SecurityTrails::Ip: Collecting domain data from SecurityTrails
SecurityTrails Ip parser overview
SecurityTrails is the world's largest repository of historical DNS data. It provides data for security companies, researchers, and groups that need to detail suspicious changes in DNS records and prevent future fraudulent or criminal activity.
A-Parser functionality allows you to save parsing settings for further use (presets), set up a parsing schedule, and much more. You can use automatic query replication, substitution of subqueries from files, enumeration of alphanumeric combinations and lists to obtain the maximum possible number of results.
Results can be saved in the format and structure that you need, thanks to the built-in powerful Template Toolkit template engine that allows you to apply additional logic to the results and output data in various formats, including JSON, SQL, and CSV.
Collected data
- Domain
- Hosting provider
- Alexa rank
- Mail provider
Use cases
- Obtaining subdomains by IP
- Collecting Alexa Rank for subdomains
- Obtaining Hosting Provider
- Obtaining Mail Provider
Queries
The query should be an IPv4 address.
176.9.9.90
Results
By default, subdomains are displayed in the result.
a-parser.com
img.a-parser.com
www.a-poster.info
serpjson.com
en.a-parser.com
a-poster.info
forbi-shop.com
files.a-parser.com
www.forbi-shop.com
www.a-parser.com
Result output options
A-Parser supports flexible result formatting thanks to the built-in Template Toolkit template engine, which allows it to output results in any form, as well as in structured form, such as CSV or JSON.
Output of all subdomain data
Result format:
$list.format('$domain, $host_provider, $alexa_rank, $mail_provider\n')
Example result:
google.com, Google LLC, 4, Google LLC
developers.google.com, Google LLC, 40, none
earth.google.com, Google LLC, 640, none
uk.youtube.com, Google LLC, 1305, none
Output of data in CSV
Result format:
[%
FOREACH list;
tools.CSVline(domain, host_provider, alexa_rank, mail_provider);
END;
%]
Example result:
google.com,"Google LLC",4,"Google LLC"
developers.google.com,"Google LLC",40,none
earth.google.com,"Google LLC",640,none
uk.youtube.com,"Google LLC",1305,none
Output of data in JSON
Initial text
[% data = {} %]
Final text
[% data.json %]
Result format:
[%
data.query = query;
data.subdomains = [];
FOREACH list;
item = {};
item.domain = domain;
item.alexa = alexa_rank;
item.host_provider = host_provider;
item.mail_provider = mail_provider;
data.subdomains.push(item);
END;
result = {};
result = data;
%]
Example result:
{
"subdomains": [
{
"domain": "google.com",
"mail_provider": "Google LLC",
"host_provider": "Google LLC",
"alexa": 4
},
{
"domain": "developers.google.com",
"mail_provider": "none",
"host_provider": "Google LLC",
"alexa": 40
},
{
"domain": "earth.google.com",
"mail_provider": "none",
"host_provider": "Google LLC",
"alexa": 640
},
{
"domain": "uk.youtube.com",
"mail_provider": "none",
"host_provider": "Google LLC",
"alexa": 1305
}
],
"query": "172.217.164.174"
}
To make the "Initial text" and "Final text" options available in the Task Editor, you need to activate "More options".