked Questions
Can the Vulnerability Database scan container image packages or just application dependencies?
The Vulnerability Database searches the CVE catalog by package name and version — it works for system packages (openssl, curl, glibc), container runtimes (containerd, runc), and application dependencies alike. List the package names and versions from your image manifest to check them.
How does the DNS tool help with certificate monitoring?
DNS & Domain checks SSL certificate expiry dates and returns the number of days remaining. Run it against all your production domains in a single query to surface certificates expiring within your rotation window before they cause outages.
Does Deep Research give me configuration examples, not just conceptual comparisons?
Yes. Deep Research synthesizes official documentation, engineering blog posts, and community resources — it will pull concrete HPA YAML, KEDA ScaledObject examples, or Terraform module patterns as part of the comparison. Cite the sources in your RFC.
Can Diagram Generator produce runbook diagrams I can embed in Confluence?
Yes. Diagram Generator outputs Mermaid or PlantUML source that renders natively in Confluence, Notion, GitHub, and GitLab. For Confluence, use the Mermaid macro or embed the diagram as a code block with the mermaid language tag.
Does Supply Chain Risk check GitHub Actions in my CI pipeline?
Supply Chain Risk audits npm, PyPI, Go, and Maven packages. For GitHub Actions specifically, check the action versions you pin in your workflow files against the actions/toolkit CVE database and review the action's repository for recent commit anomalies.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code