mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-20 05:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/website/docs/user-guide/skills/optional/research/research-domain-intel.md
Teknium 252d68fd45
docs: deep audit — fix stale config keys, missing commands, and registry drift (#22784) 
* docs: deep audit — fix stale config keys, missing commands, and registry drift

Cross-checked ~80 high-impact docs pages (getting-started, reference, top-level
user-guide, user-guide/features) against the live registries:

  hermes_cli/commands.py    COMMAND_REGISTRY (slash commands)
  hermes_cli/auth.py        PROVIDER_REGISTRY (providers)
  hermes_cli/config.py      DEFAULT_CONFIG (config keys)
  toolsets.py               TOOLSETS (toolsets)
  tools/registry.py         get_all_tool_names() (tools)
  python -m hermes_cli.main <subcmd> --help (CLI args)

reference/
- cli-commands.md: drop duplicate hermes fallback row + duplicate section,
  add stepfun/lmstudio to --provider enum, expand auth/mcp/curator subcommand
  lists to match --help output (status/logout/spotify, login, archive/prune/
  list-archived).
- slash-commands.md: add missing /sessions and /reload-skills entries +
  correct the cross-platform Notes line.
- tools-reference.md: drop bogus '68 tools' headline, drop fictional
  'browser-cdp toolset' (these tools live in 'browser' and are runtime-gated),
  add missing 'kanban' and 'video' toolset sections, fix MCP example to use
  the real mcp_<server>_<tool> prefix.
- toolsets-reference.md: list browser_cdp/browser_dialog inside the 'browser'
  row, add missing 'kanban' and 'video' toolset rows, drop the stale
  '38 tools' count for hermes-cli.
- profile-commands.md: add missing install/update/info subcommands, document
  fish completion.
- environment-variables.md: dedupe GMI_API_KEY/GMI_BASE_URL rows (kept the
  one with the correct gmi-serving.com default).
- faq.md: Anthropic/Google/OpenAI examples — direct providers exist (not just
  via OpenRouter), refresh the OpenAI model list.

getting-started/
- installation.md: PortableGit (not MinGit) is what the Windows installer
  fetches; document the 32-bit MinGit fallback.
- installation.md / termux.md: installer prefers .[termux-all] then falls
  back to .[termux].
- nix-setup.md: Python 3.12 (not 3.11), Node.js 22 (not 20); fix invalid
  'nix flake update --flake' invocation.
- updating.md: 'hermes backup restore --state pre-update' doesn't exist —
  point at the snapshot/quick-snapshot flow; correct config key
  'updates.pre_update_backup' (was 'update.backup').

user-guide/
- configuration.md: api_max_retries default 3 (not 2); display.runtime_footer
  is the real key (not display.runtime_metadata_footer); checkpoints defaults
  enabled=false / max_snapshots=20 (not true / 50).
- configuring-models.md: 'hermes model list' / 'hermes model set ...' don't
  exist — hermes model is interactive only.
- tui.md: busy_indicator -> tui_status_indicator with values
  kaomoji|emoji|unicode|ascii (not kawaii|minimal|dots|wings|none).
- security.md: SSH backend keys (TERMINAL_SSH_HOST/USER/KEY) live in .env,
  not config.yaml.
- windows-wsl-quickstart.md: there is no 'hermes api' subcommand — the
  OpenAI-compatible API server runs inside hermes gateway.

user-guide/features/
- computer-use.md: approvals.mode (not security.approval_level); fix broken
  ./browser-use.md link to ./browser.md.
- fallback-providers.md: top-level fallback_providers (not
  model.fallback_providers); the picker is subcommand-based, not modal.
- api-server.md: API_SERVER_* are env vars — write to per-profile .env,
  not 'hermes config set' which targets YAML.
- web-search.md: drop web_crawl as a registered tool (it isn't); deep-crawl
  modes are exposed through web_extract.
- kanban.md: failure_limit default is 2, not '~5'.
- plugins.md: drop hard-coded '33 providers' count.
- honcho.md: fix unclosed quote in echo HONCHO_API_KEY snippet; document
  that 'hermes honcho' subcommand is gated on memory.provider=honcho;
  reconcile subcommand list with actual --help output.
- memory-providers.md: legacy 'hermes honcho setup' redirect documented.

Verified via 'npm run build' — site builds cleanly; broken-link count went
from 149 to 146 (no regressions, fixed a few in passing).

* docs: round 2 audit fixes + regenerate skill catalogs

Follow-up to the previous commit on this branch:

Round 2 manual fixes:
- quickstart.md: KIMI_CODING_API_KEY mentioned alongside KIMI_API_KEY;
  voice-mode and ACP install commands rewritten — bare 'pip install ...'
  doesn't work for curl-installed setups (no pip on PATH, not in repo
  dir); replaced with 'cd ~/.hermes/hermes-agent && uv pip install -e
  ".[voice]"'. ACP already ships in [all] so the curl install includes it.
- cli.md / configuration.md: 'auxiliary.compression.model' shown as
  'google/gemini-3-flash-preview' (the doc's own claimed default);
  actual default is empty (= use main model). Reworded as 'leave empty
  (default) or pin a cheap model'.
- built-in-plugins.md: added the bundled 'kanban/dashboard' plugin row
  that was missing from the table.

Regenerated skill catalogs:
- ran website/scripts/generate-skill-docs.py to refresh all 163 per-skill
  pages and both reference catalogs (skills-catalog.md,
  optional-skills-catalog.md). This adds the entries that were genuinely
  missing — productivity/teams-meeting-pipeline (bundled),
  optional/finance/* (entire category — 7 skills:
  3-statement-model, comps-analysis, dcf-model, excel-author, lbo-model,
  merger-model, pptx-author), creative/hyperframes,
  creative/kanban-video-orchestrator, devops/watchers,
  productivity/shop-app, research/searxng-search,
  apple/macos-computer-use — and rewrites every other per-skill page from
  the current SKILL.md. Most diffs are tiny (one line of refreshed
  metadata).

Validation:
- 'npm run build' succeeded.
- Broken-link count moved 146 -> 155 — the +9 are zh-Hans translation
  shells that lag every newly-added skill page (pre-existing pattern).
  No regressions on any en/ page.
2026-05-09 13:19:51 -07:00

5.1 KiB
Raw Blame History

title sidebar_label description
Domain Intel — Passive domain reconnaissance using Python stdlib Domain Intel Passive domain reconnaissance using Python stdlib

{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */}

Domain Intel

Passive domain reconnaissance using Python stdlib. Subdomain discovery, SSL certificate inspection, WHOIS lookups, DNS records, domain availability checks, and bulk multi-domain analysis. No API keys required.

Skill metadata
Source Optional — install with hermes skills install official/research/domain-intel
Path optional-skills/research/domain-intel
Platforms linux, macos, windows

Reference: full SKILL.md

:::info The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. :::

Domain Intelligence — Passive OSINT

Passive domain reconnaissance using only Python stdlib. Zero dependencies. Zero API keys. Works on Linux, macOS, and Windows.

Helper script

This skill includes scripts/domain_intel.py — a complete CLI tool for all domain intelligence operations.

# Subdomain discovery via Certificate Transparency logs
python3 SKILL_DIR/scripts/domain_intel.py subdomains example.com

# SSL certificate inspection (expiry, cipher, SANs, issuer)
python3 SKILL_DIR/scripts/domain_intel.py ssl example.com

# WHOIS lookup (registrar, dates, name servers — 100+ TLDs)
python3 SKILL_DIR/scripts/domain_intel.py whois example.com

# DNS records (A, AAAA, MX, NS, TXT, CNAME)
python3 SKILL_DIR/scripts/domain_intel.py dns example.com

# Domain availability check (passive: DNS + WHOIS + SSL signals)
python3 SKILL_DIR/scripts/domain_intel.py available coolstartup.io

# Bulk analysis — multiple domains, multiple checks in parallel
python3 SKILL_DIR/scripts/domain_intel.py bulk example.com github.com google.com
python3 SKILL_DIR/scripts/domain_intel.py bulk example.com github.com --checks ssl,dns

SKILL_DIR is the directory containing this SKILL.md file. All output is structured JSON.

Available commands

Command What it does Data source
subdomains Find subdomains from certificate logs crt.sh (HTTPS)
ssl Inspect TLS certificate details Direct TCP:443 to target
whois Registration info, registrar, dates WHOIS servers (TCP:43)
dns A, AAAA, MX, NS, TXT, CNAME records System DNS + Google DoH
available Check if domain is registered DNS + WHOIS + SSL signals
bulk Run multiple checks on multiple domains All of the above

When to use this vs built-in tools

  • Use this skill for infrastructure questions: subdomains, SSL certs, WHOIS, DNS records, availability
  • Use web_search for general research about what a domain/company does
  • Use web_extract to get the actual content of a webpage
  • Use terminal with curl -I for a simple "is this URL reachable" check
Task Better tool Why
"What does example.com do?" web_extract Gets page content, not DNS/WHOIS data
"Find info about a company" web_search General research, not domain-specific
"Is this website safe?" web_search Reputation checks need web context
"Check if a URL is reachable" terminal with curl -I Simple HTTP check
"Find subdomains of X" This skill Only passive source for this
"When does the SSL cert expire?" This skill Built-in tools can't inspect TLS
"Who registered this domain?" This skill WHOIS data not in web search
"Is coolstartup.io available?" This skill Passive availability via DNS+WHOIS+SSL

Platform compatibility

Pure Python stdlib (socket, ssl, urllib, json, concurrent.futures). Works identically on Linux, macOS, and Windows with no dependencies.

  • crt.sh queries use HTTPS (port 443) — works behind most firewalls
  • WHOIS queries use TCP port 43 — may be blocked on restrictive networks
  • DNS queries use Google DoH (HTTPS) for MX/NS/TXT — firewall-friendly
  • SSL checks connect to the target on port 443 — the only "active" operation

Data sources

All queries are passive — no port scanning, no vulnerability testing:

  • crt.sh — Certificate Transparency logs (subdomain discovery, HTTPS only)
  • WHOIS servers — Direct TCP to 100+ authoritative TLD registrars
  • Google DNS-over-HTTPS — MX, NS, TXT, CNAME resolution (firewall-friendly)
  • System DNS — A/AAAA record resolution
  • SSL check is the only "active" operation (TCP connection to target:443)

Notes

  • WHOIS queries use TCP port 43 — may be blocked on restrictive networks
  • Some WHOIS servers redact registrant info (GDPR) — mention this to the user
  • crt.sh can be slow for very popular domains (thousands of certs) — set reasonable expectations
  • The availability check is heuristic-based (3 passive signals) — not authoritative like a registrar API

Contributed by @FurkanL0