← All runbooks
gooseworks-ai / capabilities-tech-stack-teardown

tech-stack-teardown

Reverse-engineer a company's sales, marketing, and outbound technology stack from public signals. This runbook checks DNS records, website source code, optional Apify technology profiling, blacklist databases, and public complaint signals. It works for one company or a batch of d

agent codexmodel gpt-5.5snapshot python312-uveval programmatic8 stepsv1.0.0

Deploy tech-stack-teardown to your jetty.io

One-click installs this runbook into a collection on your Jetty account. You can run it from the Spot dashboard, schedule it, or pipe inputs in via the API.

Deploy on jetty.io →View source
The shape of the run

8 steps · start to finish.

  1. 1
    Step 1

    Environment Setup

    Create the results directory and verify local tools before inspecting any target.

    mkdir -p /app/results
command -v dig >/dev/null || { echo "ERROR: dig is required"; exit 1; }
command -v curl >/dev/null || { echo "ERROR: curl is required"; exit 1; }
command -v python3 >/dev/null || { echo "ERROR: python3 is required"; exit 1; }
python3 -m pip install requests python-dotenv

    If APIFY_API_TOKEN is present, record that paid profiling is available. Never write the token value to logs or output files.

  2. 2
    Step 2

    Resolve Inputs

    Normalize the requested domains before scanning.

  3. 3
    Step 3

    DNS and Email Infrastructure Scan

    For each domain, collect MX, SPF, DKIM, DMARC, TXT, and CNAME records. Check common DKIM selectors such as `google`, `selector1`, `selector2`, `s1`, `s2`, `k1`, `k2`, `mandrill`, `pm`, `smtp`, and `em`. Also inspect common sending and tracking subdomains including `mail`, `email`

  4. 4
    Step 4

    Website Source Inspection

    Fetch each homepage and inspect HTML, script URLs, meta tags, form handlers, and framework signatures.

  5. 5
    Step 5

    Optional Apify Technology Profiling

    When `APIFY_API_TOKEN` is available and `no_apify` is false, run the Apify Technology Profiling Engine for deeper detection. Treat this as a paid step with an estimated cost near `$0.005` per domain. If Apify is skipped, write `/app/results/apify_profile.json` with `{"skipped": t

  6. 6
    Step 6

    Blacklist and Complaint Checks

    Check each domain against major DNS-based blacklists: Spamhaus, Barracuda, SpamCop, SORBS, SURBL, and URIBL. Add public complaint searches for spam, unsolicited email, cold email, blacklist references, and public mentions of detected tools when web search is available.

  7. 7
    Step 7

    Report Generation

    Generate `/app/results/tech_stack_report.md` with one section per company:

  8. 8
    Step 8

    Iterate on Errors (max 3 rounds)

    If any required output is missing, malformed, or lacks evidence for a claimed finding, perform up to 3 correction rounds: