Pricing

from $10.00 / 1,000 results

🛡️ Domain Trust Monitor

Audit your entire web infrastructure by extracting SSL certificate health, SPF/DKIM/DMARC configuration, and missing security headers across hundreds of websites.

Pricing

from $10.00 / 1,000 results

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

7 hours ago

Last modified

Domain Security Audit API | SSL Expiry, DMARC, Domain Expiry

Ensure your web assets remain secure and compliant by automating routine infrastructure audits with this advanced crawler. Designed for IT administrators and security teams, this tool crawls arbitrary websites to extract critical structured data regarding domain ownership, email security, and connection health. You can easily track the exact days remaining until SSL certificate expiration, monitor domain expiry dates, and uncover critical missing security headers across hundreds of target URLs.

Why rely on manual browser checks when you can schedule this monitor to run daily or weekly? Tracking portfolio drift is essential to prevent unexpected downtime or security breaches. By using this API, users can extract an executive summary of failing checks alongside a detailed remediation list. Specific outputs include DMARC policy enforcement levels, SPF/DKIM configuration details, and web risk headers.

Integrate the scraped results directly into your existing IT dashboards or alerting tools to maintain constant visibility over your infrastructure. Whether you need to schedule a recurring portfolio watch or integrate a webhook remediation queue, this monitor ensures you never miss a critical vulnerability. Export comprehensive security details to safeguard your systems, streamline compliance reporting, and keep your overall online presence trusted and secure. Skip the tedious manual search and secure your domain infrastructure today.

Store Quickstart

Start with store-input.example.json for the free / starter smallest useful run: 2 domains in, one executive summary + remediation list out in the Apify OUTPUT record (or local output/result.json), plus per-domain dataset rows.
Then pick a template in store-input.templates.json:
- Free / starter lane
  - Starter Quickstart (2 Domains -> Summary + Remediation List) — fastest proof of value with no webhook or reputation key
- Paid expansion lanes
  - Portfolio Watch (Advanced Recurring | SSL, DMARC, Expiry, Headers) — broader scheduled sweeps across managed domains
  - Webhook Remediation Queue (Advanced Delivery) — send the executive summary + alert queue to your own endpoint
  - Renewal Watchlist (Recurring SSL + Domain Expiry) — focus on renewal windows and ownership drift
  - Security Audit + Web Risk (Advanced Add-on) — layer optional Google Web Risk on top

Key Features

🔗 URL-first workflow — Bulk-process thousands of URLs per run with parallel fetching
📊 Structured output — Every URL returns consistent, dataset-ready rows for downstream use
🛡️ Rate-limit aware — Exponential backoff and concurrency throttling keep you off block lists
📡 Webhook delivery — Push results to Slack, Discord, or any HTTP endpoint for real-time alerts
💰 No external APIs — Reads public data — zero API-key costs, zero vendor lock-in

Use Cases

Who	Why
Developers	Automate recurring data fetches without building custom scrapers
Data teams	Pipe structured output into analytics warehouses
Ops teams	Monitor changes via webhook alerts
Product managers	Track competitor/market signals without engineering time

Input

Field	Type	Default	Description
domains	array	prefilled	Free / starter quickstart: begin with 2-3 domains for a fast first success. Paid expansion: grow into larger recurring p
port	integer	`443`	Port used for SSL/TLS expiry and trust checks across the portfolio.
expiryWarningDays	integer	`30`	Flag certificates or domains that expire within this many days.
followRedirects	boolean	`true`	Follow redirects before scoring the final site's security headers.
checkDkim	boolean	`true`	Probe common selectors so the first run catches missing DKIM alongside SPF and DMARC.
dkimSelectors	array	—	Optional DKIM selectors to check instead of the built-in defaults.
delivery	string	`"dataset"`	Free / starter path: dataset keeps the first run low-friction and still writes the full summary to OUTPUT. Paid expansio
webhookUrl	string	—	Advanced delivery only: required when delivery is webhook. The payload includes the executive summary, flattened remedia

Input Example

{
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
}

Output

Field	Type	Description
`meta`	object
`alerts`	array
`results`	array
`alerts[].domain`	string
`alerts[].severity`	string
`alerts[].component`	string
`alerts[].type`	string
`alerts[].message`	string
`alerts[].policy`	null

Output Example

{
  "meta": {
    "executiveSummary": {
      "overallStatus": "attention_needed",
      "brief": "1 of 2 domains needs action. Highest-risk issue: 5 alert(s): DMARC record is missing.",
      "recommendedCadence": "daily",
      "topDomains": [
        {
          "domain": "example.com",
          "severity": "high",
          "trustScore": 41,
          "brief": "5 alert(s): DMARC record is missing."
        }
      ]
    },
    "runProfile": {
      "tier": "starter",
      "label": "Starter first-success path"
    },
    "usageAdvisories": {
      "summary": "1 usage/recovery advisory signal active for this run.",
      "signals": [
        {
          "id": "starter_portfolio_boundary",
          "limit": "3 domains in the starter quickstart"
        }
      ]
    },
    "upgradeSuggestions": [
      {
        "type": "schedule",
        "templateId": "portfolio_watch",
        "cadence": "daily",
        "title": "Promote this baseline to a recurring portfolio watch"
      }
    ],
    "nextWorkflow": {
      "type": "same_actor_template",
      "id": "action_needed_webhook",
      "title": "Next best step: Webhook Remediation Queue"
    }
  },
  "alerts": [
    {
      "domain": "example.com",
      "severity": "high",
      "component": "dns",
      "type": "dmarc_missing_or_weak",
      "message": "DMARC record is missing."
    },
    {
      "domain": "example.com",
      "severity": "high",
      "component": "rdap",
      "type": "domain_expiring_soon",
      "message": "Domain expires in 28 days"
    }
  ],
  "results": [
    {
      "domain": "example.com",
      "severity": "high",
      "recommendedActions": [
        "Publish an enforced DMARC policy (quarantine or reject) with aggregate reporting.",
        "Renew the domain registration before the expiry window closes.",
        "Add the missing critical security headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options)."
      ]
    }
  ]
}

API Usage

Run this actor programmatically using the Apify API. Replace YOUR_API_TOKEN with your token from Apify Console → Settings → Integrations.

cURL

curl -X POST "https://api.apify.com/v2/acts/taroyamada~domain-trust-monitor/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "domains": [ "example.com", "github.com" ], "expiryWarningDays": 30, "delivery": "dataset", "snapshotKey": "domain-security-audit-quickstart", "concurrency": 2 }'

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")
run = client.actor("taroyamada/domain-trust-monitor").call(run_input={
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

JavaScript / Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });
const run = await client.actor('taroyamada/domain-trust-monitor').call({
  "domains": [
    "example.com",
    "github.com"
  ],
  "expiryWarningDays": 30,
  "delivery": "dataset",
  "snapshotKey": "domain-security-audit-quickstart",
  "concurrency": 2
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Tips & Limitations

Keep concurrency ≤ 5 when auditing production sites to avoid WAF rate-limit triggers.
Use webhook delivery for recurring cron runs — push only deltas to downstream systems.
Enable dryRun for cheap validation before committing to a paid cron schedule.
Results are dataset-first; use Apify API run-sync-get-dataset-items for instant JSON in CI pipelines.
Run a tiny URL count first, review the sample, then scale up — pay-per-event means you only pay for what you use.

FAQ

Is there a rate limit?

Built-in concurrency throttling keeps requests polite. For most public APIs this actor can run 1–10 parallel requests without issues.

What happens when the input URL is unreachable?

The actor records an error row with the failure reason — successful URLs keep processing.

Can I schedule recurring runs?

Yes — use Apify Schedules to run this actor on a cron (hourly, daily, weekly). Combine with webhook delivery for change alerts.

Does this actor respect robots.txt?

Yes — requests use a standard User-Agent and honor site rate limits. For aggressive audits, set a higher concurrency only on your own properties.

Can I integrate with Google Sheets or Airtable?

Use webhook delivery with a Zapier/Make/n8n catcher, or call the Apify REST API from Apps Script / Airtable automations.

URL/Link Tools cluster — explore related Apify tools:

🔗 URL Health Checker — Bulk-check HTTP status codes, redirects, SSL validity, and response times for thousands of URLs.
🔗 Broken Link Checker — Crawl websites to find broken links, 404 errors, and dead URLs.
🔗 URL Unshortener — Expand bit.
🏷️ Meta Tag Analyzer — Analyze meta tags, Open Graph, Twitter Cards, JSON-LD, and hreflang for any URL.
📚 Wayback Machine Checker — Check if URLs are archived on the Wayback Machine and find closest snapshots by date.
Sitemap Analyzer API | sitemap.xml SEO Audit — Analyze sitemap.
Schema.org Validator API | JSON-LD + Microdata — Validate JSON-LD and Microdata across multiple pages, score markup quality, and flag missing or malformed Schema.
Site Governance Monitor | Robots, Sitemap & Schema — Recurring robots.
RDAP Domain Monitor API | Ownership + Expiry — Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

Cost

Pay Per Event:

actor-start: $0.01 (flat fee per run)
dataset-item: $0.003 per output item

Example: 1,000 items = $0.01 + (1,000 × $0.003) = $3.01

No subscription required — you only pay for what you use.

⭐ Was this helpful?

If this actor saved you time, please leave a ★ rating on Apify Store. It takes 10 seconds, helps other developers discover it, and keeps updates free.

Bug report or feature request? Open an issue on the Issues tab of this actor.

RDAP Domain Monitor API | Ownership + Expiry

taroyamada/rdap-domain-monitor

Monitor domain registration data via RDAP and track expiry, registrar, nameserver, and ownership changes in structured rows.

太郎山田

SSL Certificate Inspector - TLS Audit & Expiry Monitor

santamaria-automations/ssl-certificate-inspector

Inspect SSL/TLS certificates for any domain: chain validation, expiry dates, cipher suites, TLS versions, subject alt names, issuer details, and security scoring. Export data, run via API, schedule and monitor runs, or integrate with other tools.

Alessandro Santamaria

Supernet WHOIS Lookup

superlativetech/supernet-whois-lookup

WHOIS domain registration data for any domain. Registrar, expiry dates, domain age, registrant, nameservers, DNSSEC. Domain ownership enrichment for lead scoring, expiry monitoring, fraud detection, and due diligence. Batch thousands or query one instantly via Standby API.

Superlative

🔒 SSL Certificate Checker — Bulk Expiry Monitor

nexgendata/ssl-certificate-checker

Monitor SSL certificate expiry dates, issuers & security configs across all your domains. Get alerts before certs expire. Bulk scanning for agencies & enterprises. Pay per check.

Stephan Corbeil

DNS / SPF / DKIM / DMARC Audit API

taroyamada/dns-dmarc-security-checker

Audit SPF, DKIM, DMARC, and MX in bulk with grades, fix-ready recommendations, and recurring email-security monitoring.

太郎山田

SSL Certificate Monitor API | Expiry + Issuer Changes

taroyamada/ssl-certificate-monitor

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

太郎山田

Domain Lookup

greip/domain-lookup

Lookup and analyze domain names and retrieve detailed information including security status, email authentication records (SPF, DMARC, DKIM, MX, BIMI), creation date, and risk assessment. Perfect for domain verification, fraud prevention, and security analysis.

Greip

Domain Intelligence Scraper

benthepythondev/domain-intelligence-scraper

Extract domain registration data including age, expiry dates, registrar, nameservers, and DNSSEC status using free RDAP/WHOIS APIs. Perfect for SEO, lead generation, and security research

ben

WHOIS Domain Lookup — Registrar, Expiry & DNSSEC

ryanclinton/whois-domain-lookup

Look up WHOIS and RDAP registration data for any domain in bulk. Get registrar details, creation and expiry dates, nameservers, domain age, registrant info, DNSSEC status, and EPP status codes -- all without needing any API key.

ryan clinton

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.