ContextLens is a decision-support tool for security practitioners, developers, and auditors. It analyzes a domain or IP and provides contextual recommendations on whether to focus on application-layer assessments or infrastructure-level evaluation.
This helps teams prioritize effort, save time, and reduce unnecessary noise during security assessments.
- Unified Input: Accepts a domain or IP address.
- Automatic IP Resolution: Resolves domains to IPs automatically.
- Infrastructure Profiling: Classifies targets by scale, abstraction, and control likelihood.
- Effort Recommendation: Suggests whether to prioritize application-layer or infrastructure-level assessments.
- Color-Coded Output: Emoji-based indicators for quick readability on GitHub.
- Determines if the input is a domain or IP address.
- Validates format and readiness for analysis.
- Converts domains to their corresponding IP addresses.
- Ensures a unified representation for further analysis.
-
Checks for hyperscaler/CDN patterns (AWS, Azure, Google, Cloudflare, Akamai, Fastly, etc.).
-
Classifies infrastructure across three dimensions:
- Scale (small ↔ large)
- Abstraction (low ↔ high)
- Control Likelihood (low ↔ high)
- Suggests priority: application-layer vs infrastructure-level.
- Provides confidence and guidance.
- Explains rationale based on detected heuristics.
- Uses green/yellow/red indicators for readability.
- Supports rapid comprehension of security posture.
- Includes advisory disclaimers.
- Modern infrastructure often hides behind managed clouds and CDNs.
- Blind infrastructure-level testing can waste time on abstracted or shared environments.
- ContextLens prioritizes security effort, reducing wasted work and focusing on areas with the most meaningful impact.
git clone https://github.com/404saint/contextlens.git
cd contextlens
pip3 install coloramaTested with Python 3.10+.
python3 contextlens.pyWorkflow:
- Enter a domain or IP.
- Receive a contextual infrastructure profile.
- Get effort recommendation, confidence, and rationale.
Target : google.com
Resolved IP : 216.58.223.78
Infrastructure Profile
- Scale : large
- Abstraction : high
- Control Likelihood: low
Recommendation
→ Priority : application-layer
→ Confidence : high
→ Rationale:
- Large-scale managed infrastructure detected
- Infrastructure is abstracted behind shared control planes
→ Guidance : Focus on application logic, configuration, and integration boundariesTarget : 197.243.26.224
Resolved IP : 197.243.26.224
Infrastructure Profile
- Scale : small
- Abstraction : low
- Control Likelihood: higher
Recommendation
→ Priority : infrastructure-relevant
→ Confidence : medium
→ Rationale:
- No evidence of hyperscaler or CDN abstraction
- Infrastructure characteristics suggest direct exposure
→ Guidance : Infrastructure-level assessment may be a rational use of effort- Python 3
- colorama for terminal colors
- socket for DNS/IP resolution
- Heuristic scoring for infrastructure abstraction
- IPv6 support
- Multi-A record and load-balanced domain handling
- Integration with public ASN databases for precise scoring
- Optional JSON output for automation pipelines
- No attacks performed.
- Advisory output only.
- Use responsibly and legally. Respect external system boundaries.
MIT License — see LICENSE for details.