Announcing SecurityTrails SQL: a Completely New Way to Access SecurityTrails Data
Reading time: 3 minutes
Over the past few months, we’ve been perfecting our new SQL-like query language, one that will allow security teams to perform massive intelligence collection as well as automate their findings. Today, we’re excited to announce the general release of this powerful new product: SecurityTrails SQL.
By contacting our Sales team, you will be able to use SecurityTrails SQL integrated as a SecurityTrails API endpoint, inside Attack Surface Reduction™, as well as in the SurfaceBrowser™ SQL Explorer interface.
What does SecurityTrails SQL look like?
SecurityTrails SQL will empower you to collect data about any host, including domains, DNS records, WHOIS, SSL, HTTP, and the organization it belongs to, along with detailed IP data. For your convenience, this tool also supports a wide range of SQL operators and with it we provide full documentation complete with examples and technical assistance.
Additionally, SurfaceBrowser™ SQL Explorer users can enjoy our SQL editor, which allows you to run queries, copy data from it, format and clear everything, as well as download results in JSON or CSV.
How can I use SecurityTrails SQL?
You can use SecurityTrails SQL to run different queries to get host, IP and SQL data. And how does the SecurityTrails SQL look when used from SQL Explorer's visual editor? See it in action:
Now let's look at some query examples you can run from your SecurityTrails API™.
The following query will expose all subdomains from microsoft.com:
curl -X "POST" "https://api.securitytrails.com/v1/query/scroll" \
-H 'apikey: api.key.here \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"query": "select domain.hostname from hosts where domain.apex=\\"microsoft.com\\""
}'
In the same way, and by merely changing the SQL-query, you can fetch different data. To find all exposed development areas of subdomains, run:
SELECT
domain.hostname,
http.title
FROM
hosts
WHERE
domain.subdomain IN ('dev', 'development', 'devl', 'devel')
To locate self-signed SSL certificates, using GE.com for this example, run this query:
SELECT
domain.hostname,
http.title,
dns.a
FROM
hosts
WHERE
ssl.is_self_signed = true
AND domain.apex = 'ge.com'
You can find more SSL-based examples in the SQL Explorer: SSL Certificate Scraping Showcase blog post.
If you want to find domains that redirect to a certain host—and here we used Securitytrails.com—use:
SELECT
domain.hostname,
http.title
FROM
hosts
WHERE
http.headers.location_host = "securitytrails.com"
Explore even more ways to query our HTTP header data inside SQL Explorer.
To find IPs with SSL certificates that contain a specific hostname in them, like Nike.com for instance, run:
SELECT
address,
dns.reverse,
ports.port,
ssl.subject.common_name,
ssl.subject.organization
FROM
ips
WHERE
ssl.domains LIKE "%.nike.com"
OR ssl.domains LIKE "nike.com"
There is much more functionality to be discovered once you start playing with SecurityTrails SQL. Security teams can use it to:
-
Automate detection of security issues
-
Map your entire digital infrastructure
-
Find critical SSL data
-
Detect open services
-
Improve phishing detection
-
Prevent data breaches
-
Find vulnerable operating systems and services
Are you ready to explore SecurityTrails SQL?
Find out how SecurityTrails SQL can help you find critical data from any organizations within seconds—and take your recon and app automation to the next level!
