Customer Reviews

@crunchbase is the go to, but you can also make the most of Google dorking and using services like @securitytrails to explore associated nameservers / whois adjacency.. Though, keep in mind, M&A normally isn't the best for bounties - very often those entities aren't in scope

Yup this SecurityTrails api probably just made its way into my daily routine

Ooof.

What's the domain? I kinda like poking around with SecurityTrails.

Don't mean to brag, but I once stopped a group of scammers targeting local doctors for $10k a pop by crossx-ing domains associated with hosts bad guys were using.

Feel free to send dm.

Thanks for sharing. I think RiskIQ is too intrusive to be OSINT. They need registration/tax ids, phone numbers etc. Hosting history by dnslytics isn't free. Considering how important this is for investigation, I'd suggest the free version of securitytrails to check hostng history

@securitytrails

Research domains in a #spreadsheet CSV or JSON with this #nocode @securitytrails integration. Fetch hostnames, stats, number of other hostnames that have the same IP, #threatinel and more. Scales to millions of records https://gigasheet.com/no-code-api/securitytrails-api-details #blueteam #competitiveintelligence

30 cybersecurity search engines for researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.

My holy grail would be access to all @securitytrails products and APIs

Want to find some new subdomains for your target?
Use SecurityTrails API 🔥 to enumerate.

Credit: @IfrahIman_

#bugbountytipsbr

Super, speedy subdomain enumeration with a super, speedy #Golang client by @hakluke that queries @securitytrails API data👇

👉 🔗 http://github.com/hakluke/haktrails

SecurityTrails also has a nice Fortune 500 domain list @ https://securitytrails.com/data/fortune-500 for updating any of those 🖖🏻

Yeah. If you override DNS it will load. That’s the real site, and unless they move it, bypassing Cloudflare is as simple as adding an entry to /etc/hosts or using curl —resolve.
Going live before getting behind Cloudflare is the mistake they all make. SecurityTrails always knows

We ❤️ @securitytrails

@securitytrails get a pretty good attack surface subs and dns history which is important as old ip’s contain some leftover assets and apps that may lead to something on production 🤷🏻‍♂️

Because they’re not too bright. There are other hosts in DNS for the *.kiwifarms.net domain, and they are all in the 103.114.191.* IP range.
SecurityTrails is good for finding that stuff:
https://securitytrails.com/list/apex_domain/kiwifarms.net
Once you have the IP range, you scan it.

OSINT TIP #7

@securitytrails - highly recommended for subdomains, must explore!

#infosec #cybersecurity #osint #Day7 #bugbountytips

In my experience they just have the most comprehensive data of anything that I've seen. I also wrote https://github.com/hakluke/haktrails for specifically querying @securitytrails data beyond just subdomains :)

The verdict is out! both @ITSecurityguard & @hakluke agree that@securitytrails is the best (paid) recon subscription.

Both stand-alone and with Amass or Subfinder!

This is my day-to-day hacking tool stack:
🛠️ Burp
🛠️ Nmap
🛠️ Httpx
🛠️@securitytrails🛠️ @Shodanhq🛠️ @spiderfoot
🛠️ My own tools (mostly open source on github)
🛠️ Everything by @projectdiscoveryio
🛠️ Everything by @tomnomnom

That covers about 99% of my hacking 🤷‍♂️

Shoutout to@securitytrails for helping out when @0xLupin max'd his credits! We love to see it

On a related note,@securitytrails is pretty cool.

Yep, @Twitch I've been their & done that on the service provider end during my Content Delivery Network engineering team days and since I like connecting my friends with other friends. @TwitchDev @TwitchSupport meet@securitytrails @oktadev both are great IT Security companies

The@securitytrails service is documenting the unique subdomains of tens of thousands of @UnraidOfficial servers using the My Servers plugin and exposing their respective login pages

Wiser words have never been spoken before 😬

I highly recommend to read the whole Sara Jelen (@genericsara from@securitytrails) interview with Ben Sadeghipour (@NahamSec):

https://securitytrails.com/blog/interview-nahamsec

#itsecurity #hacking #bugbounty #mentalhealth #MentalHealthAwareness

This info sucks use@securitytrails and get to the good stuff

So recently I was trying to increase my attack surface and did not wanna bruteforce right away to get the list of subdomains. Looked into few other services, found nothing. But gotta say@securitytrails's Surface Browser did have some already listed. Such a great tool it is.

Had received a chance to get to test@securitytrails surface Browser. The centralised dashboard and the data, is just amazing. Thanks for letting me trial it. @ChrisUeland

i <3@securitytrails and so should you! their tools have helped us out a lot over the past 18 months. I encourage you to check them out, especially the surfacebrowser product. 😎

Check out my interview with @codingo_where he walks me and my viewers through his recon and automation workflow using@securitytrails, @rapid7's FDNS, Whoxy, and more!

I know too much; but this is why Local, State & Federal agencies as well as public/private companies should use services like@securitytrails & the federal #cybersecurity command to assess & monitor in real-time their infrastructure so #CyberAttack's are found & mitigated faster.

Their API is so good. I used as main source of information.

SurfaceBrowser from@securitytrails has helped make us better and more efficient #bugbounty hunters. t.ly/9q46

@codingo_ @hakluke@securitytrails It’s extremely useful for tracking threat actor / dns changes and identifying sinkhole c2’s and TA infrastructure

An easy way to find the original IP of a website or application hidden behind a WAF such as Cloudflare is to check the DNS history. One such tool that you can use to provide this information is Security Trails.

#infosec

Cheers@securitytrails love that you note when a DNS change has been made.

@securitytrails is the BEST bang for your buck. Shodan and @binaryedgeio a really close second.

@securitytrails API Docs is among the best. specifically tells you how to name headers for authentication and so on. good job!!!!

gau - New tool I was introduced to. Queries multiple sources for a list of URLS on a site. Passive. SecurityTrails - Subdomains FTW. Crt.sh - Certificate transparency logs identify targets. gobuster - dirb but faster. proxychains - SSH tunnels.

Just playing around with the IRA’s internet architecture as revealed by looking up peacedata[.]net historical information on@securitytrails (my fav) Always so fun. Lots of ‘greatest hits’ there for researchers. Confluence, Hetzner, etc.

Did I ever mention just how much I enjoy@securitytrails?

Securitytrails for the win

@GameWorks Did you know your SSL certificate for your website has expired? Just FYI. Maybe use @securitytrails to monitor that cert in the future?

Good question! I looked at the amass.json output and the sources and collected the amount each one found for my fav. program:

Without making any advertisements,@securitytrails does an awesome job, but also permutation/alterations seems super effective with Amass :)

Continuing DMARC study and created a@securitytrails account and it is amazing to see domain historical data, great tool and there is a free account

Replying to@securitytrails giving away one special holiday swag pack:
Nice to see that@securitytrails contributes to community a lot 😀

Pro tip: using VirusTotal or @securitytrails to find subdomains of sites and then using Wayback to study those, seemingly a powerful #Osint combo 4-tools-to-investigate-a-domain-name-with-osint

@securitytrails best recon service ever i do really recommend everybody to use their services

Did you know that you can use@securitytrails new #SurfaceBrowser SQL API to query for JARMs? Here is a query specifically for the Cobalt Strike 🏹(07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1) from https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ #huntingseason

I like@securitytrails as they offer historical domain records up to 12 years. The free account is very useful.

These stats are based on a sample of 460,114,474 domains from the SecurityTrails database which tracks DNS records and changes across millions of domains. You can view the data here: t.ly/thpy

If you're still looking for an answer to this, Securitytrails is one of my go-to's: t.ly/8XFR

@securitytrails I really appreciate the effort you guys are putting into this challenge and thank you for transparency as people like me are literally glued to the dash

Without fail most weeks I’m using @censysio@securitytrails and @shodanhq doing due diligence on companies that want to work with my employer. Don’t trust their policy documents, check their attack surface

♥️@securitytrails

A vast collection of one-liners to pull sub-domains from various sources like@securitytrails by @_ayoubfathi, @pikpikcu, @pikpikcu, @vict0ni & many others.

I would like to thank this great company,@securitytrails and for their support in being able to help, thank you, I was having problems with the scroll api and I was very well attended. Congratulations! thank you Igor Prelic !

Tried the SurfaceBrowser once only and it’s my favourite source of recon now! Thanks@securitytrails for this amazing product.

The surface browser quickly became my favorite tool. First thing I fire up when looking at a target. You really did an amazing job with this ❤

🙈 I was under time pressure when I joined @NahamSec stream. The data and the accuracy that@securitytrails is offering is beyond amazing, huge timesaver and opens a whole new world. I am writing a blogpost about the recon soon :)

Disclaimer: I am not being paid to say this

12 years of historical DNS Records and Whois lookup and historical Whois and much more... securitytrails.com@securitytrails

#osint #dns #dailysosint

Our partner@securitytrails are releasing their new Attack Surface Reduction tool today. I'm not the target audience, yet I was impressed by the data available to me (screenshot is my Alma Mater). Things that immediately demand attention, great feedback. securitytrails.com/corp/attack-surface-reduction

Subfinder is pretty great: github.com/projectdiscovery/subfinder Also, consider getting access to SecurityTrails - securitytrails.com @ChrisUeland and his team have done an excellent job at collating data needed for recon. I can't fit my methodology in a tweet, but check my previous blogs

@Intrigueio and@securitytrails two solid companies run by true innovators.

That's why attack surface mapping solutions like@securitytrails offer a huge value add, both for internal IT departments as well as in the case of due diligence for M&A purposes.

SecurityTrails is pretty cool

Want to find some new subdomains for your target? Use SecurityTrails API 🔥 to enumerate.

#bugbountytips

*a researcher who regularly and heavily uses@securitytrails for his work and is a huge fan... thank you!🖖