Hear more from people
Yeah. If you override DNS it will load. That’s the real site, and unless they move it, bypassing Cloudflare is as simple as adding an entry to /etc/hosts or using curl —resolve.
Going live before getting behind Cloudflare is the mistake they all make. SecurityTrails always knows
6:08 PM · Dec 10, 2022
We ❤️ @securitytrails
12:57 AM · Nov 19, 2022
@securitytrails get a pretty good attack surface subs and dns history which is important as old ip’s contain some leftover assets and apps that may lead to something on production 🤷🏻♂️
2:49 PM · Nov 18, 2022
Because they’re not too bright. There are other hosts in DNS for the *.kiwifarms.net domain, and they are all in the 103.114.191.* IP range.
SecurityTrails is good for finding that stuff:
Once you have the IP range, you scan it.
8:49 AM · Aug 24, 2022
OSINT TIP #7
@securitytrails - highly recommended for subdomains, must explore!
#infosec #cybersecurity #osint #Day7 #bugbountytips
10:57 PM · Jul 19, 2022
The verdict is out! both @ITSecurityguard & @hakluke agree that@securitytrails is the best (paid) recon subscription.
Both stand-alone and with Amass or Subfinder!
5:23 AM · Apr 6, 2022
Shoutout to@securitytrails for helping out when @0xLupin max'd his credits! We love to see it
1:29 PM · Jan 10, 2022
On a related note,@securitytrails is pretty cool.
3:22 PM · Nov 19, 2021
Wiser words have never been spoken before 😬
I highly recommend to read the whole Sara Jelen (@genericsara from@securitytrails) interview with Ben Sadeghipour (@NahamSec):
#itsecurity #hacking #bugbounty #mentalhealth #MentalHealthAwareness
2:23 AM · Sep 11, 2021
This info sucks use@securitytrails and get to the good stuff
3:18 AM · Aug 29, 2021
So recently I was trying to increase my attack surface and did not wanna bruteforce right away to get the list of subdomains. Looked into few other services, found nothing. But gotta say@securitytrails's Surface Browser did have some already listed. Such a great tool it is.
5:39 AM · Aug 1, 2021
i <3@securitytrails and so should you! their tools have helped us out a lot over the past 18 months. I encourage you to check them out, especially the surfacebrowser product. 😎
6:42 PM · Jul 5, 2021
I know too much; but this is why Local, State & Federal agencies as well as public/private companies should use services like@securitytrails & the federal #cybersecurity command to assess & monitor in real-time their infrastructure so #CyberAttack's are found & mitigated faster.
8:00 PM · May 10, 2021
Their API is so good. I used as main source of information.
6:42 PM · Apr 13, 2021
SurfaceBrowser from@securitytrails has helped make us better and more efficient #bugbounty hunters. t.ly/9q46
10:13 PM · Mar 25, 2021
An easy way to find the original IP of a website or application hidden behind a WAF such as Cloudflare is to check the DNS history. One such tool that you can use to provide this information is Security Trails.
5:40 PM · Jan 23, 2021
Cheers@securitytrails love that you note when a DNS change has been made.
6:35 AM · Jan 12, 2021
@securitytrails API Docs is among the best. specifically tells you how to name headers for authentication and so on. good job!!!!
11:42 PM · Dec 27, 2020
gau - New tool I was introduced to. Queries multiple sources for a list of URLS on a site. Passive. SecurityTrails - Subdomains FTW. Crt.sh - Certificate transparency logs identify targets. gobuster - dirb but faster. proxychains - SSH tunnels.
4:54 PM · Nov 17, 2020
Just playing around with the IRA’s internet architecture as revealed by looking up peacedata[.]net historical information on@securitytrails (my fav) Always so fun. Lots of ‘greatest hits’ there for researchers. Confluence, Hetzner, etc.
10:00 PM · Sep 1, 2020
Did I ever mention just how much I enjoy@securitytrails?
6:42 PM · Jun 15, 2020
Securitytrails for the win
10:59 AM · May 28, 2020
@GameWorks Did you know your SSL certificate for your website has expired? Just FYI. Maybe use @securitytrails to monitor that cert in the future?
3:55 AM · Jul 28, 2022
Good question! I looked at the amass.json output and the sources and collected the amount each one found for my fav. program:
Without making any advertisements,@securitytrails does an awesome job, but also permutation/alterations seems super effective with Amass :)
11:09 AM · Apr 4, 2022
Continuing DMARC study and created a@securitytrails account and it is amazing to see domain historical data, great tool and there is a free account
12:32 AM · Jan 26, 2022
Pro tip: using VirusTotal or @securitytrails to find subdomains of sites and then using Wayback to study those, seemingly a powerful #Osint combo 4-tools-to-investigate-a-domain-name-with-osint
8:29 AM · Dec 1, 2021
@securitytrails best recon service ever i do really recommend everybody to use their services
6:54 PM · Nov 7, 2021
Did you know that you can use@securitytrails new #SurfaceBrowser SQL API to query for JARMs? Here is a query specifically for the Cobalt Strike 🏹(07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1) from https://blog.cobaltstrike.com/2020/12/08/a-red-teamer-plays-with-jarm/ #huntingseason
7:47 PM · Sep 27, 2021
I like@securitytrails as they offer historical domain records up to 12 years. The free account is very useful.
6:34 AM · Sep 19, 2021
These stats are based on a sample of 460,114,474 domains from the SecurityTrails database which tracks DNS records and changes across millions of domains. You can view the data here: t.ly/thpy
2:57 AM · Aug 30, 2021
If you're still looking for an answer to this, Securitytrails is one of my go-to's: t.ly/8XFR
11:58 AM · Aug 6, 2021
@securitytrails I really appreciate the effort you guys are putting into this challenge and thank you for transparency as people like me are literally glued to the dash
8:58 PM · Jul 22, 2021
Without fail most weeks I’m using @censysio@securitytrails and @shodanhq doing due diligence on companies that want to work with my employer. Don’t trust their policy documents, check their attack surface
2:50 PM · Jul 10, 2021
5:18 PM · Jul 3, 2021
A vast collection of one-liners to pull sub-domains from various sources like@securitytrails by @_ayoubfathi, @pikpikcu, @pikpikcu, @vict0ni & many others.
1:24 PM · Jun 11, 2021
I would like to thank this great company,@securitytrails and for their support in being able to help, thank you, I was having problems with the scroll api and I was very well attended. Congratulations! thank you Igor Prelic !
6:21 PM · Apr 13, 2021
Tried the SurfaceBrowser once only and it’s my favourite source of recon now! Thanks@securitytrails for this amazing product.
6:03 AM · Mar 26, 2021
The surface browser quickly became my favorite tool. First thing I fire up when looking at a target. You really did an amazing job with this ❤
9:33 PM · Mar 25, 2021
🙈 I was under time pressure when I joined @NahamSec stream. The data and the accuracy that@securitytrails is offering is beyond amazing, huge timesaver and opens a whole new world. I am writing a blogpost about the recon soon :)
Disclaimer: I am not being paid to say this
10:58 AM · Jan 25, 2021
Our partner@securitytrails are releasing their new Attack Surface Reduction tool today. I'm not the target audience, yet I was impressed by the data available to me (screenshot is my Alma Mater). Things that immediately demand attention, great feedback. securitytrails.com/corp/attack-surface-reduction
12:47 PM · Jan 6, 2021
Subfinder is pretty great: github.com/projectdiscovery/subfinder Also, consider getting access to SecurityTrails - securitytrails.com @ChrisUeland and his team have done an excellent job at collating data needed for recon. I can't fit my methodology in a tweet, but check my previous blogs
7:23 PM · Dec 28, 2020
@Intrigueio and@securitytrails two solid companies run by true innovators.
1:01 AM · Dec 4, 2020
That's why attack surface mapping solutions like@securitytrails offer a huge value add, both for internal IT departments as well as in the case of due diligence for M&A purposes.
9:16 AM · Nov 1, 2020
SecurityTrails is pretty cool
9:17 PM · Aug 26, 2020
Want to find some new subdomains for your target? Use SecurityTrails API 🔥 to enumerate.
10:26 PM · Jun 20, 2020
*a researcher who regularly and heavily uses@securitytrails for his work and is a huge fan... thank you!🖖
10:22 PM · May 28, 2020
While looking at #APT33 domains, I often see in the passiveDNS data from@securitytrails (by the way great service!), that OpenDNS is 'taking over' a domain for just a day and then it returns to the original organisation. Was that some kind of campaign monitoring/sinkholing?
4:57 PM · Feb 6, 2020