Customer Reviews
See what leading cybersecurity experts, researchers and developers have to say about SecurityTrails.
Hear more from people
@crunchbase is the go to, but you can also make the most of Google dorking and using services like @securitytrails to explore associated nameservers / whois adjacency.. Though, keep in mind, M&A normally isn't the best for bounties - very often those entities aren't in scope
4:03 AM · Jun 26, 2023
Ooof.
What's the domain? I kinda like poking around with SecurityTrails.
Don't mean to brag, but I once stopped a group of scammers targeting local doctors for $10k a pop by crossx-ing domains associated with hosts bad guys were using.
Feel free to send dm.
5:06 PM · Jun 12, 2023
Thanks for sharing. I think RiskIQ is too intrusive to be OSINT. They need registration/tax ids, phone numbers etc. Hosting history by dnslytics isn't free. Considering how important this is for investigation, I'd suggest the free version of securitytrails to check hostng history
2:14 AM · Jun 12, 2023
Which APIs for subdomain enumeration would you recommend paying for? 💰🤷
Share your recommendations below 👇
8:12 AM · May 31, 2023
Research domains in a #spreadsheet CSV or JSON with this #nocode @securitytrails integration. Fetch hostnames, stats, number of other hostnames that have the same IP, #threatinel and more. Scales to millions of records https://gigasheet.com/no-code-api/securitytrails-api-details #blueteam #competitiveintelligence
2:47 PM · May 30, 2023
30 cybersecurity search engines for researchers:
1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
2:05 AM · May 13, 2023
Want to find some new subdomains for your target?
Use SecurityTrails API 🔥 to enumerate.
Credit: @IfrahIman_
#bugbountytipsbr
4:30 PM · Mar 7, 2023
Super, speedy subdomain enumeration with a super, speedy #Golang client by @hakluke that queries @securitytrails API data👇
👉 🔗 http://github.com/hakluke/haktrails
3:00 AM · Jan 17, 2023
SecurityTrails also has a nice Fortune 500 domain list @ https://securitytrails.com/data/fortune-500 for updating any of those 🖖🏻
10:55 PM · Jan 15, 2023
Yeah. If you override DNS it will load. That’s the real site, and unless they move it, bypassing Cloudflare is as simple as adding an entry to /etc/hosts or using curl —resolve.
Going live before getting behind Cloudflare is the mistake they all make. SecurityTrails always knows
6:08 PM · Dec 10, 2022
@securitytrails get a pretty good attack surface subs and dns history which is important as old ip’s contain some leftover assets and apps that may lead to something on production 🤷🏻♂️
2:49 PM · Nov 18, 2022
Because they’re not too bright. There are other hosts in DNS for the *.kiwifarms.net domain, and they are all in the 103.114.191.* IP range.
SecurityTrails is good for finding that stuff:
https://securitytrails.com/list/apex_domain/kiwifarms.net
Once you have the IP range, you scan it.
8:49 AM · Aug 24, 2022
OSINT TIP #7
@securitytrails
- highly recommended for subdomains, must explore!
#infosec #cybersecurity #osint #Day7 #bugbountytips
10:57 PM · Jul 19, 2022
In my experience they just have the most comprehensive data of anything that I've seen. I also wrote https://github.com/hakluke/haktrails for specifically querying @securitytrails data beyond just subdomains :)
4:54 AM · Apr 6, 2022
The verdict is out! both @ITSecurityguard & @hakluke agree that@securitytrails is the best (paid) recon subscription.
Both stand-alone and with Amass or Subfinder!
5:23 AM · Apr 6, 2022
This is my day-to-day hacking tool stack:
🛠️ Burp
🛠️ Nmap
🛠️ Httpx
🛠️@securitytrails🛠️ @Shodanhq🛠️ @spiderfoot
🛠️ My own tools (mostly open source on github)
🛠️ Everything by @projectdiscoveryio
🛠️ Everything by @tomnomnom
That covers about 99% of my hacking 🤷♂️
1:00 AM · Mar 31, 2022
Shoutout to@securitytrails for helping out when @0xLupin max'd his credits! We love to see it
1:29 PM · Jan 10, 2022
Well done@securitytrails @Bugcrowd @RiskIQ and @Cloudflare for making your email comms clear, informational and helpful. With minimal sales focus on the ongoing incident.
The rest of you... not so much.
3:06 PM · Dec 13, 2021
Yep, @Twitch I've been their & done that on the service provider end during my Content Delivery Network engineering team days and since I like connecting my friends with other friends. @TwitchDev @TwitchSupport meet@securitytrails @oktadev both are great IT Security companies
6:37 PM · Oct 7, 2021
The@securitytrails service is documenting the unique subdomains of tens of thousands of @UnraidOfficial servers using the My Servers plugin and exposing their respective login pages
9:49 AM · Sep 23, 2021
Wiser words have never been spoken before 😬
I highly recommend to read the whole Sara Jelen (@genericsara from@securitytrails) interview with Ben Sadeghipour (@NahamSec):
https://securitytrails.com/blog/interview-nahamsec
#itsecurity #hacking #bugbounty #mentalhealth #MentalHealthAwareness
2:23 AM · Sep 11, 2021
So recently I was trying to increase my attack surface and did not wanna bruteforce right away to get the list of subdomains. Looked into few other services, found nothing. But gotta say@securitytrails's Surface Browser did have some already listed. Such a great tool it is.
5:39 AM · Aug 1, 2021
Had received a chance to get to test@securitytrails surface Browser. The centralised dashboard and the data, is just amazing. Thanks for letting me trial it. @ChrisUeland
7:06 AM · Jul 29, 2021
i <3@securitytrails and so should you! their tools have helped us out a lot over the past 18 months. I encourage you to check them out, especially the surfacebrowser product. 😎
6:42 PM · Jul 5, 2021
Check out my interview with @codingo_where he walks me and my viewers through his recon and automation workflow using@securitytrails, @rapid7's FDNS, Whoxy, and more!
8:11 PM · Jun 17, 2021
I know too much; but this is why Local, State & Federal agencies as well as public/private companies should use services like@securitytrails & the federal #cybersecurity command to assess & monitor in real-time their infrastructure so #CyberAttack's are found & mitigated faster.
8:00 PM · May 10, 2021
Their API is so good. I used as main source of information.
6:42 PM · Apr 13, 2021
SurfaceBrowser from@securitytrails has helped make us better and more efficient #bugbounty hunters. t.ly/9q46
10:13 PM · Mar 25, 2021
@codingo_ @hakluke@securitytrails It’s extremely useful for tracking threat actor / dns changes and identifying sinkhole c2’s and TA infrastructure
1:01 PM · Mar 14, 2021
An easy way to find the original IP of a website or application hidden behind a WAF such as Cloudflare is to check the DNS history. One such tool that you can use to provide this information is Security Trails.
#infosec
5:40 PM · Jan 23, 2021
@securitytrails is the BEST bang for your buck. Shodan and @binaryedgeio a really close second.
12:18 PM · Dec 31, 2020
@securitytrails API Docs is among the best. specifically tells you how to name headers for authentication and so on. good job!!!!
11:42 PM · Dec 27, 2020
gau - New tool I was introduced to. Queries multiple sources for a list of URLS on a site. Passive. SecurityTrails - Subdomains FTW. Crt.sh - Certificate transparency logs identify targets. gobuster - dirb but faster. proxychains - SSH tunnels.
4:54 PM · Nov 17, 2020
Just playing around with the IRA’s internet architecture as revealed by looking up peacedata[.]net historical information on@securitytrails (my fav) Always so fun. Lots of ‘greatest hits’ there for researchers. Confluence, Hetzner, etc.
10:00 PM · Sep 1, 2020
@securitytrails - “A repository of historical DNS data” These guys keep 11 years of DNS data and it comes in handy when you least expect it. #dns #webdesign #odessatx #midlandtx
1:07 PM · Jul 14, 2020
Securitytrails for the win
10:59 AM · May 28, 2020
@GameWorks Did you know your SSL certificate for your website has expired? Just FYI. Maybe use @securitytrails to monitor that cert in the future?
3:55 AM · Jul 28, 2022
Good question! I looked at the amass.json output and the sources and collected the amount each one found for my fav. program:
Without making any advertisements,@securitytrails does an awesome job, but also permutation/alterations seems super effective with Amass :)
11:09 AM · Apr 4, 2022
Continuing DMARC study and created a@securitytrails account and it is amazing to see domain historical data, great tool and there is a free account
12:32 AM · Jan 26, 2022
Replying to@securitytrails giving away one special holiday swag pack:
Nice to see that@securitytrails contributes to community a lot 😀
6:42 AM · Dec 19, 2021
Pro tip: using VirusTotal or @securitytrails to find subdomains of sites and then using Wayback to study those, seemingly a powerful #Osint combo 4-tools-to-investigate-a-domain-name-with-osint
8:29 AM · Dec 1, 2021
@securitytrails best recon service ever i do really recommend everybody to use their services
6:54 PM · Nov 7, 2021
Did you know that you can use@securitytrails new #SurfaceBrowser SQL API to query for JARMs? Here is a query specifically for the Cobalt Strike 🏹(07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1) from https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ #huntingseason
7:47 PM · Sep 27, 2021
I like@securitytrails as they offer historical domain records up to 12 years. The free account is very useful.
6:34 AM · Sep 19, 2021
These stats are based on a sample of 460,114,474 domains from the SecurityTrails database which tracks DNS records and changes across millions of domains. You can view the data here: t.ly/thpy
2:57 AM · Aug 30, 2021
If you're still looking for an answer to this, Securitytrails is one of my go-to's: t.ly/8XFR
11:58 AM · Aug 6, 2021
@securitytrails I really appreciate the effort you guys are putting into this challenge and thank you for transparency as people like me are literally glued to the dash
8:58 PM · Jul 22, 2021
Without fail most weeks I’m using @censysio@securitytrails and @shodanhq doing due diligence on companies that want to work with my employer. Don’t trust their policy documents, check their attack surface
2:50 PM · Jul 10, 2021
A vast collection of one-liners to pull sub-domains from various sources like@securitytrails by @_ayoubfathi, @pikpikcu, @pikpikcu, @vict0ni & many others.
1:24 PM · Jun 11, 2021
I would like to thank this great company,@securitytrails and for their support in being able to help, thank you, I was having problems with the scroll api and I was very well attended. Congratulations! thank you Igor Prelic !
6:21 PM · Apr 13, 2021
Tried the SurfaceBrowser once only and it’s my favourite source of recon now! Thanks@securitytrails for this amazing product.
6:03 AM · Mar 26, 2021
The surface browser quickly became my favorite tool. First thing I fire up when looking at a target. You really did an amazing job with this ❤
9:33 PM · Mar 25, 2021
🙈 I was under time pressure when I joined @NahamSec stream. The data and the accuracy that@securitytrails is offering is beyond amazing, huge timesaver and opens a whole new world. I am writing a blogpost about the recon soon :)
Disclaimer: I am not being paid to say this
10:58 AM · Jan 25, 2021
12 years of historical DNS Records and Whois lookup and historical Whois and much more... securitytrails.com@securitytrails
#osint #dns #dailysosint
4:35 PM · Jan 19, 2021
Our partner@securitytrails are releasing their new Attack Surface Reduction tool today. I'm not the target audience, yet I was impressed by the data available to me (screenshot is my Alma Mater). Things that immediately demand attention, great feedback. securitytrails.com/corp/attack-surface-reduction
12:47 PM · Jan 6, 2021
Subfinder is pretty great: github.com/projectdiscovery/subfinder Also, consider getting access to SecurityTrails - securitytrails.com @ChrisUeland and his team have done an excellent job at collating data needed for recon. I can't fit my methodology in a tweet, but check my previous blogs
7:23 PM · Dec 28, 2020
That's why attack surface mapping solutions like@securitytrails offer a huge value add, both for internal IT departments as well as in the case of due diligence for M&A purposes.
9:16 AM · Nov 1, 2020
SecurityTrails is pretty cool
9:17 PM · Aug 26, 2020
Want to find some new subdomains for your target? Use SecurityTrails API 🔥 to enumerate.
#bugbountytips
10:26 PM · Jun 20, 2020
*a researcher who regularly and heavily uses@securitytrails for his work and is a huge fan... thank you!🖖
10:22 PM · May 28, 2020
While looking at #APT33 domains, I often see in the passiveDNS data from@securitytrails (by the way great service!), that OpenDNS is 'taking over' a domain for just a day and then it returns to the original organisation. Was that some kind of campaign monitoring/sinkholing?
4:57 PM · Feb 6, 2020
Access our API for Free
Plug our prized data right into your apps, and incorporate the most accurate and recent data points seamlessly: DNS, IPs, open ports, SSL certs, and more.