Skip to main content

SecurityTrails::Domain: Data collection from SecurityTrails

Overview of SecurityTrails Domain parser

img

SecurityTrails is the world's largest repository of historical DNS data. It provides data for security companies, researchers, and groups that need to detail, detect suspicious changes in DNS records, and prevent future fraudulent or criminal activity.

A-Parser functionality allows you to save parsing settings for further use (presets), set a parsing schedule, and much more. You can use automatic query replication, substitution of subqueries from files, enumeration of alphanumeric combinations and lists to obtain the maximum possible number of results.

Saving results is possible in the format and structure that you need, thanks to the built-in powerful Template Toolkit templating engine that allows you to apply additional logic to results and output data in various formats, including JSON, SQL, and CSV.

Collected data

  • Alexa rank
  • Apex domain
  • Host
  • Number of subdomains
  • A records
  • TXT records
  • AAAA records
  • Ns records
  • SOA records
  • MX records
  • CNAME records
  • CNAME records pointed here
  • MX records pointed here
  • NS records pointed here
  • Subdomains
  • historical A
  • historical AAAA
  • historical MX
  • historical NS
  • historical SOA
  • historical TXT

img

img

img

Capabilities

Selection of the section (Mode) from which data is collected.

Data is collected from the following pages:

  • Subdomain

    • https://securitytrails.com/list/apex_domain/a-parser.com
  • History

    • https://securitytrails.com/domain/a-parser.com/history/a

    • https://securitytrails.com/domain/a-parser.com/dns

Use cases

  • Obtaining subdomains and their Rank
  • Collecting information about the hosting provider of subdomains
  • Obtaining the mail provider of subdomains
  • Collecting history of A, AAAA, MX, NS, SOA, TXT
  • Collecting DNS records of the domain A, AAAA, MX, NS, SOA, TXT

Queries

Domains should be specified as queries, for example:

a-parser.com
google.com

Results

By default, the results display Query, Alexa Rank, Apex domain

google.com - 1 - google.com
a-parser.com - 350205 - a-parser.com

Result output options

A-Parser supports flexible result formatting thanks to the built-in Template Toolkit templating engine, which allows it to output results in any form, as well as in structured form, such as CSV or JSON.

Result output for A, AAAA, MX, NS, SOA, TXT records

Result format:

$aRecords.format('$ip, $stats\n')

Example result:

142.250.73.238, 18037

Result format:

$txt.format('$record\n')

Example result:

v=spf1 include:_spf.google.com ~all
google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o
globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
apple-domain-verification=30afIBcvSuDV2PLX

Result format:

$aaaaRecords.format('$ip, $stats\n')

Example result:

2607:f8b0:4004:82a::200e, 17294

Result format:

$nsRecords.format('$ns, $stats\n')

Example result:

ns4.google.com, 5226
ns3.google.com, 5233
ns2.google.com, 5268
ns1.google.com, 5298

Result format:

$soaRecords.format('$ttl, $email, $stats\n')

Example result:

dns-admin.google.com, 147485, 900

Result format:

$mxRecords.format('$p, $host, $stats\n')

Example result:

aspmx.l.google.com, 13227170, 10
alt4.aspmx.l.google.com, 7665791, 50
alt3.aspmx.l.google.com, 7726366, 40
alt2.aspmx.l.google.com, 12894431, 30
alt1.aspmx.l.google.com, 12975832, 20

Result output for A, AAAA, MX, NS, SOA, TXT records in CSV

Result format:

[% FOREACH soaRecords; 
tools.CSVline(ttl, email, stats);
END; %]

Example result:

dns-admin.google.com,147485,900

Subdomain information output

Result format:

$subdomains.format('$domain, $alexa, $hosting, $mail\n')

Example result:

google.com, 4, Google LLC, Google LLC
plus.google.com, 11, Google LLC,
maps.google.com, 18, Google LLC,
play.google.com, 22, Google LLC,
docs.google.com, 24, Google LLC,
support.google.com, 27, Google LLC,
sites.google.com, 36, Google LLC,
developers.google.com, 40, Google LLC,
apis.google.com, 44, Google LLC,
chrome.google.com, 47, Google LLC,
translate.google.com, 57, Google LLC

Subdomain information output in CSV

Result format:

[% FOREACH subdomains; 
tools.CSVline(domain, alexa, hosting, mail);
END; %]

Example result:

google.com,4,"Google LLC","Google LLC"
plus.google.com,11,"Google LLC",
maps.google.com,18,"Google LLC",
play.google.com,22,"Google LLC",
docs.google.com,24,"Google LLC",
support.google.com,27,"Google LLC",
sites.google.com,36,"Google LLC",
developers.google.com,40,"Google LLC"

Example of JSON output

Initial text

[% data = {} %]

Final text

[% data.json %]

Result format:

[%  
data.query = query;
data.subdomains = [];
FOREACH subdomains;
item = {};
item.domain = domain;
item.alexa = alexa;
item.hosting = hosting;
item.mail = mail;
data.subdomains.push(item);
END;
result = {};
result = data;

%]

Example result:

{
"subdomains": [
{
"domain": "google.com",
"mail": "Google LLC",
"hosting": "Google LLC",
"alexa": 4
},
{
"domain": "plus.google.com",
"mail": "",
"hosting": "Google LLC",
"alexa": 11
},
{
"domain": "maps.google.com",
"mail": "",
"hosting": "Google LLC",
"alexa": 18
}

],
"query": "google.com"
}
tip

To make the "Initial text" and "Final text" options available in the Task Editor, you need to activate "More options".

Possible settings

ParameterDefault valueDescription
ModeHistorySite section from which data is collected