Customer Reviews
See what leading cybersecurity experts, researchers and developers have to say about SecurityTrails.
Hear more from people
Yeah. If you override DNS it will load. That’s the real site, and unless they move it, bypassing Cloudflare is as simple as adding an entry to /etc/hosts or using curl —resolve.
Going live before getting behind Cloudflare is the mistake they all make. SecurityTrails always knows
6:08 PM · Dec 10, 2022
@securitytrails get a pretty good attack surface subs and dns history which is important as old ip’s contain some leftover assets and apps that may lead to something on production 🤷🏻♂️
2:49 PM · Nov 18, 2022
Because they’re not too bright. There are other hosts in DNS for the *.kiwifarms.net domain, and they are all in the 103.114.191.* IP range.
SecurityTrails is good for finding that stuff:
https://securitytrails.com/list/apex_domain/kiwifarms.net
Once you have the IP range, you scan it.
8:49 AM · Aug 24, 2022
OSINT TIP #7
@securitytrails
- highly recommended for subdomains, must explore!
#infosec #cybersecurity #osint #Day7 #bugbountytips
10:57 PM · Jul 19, 2022
In my experience they just have the most comprehensive data of anything that I've seen. I also wrote https://github.com/hakluke/haktrails for specifically querying @securitytrails data beyond just subdomains :)
4:54 AM · Apr 6, 2022
The verdict is out! both @ITSecurityguard & @hakluke agree that@securitytrails is the best (paid) recon subscription.
Both stand-alone and with Amass or Subfinder!
5:23 AM · Apr 6, 2022
This is my day-to-day hacking tool stack:
🛠️ Burp
🛠️ Nmap
🛠️ Httpx
🛠️@securitytrails🛠️ @Shodanhq🛠️ @spiderfoot
🛠️ My own tools (mostly open source on github)
🛠️ Everything by @projectdiscoveryio
🛠️ Everything by @tomnomnom
That covers about 99% of my hacking 🤷♂️
1:00 AM · Mar 31, 2022
Shoutout to@securitytrails for helping out when @0xLupin max'd his credits! We love to see it
1:29 PM · Jan 10, 2022
Well done@securitytrails @Bugcrowd @RiskIQ and @Cloudflare for making your email comms clear, informational and helpful. With minimal sales focus on the ongoing incident.
The rest of you... not so much.
3:06 PM · Dec 13, 2021
Yep, @Twitch I've been their & done that on the service provider end during my Content Delivery Network engineering team days and since I like connecting my friends with other friends. @TwitchDev @TwitchSupport meet@securitytrails @oktadev both are great IT Security companies
6:37 PM · Oct 7, 2021
The@securitytrails service is documenting the unique subdomains of tens of thousands of @UnraidOfficial servers using the My Servers plugin and exposing their respective login pages
9:49 AM · Sep 23, 2021
Wiser words have never been spoken before 😬
I highly recommend to read the whole Sara Jelen (@genericsara from@securitytrails) interview with Ben Sadeghipour (@NahamSec):
https://securitytrails.com/blog/interview-nahamsec
#itsecurity #hacking #bugbounty #mentalhealth #MentalHealthAwareness
2:23 AM · Sep 11, 2021
So recently I was trying to increase my attack surface and did not wanna bruteforce right away to get the list of subdomains. Looked into few other services, found nothing. But gotta say@securitytrails's Surface Browser did have some already listed. Such a great tool it is.
5:39 AM · Aug 1, 2021
Had received a chance to get to test@securitytrails surface Browser. The centralised dashboard and the data, is just amazing. Thanks for letting me trial it. @ChrisUeland
7:06 AM · Jul 29, 2021
i <3@securitytrails and so should you! their tools have helped us out a lot over the past 18 months. I encourage you to check them out, especially the surfacebrowser product. 😎
6:42 PM · Jul 5, 2021
Check out my interview with @codingo_where he walks me and my viewers through his recon and automation workflow using@securitytrails, @rapid7's FDNS, Whoxy, and more!
8:11 PM · Jun 17, 2021
I know too much; but this is why Local, State & Federal agencies as well as public/private companies should use services like@securitytrails & the federal #cybersecurity command to assess & monitor in real-time their infrastructure so #CyberAttack's are found & mitigated faster.
8:00 PM · May 10, 2021
Their API is so good. I used as main source of information.
6:42 PM · Apr 13, 2021
SurfaceBrowser from@securitytrails has helped make us better and more efficient #bugbounty hunters. t.ly/9q46
10:13 PM · Mar 25, 2021
@codingo_ @hakluke@securitytrails It’s extremely useful for tracking threat actor / dns changes and identifying sinkhole c2’s and TA infrastructure
1:01 PM · Mar 14, 2021
An easy way to find the original IP of a website or application hidden behind a WAF such as Cloudflare is to check the DNS history. One such tool that you can use to provide this information is Security Trails.
#infosec
5:40 PM · Jan 23, 2021
@securitytrails is the BEST bang for your buck. Shodan and @binaryedgeio a really close second.
12:18 PM · Dec 31, 2020
@securitytrails API Docs is among the best. specifically tells you how to name headers for authentication and so on. good job!!!!
11:42 PM · Dec 27, 2020
gau - New tool I was introduced to. Queries multiple sources for a list of URLS on a site. Passive. SecurityTrails - Subdomains FTW. Crt.sh - Certificate transparency logs identify targets. gobuster - dirb but faster. proxychains - SSH tunnels.
4:54 PM · Nov 17, 2020
Just playing around with the IRA’s internet architecture as revealed by looking up peacedata[.]net historical information on@securitytrails (my fav) Always so fun. Lots of ‘greatest hits’ there for researchers. Confluence, Hetzner, etc.
10:00 PM · Sep 1, 2020
@securitytrails - “A repository of historical DNS data” These guys keep 11 years of DNS data and it comes in handy when you least expect it. #dns #webdesign #odessatx #midlandtx
1:07 PM · Jul 14, 2020
Securitytrails for the win
10:59 AM · May 28, 2020
@GameWorks Did you know your SSL certificate for your website has expired? Just FYI. Maybe use @securitytrails to monitor that cert in the future?
3:55 AM · Jul 28, 2022
Good question! I looked at the amass.json output and the sources and collected the amount each one found for my fav. program:
Without making any advertisements,@securitytrails does an awesome job, but also permutation/alterations seems super effective with Amass :)
11:09 AM · Apr 4, 2022
Continuing DMARC study and created a@securitytrails account and it is amazing to see domain historical data, great tool and there is a free account
12:32 AM · Jan 26, 2022
Replying to@securitytrails giving away one special holiday swag pack:
Nice to see that@securitytrails contributes to community a lot 😀
6:42 AM · Dec 19, 2021
Pro tip: using VirusTotal or @securitytrails to find subdomains of sites and then using Wayback to study those, seemingly a powerful #Osint combo 4-tools-to-investigate-a-domain-name-with-osint
8:29 AM · Dec 1, 2021
@securitytrails best recon service ever i do really recommend everybody to use their services
6:54 PM · Nov 7, 2021
Did you know that you can use@securitytrails new #SurfaceBrowser SQL API to query for JARMs? Here is a query specifically for the Cobalt Strike 🏹(07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1) from https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ #huntingseason
7:47 PM · Sep 27, 2021
I like@securitytrails as they offer historical domain records up to 12 years. The free account is very useful.
6:34 AM · Sep 19, 2021
These stats are based on a sample of 460,114,474 domains from the SecurityTrails database which tracks DNS records and changes across millions of domains. You can view the data here: t.ly/thpy
2:57 AM · Aug 30, 2021
If you're still looking for an answer to this, Securitytrails is one of my go-to's: t.ly/8XFR
11:58 AM · Aug 6, 2021
@securitytrails I really appreciate the effort you guys are putting into this challenge and thank you for transparency as people like me are literally glued to the dash
8:58 PM · Jul 22, 2021
Without fail most weeks I’m using @censysio@securitytrails and @shodanhq doing due diligence on companies that want to work with my employer. Don’t trust their policy documents, check their attack surface
2:50 PM · Jul 10, 2021
A vast collection of one-liners to pull sub-domains from various sources like@securitytrails by @_ayoubfathi, @pikpikcu, @pikpikcu, @vict0ni & many others.
1:24 PM · Jun 11, 2021
I would like to thank this great company,@securitytrails and for their support in being able to help, thank you, I was having problems with the scroll api and I was very well attended. Congratulations! thank you Igor Prelic !
6:21 PM · Apr 13, 2021
Tried the SurfaceBrowser once only and it’s my favourite source of recon now! Thanks@securitytrails for this amazing product.
6:03 AM · Mar 26, 2021
The surface browser quickly became my favorite tool. First thing I fire up when looking at a target. You really did an amazing job with this ❤
9:33 PM · Mar 25, 2021
🙈 I was under time pressure when I joined @NahamSec stream. The data and the accuracy that@securitytrails is offering is beyond amazing, huge timesaver and opens a whole new world. I am writing a blogpost about the recon soon :)
Disclaimer: I am not being paid to say this
10:58 AM · Jan 25, 2021
12 years of historical DNS Records and Whois lookup and historical Whois and much more... securitytrails.com@securitytrails
#osint #dns #dailysosint
4:35 PM · Jan 19, 2021
Our partner@securitytrails are releasing their new Attack Surface Reduction tool today. I'm not the target audience, yet I was impressed by the data available to me (screenshot is my Alma Mater). Things that immediately demand attention, great feedback. securitytrails.com/corp/attack-surface-reduction
12:47 PM · Jan 6, 2021
Subfinder is pretty great: github.com/projectdiscovery/subfinder Also, consider getting access to SecurityTrails - securitytrails.com @ChrisUeland and his team have done an excellent job at collating data needed for recon. I can't fit my methodology in a tweet, but check my previous blogs
7:23 PM · Dec 28, 2020
That's why attack surface mapping solutions like@securitytrails offer a huge value add, both for internal IT departments as well as in the case of due diligence for M&A purposes.
9:16 AM · Nov 1, 2020
SecurityTrails is pretty cool
9:17 PM · Aug 26, 2020
Want to find some new subdomains for your target? Use SecurityTrails API 🔥 to enumerate.
#bugbountytips
10:26 PM · Jun 20, 2020
*a researcher who regularly and heavily uses@securitytrails for his work and is a huge fan... thank you!🖖
10:22 PM · May 28, 2020
While looking at #APT33 domains, I often see in the passiveDNS data from@securitytrails (by the way great service!), that OpenDNS is 'taking over' a domain for just a day and then it returns to the original organisation. Was that some kind of campaign monitoring/sinkholing?
4:57 PM · Feb 6, 2020
Access our API for Free
Plug our prized data right into your apps, and incorporate the most accurate and recent data points seamlessly: DNS, IPs, open ports, SSL certs, and more.