Skip to content

Temenos

GitHub Python Platform License CLI Security

Unless your organization exclusively works with pen and paper, understanding your digital footprint is critical. Every subdomain, IP address, and DNS record represents a potential entry point for attackers.

That's where Temenos comes in: a lightweight, cross-platform CLI tool that helps security professionals map and analyze their organization's attack surface using industry-standard, free APIs.

What is Temenos?

Temenos is a Python-based command-line security tool that combines the power of two essential (and freely available) security services:

  • DNSDumpster: For comprehensive DNS enumeration and infrastructure discovery
  • VirusTotal: For threat intelligence and reputation analysis

The tool is designed to be simple, fast, and practical. It is designed to give security teams actionable intelligence without the complexity of enterprise-grade scanners, and to be able to work in any environment.

How It Works

Temenos follows a straightforward workflow:

1. DNS Enumeration Phase

When you scan a domain, Temenos queries the DNSDumpster API to gather extensive DNS information:

  • A Records: IPv4 addresses pointing to the domain
  • NS Records: Nameservers managing the domain
  • MX Records: Mail servers handling email
  • TXT Records: Text records (often containing SPF, DKIM, etc.)
  • CNAME Records: Canonical name records (aliases)

Temenos also captures metadata like ASN (Autonomous System Number), geolocation data, and HTTP/HTTPS banner information.

2. VT Enrichment (Optional)

If you enable the --virustotal flag, Temenos enriches your findings with VirusTotal's threat intelligence:

  • Reputation scores for domains and IP addresses
  • Detection counts from 90+ antivirus engines
  • Community votes and comments
  • Historical malicious activity

This phase is rate-limited and respects VirusTotal's API constraints (4 requests per minute on the free tier). DNS mapping can easily lead to exceeding the rate limit, so keep that in mind when scanning.

3. Output Generation

Temenos' results can be exported in three formats:

  • Table: Human-readable terminal output with color-coded highlights
  • JSON: Machine-parseable format for integration with other tools
  • CSV: Spreadsheet-friendly format for reporting and analysis

Key Features

Cross-Platform Compatibility

Temenos works seamlessly on Linux, macOS, and Windows. There are no complex dependencies or system-specific configurations required.

Intelligent Rate Limiting

Both DNSDumpster and VirusTotal have strict rate limits. Temenos automatically manages these constraints, ensuring your scans stay within API boundaries while maximizing efficiency.

Secure Configuration

API keys are stored in a .env file (NEVER committed to version control) or can be passed via environment variables. The tool validates your configuration before running any scans.

Use Cases

1. Security Audits and Pentests

Before conducting a penetration test, security professionals need to map the target's attack surface. Temenos quickly identifies:

  • Forgotten or orphaned subdomains
  • Exposed development/staging servers
  • Third-party services and CDNs
  • Mail server configurations

Example workflow:

# Initial reconnaissance
python temenos.py scan target.com --virustotal -o audit_results.json -f json

# Analyze high-risk findings
grep -i "malicious" audit_results.json

2. Continuous Attack Surface Monitoring

Organizations should regularly monitor their DNS footprint to detect:

  • Unauthorized subdomain creation
  • Compromised infrastructure
  • Shadow IT deployments
  • DNS hijacking attempts

Example workflow:

# Daily monitoring script
python temenos.py scan company.com --virustotal -o "scan_$(date +%Y%m%d).json" -f json

# Compare with baseline to detect changes

3. Third-Party Risk Assessment

When evaluating vendors/third-parties, understanding their security posture is crucial. Temenos can help you:

  • Verify security controls are in place
  • Check for known malicious infrastructure
  • Assess their DNS hygiene
  • Identify shared hosting or CDN risks

Example workflow:

# Assess vendor security
python temenos.py scan vendor-domain.com --virustotal --verbose

4. Bug Bounty Reconnaissance

Security researchers participating in bug bounty programs need efficient reconnaissance tools. Temenos accelerates the discovery phase by:

  • Enumerating all in-scope subdomains
  • Identifying IP ranges and ASNs
  • Highlighting potentially vulnerable services
  • Flagging domains with suspicious reputation

Example workflow:

# Generate target list for bounty program
python temenos.py scan target.com -o targets.csv -f csv

Getting Started

Setting up Temenos is very easy:

  1. Install dependencies: bash pip install -r requirements.txt

  2. Configure API keys: bash cp .env.example .env # Edit .env with your DNSDumpster and VirusTotal keys

  3. Run your first scan: bash python temenos.py scan example.com --virustotal

Rate Limits and API Tiers

Understanding API limits is important:

  • DNSDumpster: 1 request per 2 seconds (free tier)
  • VirusTotal Free: 4 requests per minute, 500 per day
  • VirusTotal Premium: Higher limits based on subscription

Temenos automatically respects these limits and clearly tells you when rate limits are encountered.

Contributing and Support

Temenos is open source and welcomes contributions. Whether you're adding new features, fixing bugs, or improving documentation, your input helps make security tools more accessible.

Disclaimer: Unauthorized scanning may violate terms of service or local laws.