SecurityTrails::Domain: Data collection from SecurityTrails
Overview of SecurityTrails Domain parser
SecurityTrails is the world's largest repository of historical DNS data. It provides data for security companies, researchers, and groups that need to detail, detect suspicious changes in DNS records, and prevent future fraudulent or criminal activity.
A-Parser functionality allows you to save parsing settings for further use (presets), set a parsing schedule, and much more. You can use automatic query replication, substitution of subqueries from files, enumeration of alphanumeric combinations and lists to obtain the maximum possible number of results.
Saving results is possible in the format and structure that you need, thanks to the built-in powerful Template Toolkit templating engine that allows you to apply additional logic to results and output data in various formats, including JSON, SQL, and CSV.
Collected data
- Alexa rank
- Apex domain
- Host
- Number of subdomains
- A records
- TXT records
- AAAA records
- Ns records
- SOA records
- MX records
- CNAME records
- CNAME records pointed here
- MX records pointed here
- NS records pointed here
- Subdomains
- historical A
- historical AAAA
- historical MX
- historical NS
- historical SOA
- historical TXT
Capabilities
Selection of the section (Mode) from which data is collected.
Data is collected from the following pages:
Subdomain
- https://securitytrails.com/list/apex_domain/a-parser.com
History
https://securitytrails.com/domain/a-parser.com/history/a
https://securitytrails.com/domain/a-parser.com/dns
Use cases
- Obtaining subdomains and their Rank
- Collecting information about the hosting provider of subdomains
- Obtaining the mail provider of subdomains
- Collecting history of A, AAAA, MX, NS, SOA, TXT
- Collecting DNS records of the domain A, AAAA, MX, NS, SOA, TXT
Queries
Domains should be specified as queries, for example:
a-parser.com
google.com
Results
By default, the results display Query, Alexa Rank, Apex domain
google.com - 1 - google.com
a-parser.com - 350205 - a-parser.com
Result output options
A-Parser supports flexible result formatting thanks to the built-in Template Toolkit templating engine, which allows it to output results in any form, as well as in structured form, such as CSV or JSON.
Result output for A, AAAA, MX, NS, SOA, TXT records
Result format:
$aRecords.format('$ip, $stats\n')
Example result:
142.250.73.238, 18037
Result format:
$txt.format('$record\n')
Example result:
v=spf1 include:_spf.google.com ~all
google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o
globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
apple-domain-verification=30afIBcvSuDV2PLX
Result format:
$aaaaRecords.format('$ip, $stats\n')
Example result:
2607:f8b0:4004:82a::200e, 17294
Result format:
$nsRecords.format('$ns, $stats\n')
Example result:
ns4.google.com, 5226
ns3.google.com, 5233
ns2.google.com, 5268
ns1.google.com, 5298
Result format:
$soaRecords.format('$ttl, $email, $stats\n')
Example result:
dns-admin.google.com, 147485, 900
Result format:
$mxRecords.format('$p, $host, $stats\n')
Example result:
aspmx.l.google.com, 13227170, 10
alt4.aspmx.l.google.com, 7665791, 50
alt3.aspmx.l.google.com, 7726366, 40
alt2.aspmx.l.google.com, 12894431, 30
alt1.aspmx.l.google.com, 12975832, 20
Result output for A, AAAA, MX, NS, SOA, TXT records in CSV
Result format:
[% FOREACH soaRecords;
tools.CSVline(ttl, email, stats);
END; %]
Example result:
dns-admin.google.com,147485,900
Subdomain information output
Result format:
$subdomains.format('$domain, $alexa, $hosting, $mail\n')
Example result:
google.com, 4, Google LLC, Google LLC
plus.google.com, 11, Google LLC,
maps.google.com, 18, Google LLC,
play.google.com, 22, Google LLC,
docs.google.com, 24, Google LLC,
support.google.com, 27, Google LLC,
sites.google.com, 36, Google LLC,
developers.google.com, 40, Google LLC,
apis.google.com, 44, Google LLC,
chrome.google.com, 47, Google LLC,
translate.google.com, 57, Google LLC
Subdomain information output in CSV
Result format:
[% FOREACH subdomains;
tools.CSVline(domain, alexa, hosting, mail);
END; %]
Example result:
google.com,4,"Google LLC","Google LLC"
plus.google.com,11,"Google LLC",
maps.google.com,18,"Google LLC",
play.google.com,22,"Google LLC",
docs.google.com,24,"Google LLC",
support.google.com,27,"Google LLC",
sites.google.com,36,"Google LLC",
developers.google.com,40,"Google LLC"
Example of JSON output
Initial text
[% data = {} %]
Final text
[% data.json %]
Result format:
[%
data.query = query;
data.subdomains = [];
FOREACH subdomains;
item = {};
item.domain = domain;
item.alexa = alexa;
item.hosting = hosting;
item.mail = mail;
data.subdomains.push(item);
END;
result = {};
result = data;
%]
Example result:
{
"subdomains": [
{
"domain": "google.com",
"mail": "Google LLC",
"hosting": "Google LLC",
"alexa": 4
},
{
"domain": "plus.google.com",
"mail": "",
"hosting": "Google LLC",
"alexa": 11
},
{
"domain": "maps.google.com",
"mail": "",
"hosting": "Google LLC",
"alexa": 18
}
],
"query": "google.com"
}
To make the "Initial text" and "Final text" options available in the Task Editor, you need to activate "More options".
Possible settings
Parameter | Default value | Description |
---|---|---|
Mode | History | Site section from which data is collected |