Domain health monitoring — DNS, SSL, HTTP headers grade, blacklist 30 DNSBL, WHOIS, SEO, email SPF/DMARC/DKIM, geo probes from 4 regions, port scans, SMTP test, recurring automated monitors with alerts.
dns_lookupreadDNS record lookup — use this for ANY request about DNS records of a domain. IMPORTANT: use record_type='all' when user asks for 'all DNS records', 'все записи', 'show all', 'all types' — returns A+AAAA+MX+NS+TXT+CNAME+SRV in ONE call. Use record_type='propagation' + propagation_type='NS' when user says 'NS records updated, did they propagate?', 'did my DNS update?', 'already propagated?'. Use specific type (MX/TXT/NS/A) only when user asks for that specific type. Use authoritative=true to query domain's own NS directly. This function does NOT need any monitors to exist — works on any domain instantly.
ssl_checkreadSSL certificate QUALITY — grade A-F, days until expiry, issuer, TLS version support. Full mode adds chain, SANs, fingerprint. Use this to answer 'how good is my SSL cert?'. To check if SSL is accessible FROM different world regions, use geo_check with check_type=ssl instead.
whois_lookupreadWHOIS ownership data — for domains: registrar, creation/expiry dates, nameservers, status. For IPs: owner org, ASN, country, abuse contact. Use target_type=ip for IP addresses. NOTE: for IP geolocation (city, latitude, latitude) use network_check with check_type=ip_lookup instead.
http_checkreadHTTP security headers QUALITY — grade A+ to F (HSTS/CSP/X-Frame-Options/X-Content-Type-Options), missing headers with fix tips, redirect chain, response time. Use to answer 'how secure are my HTTP headers?'. To check if site responds from different world regions, use geo_check with check_type=http instead.
network_checkreadNetwork diagnostics. Works with BOTH domains and IPs: ping (latency/packet loss), traceroute (per-hop MTR path). Works with IP ADDRESSES ONLY — never use on a domain name: ip_lookup (geolocation: city/lat/lon/country — different from whois_lookup which gives ownership), reverse_dns (PTR record — who is this IP?), asn (ASN WHOIS prefix list). Example: ping for 'amplica.md', ip_lookup for '104.18.15.2'.
seo_checkreadSEO check — meta title/description length and issues, robots.txt rules, sitemap.xml validation, Google indexing status. Use check_type to target a specific area.
run_scanwriteTrigger an immediate scan for an EXISTING MONITOR (requires monitor_id from list_monitors). Scans ALL domains in that monitor's group. Use ONLY when user explicitly mentions a monitor by name or asks to 'run monitor', 'rescan monitor', 'refresh monitor now'. Do NOT use this for ad-hoc domain checks — for that use domain_full_check instead.
get_scan_resultsreadGet last snapshot results for an EXISTING MONITOR (requires monitor_id). Shows per-domain/per-check status from the most recent scheduled scan. Use ONLY when user asks about a specific monitor's results or history. Do NOT use for ad-hoc domain checks — for that use domain_full_check.
email_checkreadEmail authentication — SPF/DMARC/DKIM/BIMI checks or combined A-F grade, trace raw email headers to find originating IP, generate SPF or DMARC records.
blacklist_checkreadSpam blacklist check — IP against 30 DNSBL lists (Spamhaus, SpamCop, Barracuda) or domain against SURBL. Returns verdict: clean / listed / critical.
port_scanreadTCP port check — single port status (open/closed/filtered) or preset scan: web (80/443/8080/8443), mail (25/587/465/993/995), database (3306/5432/6379), all.
smtp_testreadSMTP server test — connects via MX record or direct host, verifies EHLO/STARTTLS/AUTH support, reads server banner. Use to diagnose email delivery problems.
geo_checkreadGeographic reachability — probes domain FROM 4 world regions (EU/US/SG/MD). ROUTING RULES — pick check_type based on what the user is asking: → 'loading speed', 'response time', 'скорость загрузки', 'how fast from X country' → check_type=http (HTTP response time + status per region). → 'latency', 'ping', 'ms from region', 'reachable from X' → check_type=ping (RTT ms + packet loss per region). → 'dns from different countries', 'dns propagation per region', 'different DNS results per location' → check_type=dns. → 'ssl from different regions', 'ssl reachable from US' → check_type=ssl. → 'traceroute', 'network path', 'routing path from region' → check_type=traceroute. → 'full geo audit', 'all geo checks', 'complete geo report' → check_type=full (runs dns+http+ssl from all 4 regions simultaneously — slowest, only use when explicitly requested). NEVER default to check_type=full for a simple speed or reachability question — use http or ping. NOTE: this tool tests REACHABILITY and SPEED from regions only. For SSL certificate quality/grade → use ssl_check. For HTTP security headers grade → use http_check. For DNS record values → use dns_lookup.
domain_full_checkreadINSTANT one-shot domain audit — no monitors or setup required, works on ANY domain. Runs selected checks in parallel and shows a summary table. Use this when: user mentions a domain and asks for 'full check', 'analysis', 'audit', 'show everything', 'what can you do on this domain', 'check this site'. Default checks: dns + ssl (certificate grade) + http (security headers grade) + email (SPF/DMARC/DKIM) + blacklist (spam lists). Optional extra checks: 'geo' (reachability from EU/US/SG/MD), 'whois' (ownership), 'seo' (meta/title issues), 'ports' (open ports), 'smtp' (mail-server connectivity). Returns a compact per-check status summary by default; set include_raw=true only when the user explicitly wants the full raw data. Do NOT use run_scan, list_monitors or get_scan_results for ad-hoc domain checks — those are for recurring monitor automation only.
create_domain_groupwriteCreate a named group of domains for monitoring (max 5 groups, max 20 domains each). Required before creating a monitor with create_monitor.
update_domain_groupwriteAdd, remove or replace domains in an existing group, or rename it (max 20 domains). Use list_domain_groups first to get the group_id.
list_domain_groupsreadShow all domain groups — names, domain lists and domain count. Call before create_monitor to pick the right group_id.
delete_domain_groupdestructivePermanently delete a domain group and cascade-delete all monitors that use it. Cannot be undone — confirm group_id with list_domain_groups first.
create_check_profilewriteCreate a check profile — defines which checks (ssl/http/email/blacklist/geo/whois/dns) run per domain in a monitor (max 5 profiles, max 5 checks each).
list_check_profilesreadShow all check profiles — names and enabled check types. Call before create_monitor to pick the right profile_id.
update_check_profilewriteRename a check profile or replace its check type list. Use list_check_profiles first to get the profile_id.
delete_check_profiledestructivePermanently delete a check profile and all monitors that use it. Cannot be undone.
create_monitorwriteCreate a domain health monitor — saves a wt_monitors record that runs DNS/SSL/HTTP/email checks on a domain group at a recurring interval. Requires an existing domain group (group_id) and check profile (profile_id). NOT an automation rule. Max 5 monitors.
list_monitorsreadShow all configured recurring domain monitors (scheduled automation setup). Use ONLY when user explicitly says: 'show my monitors', 'list monitors', 'what am I monitoring', 'manage monitors'. NEVER use this for: DNS lookups, domain checks, 'show records', 'check domain', 'what can webtools do on domain X', loading speed, SSL, blacklists — use dns_lookup, domain_full_check, or geo_check for all of those instead. Monitor NAMES in the database are irrelevant — a monitor named 'DNS monitor' does NOT mean this function should handle DNS record lookups.
update_monitorwriteRename a monitor or change its scan interval. Does not change domains or checks — use update_domain_group or update_check_profile for that.
delete_monitordestructiveDelete a monitor. The domain group and check profile are preserved and can be reused.
create_monitor_fullwriteCreate a complete health monitor in one step — name, domains, check types and interval. Atomically creates group + profile + monitor. Prefer this over create_monitor.
quick_checkwriteSingle-domain ad-hoc check from the panel. Presets: full=5 checks (dns+ssl+http+email+blacklist) in parallel, dns=DNS records, ssl=certificate quality grade, http=security headers grade, email=SPF/DMARC/DKIM, blacklist=spam lists, geo=reachability from EU/US/SG/MD (slowest), ports=TCP port scan. Result replaces left panel display.
get_panel_datareadPanel data helper — returns counts and statuses for monitors, groups and profiles. Called by the panel on load; not needed in regular LLM chat.
run_scan_toolwriteBulk domain scan (max 10) with chosen checks via toggles — results appear in the left panel. Use when user provides a list of domains to check simultaneously.
run_ip_scanwriteBulk IP scan (max 5) — geolocation + ASN, 29 DNSBL blacklist, reverse DNS (PTR), open ports, ping from EU/US/SG/MD. Use for IP-specific investigations.
audit_domainsreadINSTANT bulk audit of MULTIPLE domains (up to 25) in ONE call — no monitors or setup required. Use when the user gives a LIST of domains to check/compare at once ('check these domains', 'audit all of these', 'compare these sites'). Runs the selected checks on every domain in parallel server-side and returns one result per domain. Default checks: dns + ssl + http + email + blacklist; add 'geo'/'whois'/'seo'/'ports'/'smtp'. For a SINGLE domain use domain_full_check instead. Do NOT use run_scan/list_monitors/get_scan_results — those are recurring-monitor tools.
Install Web Tools and let Webbee use it across your workflow.
Open in panel