reconnaissance government security

SecurityTrails Blog · Jan 08 2018 · SecurityTrails team

Find subdomains feature: FBI.gov subdomains

A few weeks ago we wrote a blog post about having fun with DNSTrails, and today we will explore some curious things we found about FBI main website, and all its subdomains.

SecurityTrails lets you explore and find things you will never imagine, and what's behind the famous FBI is one of those things.

In the past you had to combine a big number of tools to discover the web platforms, providers and subdomains behind one of the most famous law agencies in the US.

Today we can use one single tool to find all FBI subdomains easily, see below:

  • Move to DNSTrails.com website.
  • Enter "fbi.gov" into the search box.
  • At the center of the page, righ at fbi.gov domain, click on 'All'.
  • That's it! Now you can start exploring FBI subdomains.

FBI.gov subdomains

As you see, we found 23 FBI sub domains, and what was really curious to find is how FBI does relay on 3rd party companies to host a big part of their network.

Surely, everyone thought that they had their own big private network, but it turns out that they use popular Security providers like Cloudflare and Cloud Service providers like Amazon.

Did you know FBI has an API for most wanted persons in the US? We didn't until we found the api.fbi.gov subdomain and started browsing to find this:

{"endpoints": [{"url": "https://api.fbi.gov/wanted/v1", "name": "wanted", "docs": "https://api.fbi.gov/docs/wanted/index.html"}, {"url": "https://api.fbi.gov/tips/v1", "name": "tips", "docs": "[https://api.fbi.gov/docs/tips/index.html]()"}]}

Another curious thing we found was their form database, which includes more than 140 official FBI forms to fill for all kind of cases. And last but not least important, they have a cool database called FBI images, available at https://images.fbi.gov

DNSTrails is a cool tool for any curious IT person. It shows how exposed any network is to the world, revealing lots of valuable information about it.

Try finding subdomains on DNSTrails yourself or contact us if you need access to the SecurityTrails API, featuring IP and Domain WHOIS and history.