haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.
SecurityTrails $50 Bug Bounty Hunter Plan Sale
Until April 15th, SecurityTrails are running a promotion just for Bug Bounty hunters. Click here to take a look!
It will include the following:
- Security data API acc:ess
- 2500 queries/month
- Associated domains
- Subdomain enumeration
- DSL v1 access
- DNS and WHOIS historical data
- Code samples for JS, Python, Go, and more
- Chance to win access to SurfaceBrowser™
- stdin input for easy tool chaining
- subdomain discovery
- associated root domain discovery
- associated IP discovery
- historical DNS data
- historical whois data
- company discovery (discover the owner of a domain)
- whois (returns json whois data for a given domain)
- ping (check that your current SecurityTrails configuration/key is working)
- usage (check your current SecurityTrails usage)
- "json" or "list" output options for easy tool chaining
Install golang, then:
go get github.com/hakluke/haktrails ~/go/bin/haktrails
I'd recommend adding
~/go/bin/ to your
$PATH if you haven't already, then you can just run
Note: In these examples, domains.txt is a list of root domains that you wish to gather data on. For example:
hakluke.com bugcrowd.com tesla.com yahoo.com
- The output type can be specified with
-o list. List is the default. List is only compatiable with subdomains, associated domains and associated ips. All the other endpoints will return json regardless.
- The number of threads can be set using
-t <number>. This will determine how many domains can be processed at the same time. It's worth noting that the API has rate-limiting, so setting a really high thread count here will actually slow you down.
- The config file location can be set with
-c <file path>. The default location is
~/.config/haktools/haktrails-config.yml. A sample config file can be seen below.
- The lookup type for historical DNS lookups can be set with
-type <type>, available options are a,aaaa,mx,txt,ns,soa.
You will need to set up a configuration file with your SecurityTrails key to use this tool. By default, the tool will look for the file in
~/.config/haktools/haktrails-config.yml. If you wish to put the config file somewhere else, the location must be specified with the
The format of the file is very simple, just copy paste this, and replace
<yourkey> with your SecurityTrails API key:
securitytrails: key: <yourkey>
Warning: With this tool, it's very easy to burn through a lot of API credits. For example, if you have 10,000 domains in domains.txt, running
cat domains.txt | haktrails subdomainswill use all 10,000 credits. It's also worth noting that some functions (such as associated domains) will use multiple API requests, for example,
echo "yahoo.com" | haktrails associateddomainswould use about 20 API requests, because the data is paginated and yahoo.com has a lot of associated domains.
This will gather all subdomains of all the domains listed within domains.txt.
cat domains.txt | haktrails subdomains
Of course, a single domain can also be specified like this:
echo "yahoo.com" | haktrails subdomains
Gather associated domains
"Associated domains" is a loose term, but it is generally just domains that are owned by the same company. This will gather all associated domains for every domain in domains.txt
cat domains.txt | haktrails associateddomains
Gather associated IPs
Again, associated IPs is a loose term, but it generally refers to IP addresses that are owned by the same organisation.
cat domains.txt | haktrails associatedips
Get historical DNS data
Returns historical DNS data for a domain.
cat domains.txt | haktrails historicaldns
Get historical whois data
Returns historical whois data for a domain.
cat domains.txt | haktrails historicalwhois
Get company details
Returns the company that is associated with the provided domain(s).
cat domains.txt | haktrails company
Get domain details
Returns all details of a domain including DNS records, alexa ranking and last seen time.
cat domains.txt | haktrails details
Get whois data
Returns whois data in JSON format.
cat domains.txt | haktrails whois
Get domain tags
Returns "tags" of a specific domain.
cat domains.txt | haktrails tags
Returns data about API usage on your SecurityTrails account.
Pings SecurityTrails to check if your API key is working properly.
Shows a nice ascii-art banner :)
Not Yet Supported
Currently, some of the features of the SecurityTrails API are not yet supported. Pull requests are welcome!
- Domains Search
- Domains Statistics
- SSL Certificates (Stream)
- SSL Certificates (Pages)
- IP Neighbours
- IP DSL Search
- IP Statistics
- IP Whois
- IP Useragents
- Domains feed
- Domains DMARC feed
- Domains subdomains feed
- Certificate transparency firehose
SecurityTrails API Reference
The full API reference is here.