Projects

mhost  

mhost  

A DNS Swiss Army knife that queries 80+ resolvers in parallel -- lookups, discovery, linting, tracing, and an interactive TUI, all in one tool.

mhost

Ever wished dig could do everything? Meet mhost — the DNS Swiss Army knife that makes DNS fun again. It fires queries at 80+ public resolvers in parallel and aggregates the results, so you get the full picture instead of trusting a single server’s answer. It speaks fluent UDP, TCP, DNS-over-TLS (DoT), and DNS-over-HTTPS (DoH) from Cloudflare, Google, Quad9, Mullvad, and more.

But lookups are just the appetizer. mhost packs a whole toolkit into one binary: discover subdomains via CT logs, wordlists, NSEC walking, and permutation attacks. Lint your zone configs against 13 best-practice checks. Trace delegation chains hop by hop from the root servers. Check propagation across major providers after a DNS change. Diff records between nameservers or snapshots. Even verify live DNS against your BIND zone files — with non-zero exit codes for CI pipelines.

For the explorers, there’s mdive — a built-in interactive TUI with live sortable tables, drill-down navigation, discovery panels, and vi-style keybindings. Think of it as a DNS dashboard in your terminal.

Everything outputs clean JSON for scripting, and the entire engine is available as an async Rust library with an ergonomic builder API — it’s the DNS engine behind Prism and the rest of the netray.info network intelligence suite.

Prism  

Prism  

A browser-based DNS inspector that fans queries across multiple resolvers with streaming results -- part of the netray.info suite.

Prism

What if you could point your browser at a DNS problem and watch the answers stream in from every resolver at once? That’s Prism — a browser-based DNS inspector built on the mhost engine that ships as one binary, one config file, zero runtime dependencies.

Type a dig-inspired query like example.com A AAAA @cloudflare @google @quad9 +tls +dnssec and Prism fans it out across resolvers, streaming results back in real time via Server-Sent Events. No waiting for the slowest server — answers appear the instant they arrive.

Prism packs six modes into one tool: Query to compare resolver responses side by side. Check to run a 15-record-type health audit with DMARC validation. Trace to walk delegation chains from root to authoritative. Compare to test the same query across UDP, TCP, DoT, and DoH. Auth to spot differences between authoritative answers and recursive caches. And DNSSEC to inspect keys and signatures.

The frontend features a CodeMirror-powered query editor with syntax highlighting and completions, so crafting complex queries feels more like writing code than wrestling with CLI flags.

Prism is the DNS component of the netray.info network intelligence suite. Try it live at dns.netray.info.

tlsight  

tlsight  

Full certificate chain inspection, TLS configuration analysis, and DNS cross-validation -- in one view.

tlsight

Hand tlsight a hostname and it comes back with everything: the full certificate chain from leaf to root, OCSP stapling status, Certificate Transparency SCTs, DANE/TLSA records, CAA authorization, HSTS headers, and DNSSEC validation — all in under two seconds. It even resolves every A and AAAA record and handshakes each IP in parallel, so you’ll spot that one CDN edge node serving the wrong cert before your users do.

Under the hood, 13 graded health checks cover certificates, protocol configuration, and DNS alignment, giving you a structured pass/fail/warning assessment instead of a wall of text. Need to inspect multiple ports? Just say example.com:443,465,993 and tlsight checks them all simultaneously.

The whole thing is a single Rust binary with an embedded SolidJS frontend — no static file hosting needed. It exposes a clean JSON API with OpenAPI docs, making it easy to wire into monitoring or CI pipelines.

tlsight is the TLS component of the netray.info network intelligence suite. Try it live at tls.netray.info.

nmap-analyze  

nmap-analyze  

Analyzes and compares nmap scan results with port specification for easy verification of firewall and port filter configurations

nmap-analyze

nmap is a highly sophisticated and widely used port scanner. It scans a single host or a group of hosts for open TCP and UDP ports. This allows administrators to verify firewall and port filter configurations. nmap-analyze is a very simplistic tool that helps to ease this verification process. Basically, it takes nmap’s scan results as XML, compares these results for each host scanned with a specification, and reports all deviations. nmap-analyze supports both, human readable as well as JSON output. The later can be used for further post-processing.

nmap-analyze needs three inputs: 1. nmap scan results in XML format, 2. a mapping of IP addresses to ports specifications, and 3. the port specifications. The mapping allows you to define groups of hosts that are mapped to the same port specification.

ifconfig-rs  

ifconfig-rs  

IP enrichment API with geolocation, ASN lookup, and cloud/VPN/Tor detection -- now powering the netray.info suite.

ifconfig-rs

ifconfig-rs started as yet another “what’s my IP address” service — but then it kept growing. Today it’s a full IP enrichment API that tells you everything about an address: geolocation, ASN, ISP, and whether it belongs to a cloud provider, VPN, or Tor exit node. It powers ip.netray.info, the IP component of the netray.info network intelligence suite.

Written in Rust, it’s fast enough to handle batch queries and includes GeoLite2 data created by MaxMind, available from http://www.maxmind.com.

Features

  • Shows your IP address, TCP port, host name, geoip based location, ISP, and user agent.
  • Google Maps integration for geoip location
  • JSON API with multiple output formats
  • Special support for CLI tools like curl, httpie, and wget. API calls will be answered with just the base information followed by a newline for easy script integration.

luftpost  

luftpost  

Watches luftdaten.info particulates sensors and sends e-mails if measurements exceed thresholds

luftpost

luftdaten.info offers a very easy do-it-yourself instruction on how to build an inexpensive yet powerful particulates sensor complete with a fully functional firmware. This firmware regularly measures the particulates concentration and transmits the resulting data to luftdaten.info where it is processed and displayed on a world map. Even though most sensors are deployed in Germany you can find sensors all over the world.

luftpost is a simple program that monitors luftdaten.info sensors and notifies you via e-mail in case a particulates concentration measurement exceeds a threshold. The e-mail is nicely formatted and may contain the very same graphs that luftdaten.info offers — see below for an example. The notification can be triggered by every measurement, only when a measurement exceeds a threshold, or on changes only, i.e., once after exceeding a threshold and then after returning back below a threshold.

rs-collector  

rs-collector  

An scollector compatible telemetry collector for Galera, JVM, Mongo, Postfix etc.

rs-collector is a Bosun-compatible collector for various services that are not covered by scollector, and that we use at CenterDevice.

Collectors

  1. Galera - Collects metrics about the cluster status and cluster sync performance of a MySQL Galera cluster.
  2. HasIpAddr - Checks if a host has bound specific IPv4 addresses.
  3. JVM - Collects garbage collection statistics.
  4. MongoDB - Collects replicaset metrics.
  5. Postfix - Collects queue lengths for all postfix queues.
  6. rs-collector - Collects internal metrics for rs-collector.