Ping
You can use this simple endpoint to test your authentication and access to the SecurityTrails API.
Usage
The stats provided are for the present month and include:
- current_monthly_usage- The number of API requests made this month
- allowed_monthly_usage- The total available number of API requests for the month
Scroll
A fast and easy way to fetch many results. Currently only available for the DSL API endpoints.
Limited availability
This endpoint can currently only be used with DSL query requests. The initial request will be done using the Search Domain (DSL) API.
As an example, when request data from the Domain Search API (DSL) in addition with the scroll=true option, you will receive the following output where you take the scroll_id parameter for use with this API endpoint.
{
"meta": {
"total_pages": 30,
"scroll_id": "DnF1ZXJ5VGhlbkZldGNoIAAAAAAAChXuFnM3aVhzcDJ6UnZhWndDeDlKdkRBVGcAAAAAAAoGjRZCeEVpX0FtWlN5Nkttd1Fua1ZPcE1BAAAAAAu4Cs4WQkJPb2k1UTlRNW1PWm9wRGRzWVBLZwAAAAAACy-mFllDN211RzFY...zblFyNUtQcTFBAAAAAAALXYIWVWZoM3dTX3dRTS1UR2ZPQ0ZaRVh3dwAAAAAACpU9FjdQbkZLWDBsUndtdHR6NW9LB",
"query": "apex_domain = 'apple.com'",
"page": 1
}
}More information about the scroll endpoint can be found on our blog.
Get Domain
Returns the current data about the given domain. In addition to the current data, you also get the current statistics associated with a particular record. For example, for a records you'll get how many other domains have the same IP.
The data set contains the following info:
- a - IPv4 current data
- aaaa - IPv6 current data
- mx - Mail Exchanger current data
- ns - Name server current data
- soa - SOA current data
- txt - TXT current data
Find associated domains
Find all domains that are related to a domain you input
Professional Plan or higher required
Using this API endpoint requires a subscription to our Professional Plan (or higher).
How we find associated domains
We go through the most recent WHOIS data of the input domain and try to find identifying email addresses or organizations that we could use to identify domains that have a relationship with the input domain. If the input domain is privacy guarded, the domains WHOIS history is used to pull email addresses/organizations. Our algorithms are constantly refined to provide the best results possible.
Refining the search further
The JSON we return contains a query field. This field is the
DSL
- DSL -
DSL stands for “Domains Specific Language”
query we used to find the results we are displaying. Using this query, you can add your own refinements and run it through our Domain Search API.
Get WHOIS
Returns the current WHOIS data about a given domain with the stats merged together
Prototyper Plan or higher required
Using this API endpoint requires a subscription to our Prototyper Plan (or higher).
Search Domain (filter)
Filter and search specific records using this endpoint.
Using simple filter composition, any type of data fetching is possible. The post object uses a very simple
DSL
- DSL -
DSL stands for “Domains Specific Language”
where the json key represents the type to filter on and the value.
Given this, you can create any number of queries, depending on the need. It's worth noting that all of the filters are combined using AND fashion and work in combination.
Pagination
In order to access subsequent pages of results you can add a ?page=:pagenumber to the path. So to retrieve the 5th page of results you'd post your search to /v1/search/list?page=5. The results are always paginated with 100 results per page.
Possible key values
- ipv4 (can include a network mask)
- ipv6
- mx
- ns
- cname
- subdomain
- apex_domain
- soa_email
- tld
- whois_email
- whois_street1
- whois_street2
- whois_street3
- whois_street4
- whois_city
- whois_country
- whois_state
- whois_postalCode
- whois_organization
- whois_name
- whois_telephone
- whois_fax
- keyword (substring of a hostname, e.g. the value of oa would yield all hostnames containing oa characters)
Search Domain (DSL)
Filter and search specific records using our DSL with this endpoint
Professional Plan or higher required
Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.
Available fields
For a full description including examples please see How to use the DSL.
- ipv4
- ipv6
- mx
- ns
- cname
- subdomain
- apex_domain
- soa_email
- tld
- whois_email
- whois_street1
- whois_street2
- whois_street3
- whois_street4
- whois_city
- whois_country
- whois_state
- whois_postalCode
- whois_organization
- whois_name
- whois_telephone
- whois_fax
- keyword
- dropped (false is the default)
This endpoint supports scrolling
Scrolling allows you to fetch many pages of results in an easy way. Check out the Scrolling API.
Search statistics
Please see Search Domain (filter) and Search Domain (DSL) for the full reference on how to use search. This endpoints accepts both, filters and DSL queries. The returned object contains:
- tld count
- hostname count
- domain count
DNS history by record type
Lists out specific historical information about the given hostname parameter
The returned data is paginated with 100 records are shown per page.
Supported record types
The API currently supports a, aaaa, mx, ns, soa and txt records.
If you are looking for other record types, please contact us.
In addition of fetching the historical data for particular type, the count statistic is returned aswel, which represents the number of that particular resource against current data. (a records will have an ip_count field which will represent the number of records that has the same IP as that particular
record)
These types represent the historical records below, respectively:
- a - Ipv4 historical data
- aaaa - Ipv6 historical data
- mx - Mail Exchanger historical data
- ns - Name server historical data
- soa - SOA historical data
- txt - TXT historical data
WHOIS history by domain
Returns historical WHOIS information about the given domain
Prototyper Plan or higher required
Using this API endpoint requires a subscription to our Prototyper Plan (or higher).
Explore IPs
Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses.
Returns the neighbors in any given IP level range and essentially allows you to explore closeby IP addresses. This works by providing a specific IP address (or by starting at the whole unzoomed level). Explorer will always yield IPs that will be grouped in blocks, so the output will always be 16.
Examples
- Searching for /28 block will return all 16 /32 IP addresses in /28 block.
- Searching for /24 block will return all /28 IP blocks in /24 block.
Search IPs (DSL)
Professional Plan or higher required
Using this API endpoint requires a subscription to our Professional Plan (or higher).
DSL 'like' statements requires a subscription to our Business Plan.
Available fields to query in the IPs database:
ptr_part- matches the end of the ptr record. it must exactly match a fragment so for examplemicrosoft.comwould match any ptr record that ends with microsoft.comtest.microsoft.comwould match, buttest.otherserviceatmicrosoft.comwould not.ptr- matches the full ptr record exactlyport- matches open ports. These are numeric so operators likebetweengtlt>>=<=etc. are all supported. e.g.port between 1000 and 4000orport <= 100. We are keeping the following ports in our index: FTP 21, FTPs 990, HTTP 80, HTTPS 443, Redis 6379, SSH 22, CouchDB 5984, ElasticSearch 9200, Memcached 11211ip- matches the ip address. network masks are supported. e.g.1.1.1.1/24
Example DSL query
ip in ('1.1.1.1/24', '2.2.2.2/24' and ptr_part != 'microsoft.com') or (ptr_part =
'microsoft.com' and ip = '3.3.3.3/24')
IP Search statistics
Please see Search IPs for the full reference on how to use search. By appending /stats at the end of the search URL, instead of getting the usual records, a stats object is given in the response. This object contains some useful information like:
- Reverse DNS pattern identification (RDNS entries are grouped and displayed as x)
- ports (number of open ports found)
- total results
Domains
Fetch zone files including authoritative nameservers with ease
Addon subscription required
Using this API endpoint requires a SecurityTrails Feeds subscription.
Download a list of domains based on a TLD or domain filter (gTLD, ccTLD). The response itself is streamed to a file, which means the data is received in chunks.
Type "registered" returns domains that have been registered in the past, were dropped and then re-registered.
Whenever the TLD parameter is specified it takes priority over specifying filters.
The nameservers option works only for type and tld lookups.
For "all" and "new" domains, the data goes back to May 23, 2018. The "registered" domain data goes back to May 29, 2019. We do not intend to delete old data at this time.
Subdomains
Addon subscription required
Using this API endpoint requires a SecurityTrails Feeds subscription.
Download a list of subdomains, with the possibility of filtering by TLD. The response itself is streamed to a file, which means the data is received in chunks.
When using filter you must specify the tld parameter and vise versa.