Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hakluke/haktrails
Golang client for querying SecurityTrails API data
https://github.com/hakluke/haktrails
Last synced: about 1 month ago
JSON representation
Golang client for querying SecurityTrails API data
- Host: GitHub
- URL: https://github.com/hakluke/haktrails
- Owner: hakluke
- License: mit
- Created: 2021-03-12T06:03:35.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-05T08:23:52.000Z (over 1 year ago)
- Last Synced: 2024-08-01T23:31:10.462Z (4 months ago)
- Language: Go
- Size: 6.24 MB
- Stars: 524
- Watchers: 10
- Forks: 56
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: securitytrails-banner.jpg
Awesome Lists containing this project
- awesome-bugbounty-tools - haktrails - Golang client for querying SecurityTrails API data (Recon / Subdomain Enumeration)
- WebHackersWeapons - haktrails
- awesome-hacking-lists - hakluke/haktrails - Golang client for querying SecurityTrails API data (Go)
README
# haktrails
haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.
## Tool Features
- stdin input for easy tool chaining
- subdomain discovery
- associated root domain discovery
- associated IP discovery
- historical DNS data
- historical whois data
- [DSL queries](https://docs.securitytrails.com/docs/how-to-use-the-dsl) (currently a prototype)
- company discovery (discover the owner of a domain)
- whois (returns json whois data for a given domain)
- ping (check that your current SecurityTrails configuration/key is working)
- usage (check your current SecurityTrails usage)
- "json" or "list" output options for easy tool chaining
- "ZSH & Bash autocompletion"## Installation
You will need a SecurityTrails API key to use this tool. If you're using it for bug bounties, I'd recommend checking out the [bug bounty hunter's toolkit](http://securitytrails.com/bug-bounty-hunters-toolkit?referral_code=LLDAK0F80M) if you're a bug bounty hunter. It provides access to the majority of data that you will need for a good price. See the details below.
Once you have an API key, install golang, then:
```
#Go version > 1.17
go install -v github.com/hakluke/haktrails@latest
~/go/bin/haktrails# Go version < 1.17
# https://golang.org/doc/go-get-install-deprecationgo get github.com/hakluke/haktrails
~/go/bin/haktrails
```I'd recommend adding `~/go/bin/` to your `$PATH` if you haven't already, then you can just run `haktrails`.
## Autocompletion (optional)
ZSH and Bash autocompletion is available
Just add this to your ~/.zshrc or ~/.bashrc
```
source ~/go/src/github.com/hakluke/haktrails/haktrails-completion.zsh
or
source ~/go/src/github.com/hakluke/haktrails/haktrails-completion.bash
```
NOTE: If you are using a custom GOPATH location,
use it instead of the default one (which is ~/go)## Usage
### Note
> Note: In these examples, domains.txt is a list of root domains that you wish to gather data on. For example:
```
hakluke.com
bugcrowd.com
tesla.com
yahoo.com
```### Flags
- The *output* type can be specified with `-o json` or `-o list`. List is the default. List is only compatiable with subdomains, associated domains and associated ips. All the other endpoints will return json regardless.
- The number of threads can be set using `-t `. This will determine how many domains can be processed at the same time. It's worth noting that the API has rate-limiting, so setting a really high thread count here will actually slow you down.
- The config file location can be set with `-c `. The default location is `~/.config/haktools/haktrails-config.yml`. A sample config file can be seen below.
- The lookup type for historical DNS lookups can be set with `-type `, available options are a,aaaa,mx,txt,ns,soa.
- The DSL query can be set with `-query `. See [here](https://docs.securitytrails.com/docs/how-to-use-the-dsl) for more details.### Config file
You will need to set up a configuration file with your SecurityTrails key to use this tool. By default, the tool will look for the file in `~/.config/haktools/haktrails-config.yml`. If you wish to put the config file somewhere else, the location must be specified with the `-c` flag.
The format of the file is very simple, just copy paste this, and replace `` with your SecurityTrails API key:
```
securitytrails:
key:
```### Warning
> Warning: With this tool, it's very easy to burn through a lot of API credits. For example, if you have 10,000 domains in domains.txt, running `cat domains.txt | haktrails subdomains` will use all 10,000 credits. It's also worth noting that some functions (such as associated domains) will use multiple API requests, for example, `echo "yahoo.com" | haktrails associateddomains` would use about 20 API requests, because the data is paginated and yahoo.com has a _lot_ of associated domains.
### Gather subdomains
This will gather all subdomains of all the domains listed within domains.txt.
```
cat domains.txt | haktrails subdomains
```Of course, a single domain can also be specified like this:
```
echo "yahoo.com" | haktrails subdomains
```### Gather associated domains
"Associated domains" is a loose term, but it is generally just domains that are owned by the same company. This will gather all associated domains for every domain in domains.txt
```
cat domains.txt | haktrails associateddomains
```### Gather associated IPs
Again, associated IPs is a loose term, but it generally refers to IP addresses that are owned by the same organisation.
```
cat domains.txt | haktrails associatedips
```### Get historical DNS data
Returns historical DNS data for a domain.
```
cat domains.txt | haktrails historicaldns
```### Get historical whois data
Returns historical whois data for a domain.
```
cat domains.txt | haktrails historicalwhois
```### Run a DSL query
Runs a custom SecurityTrails DSL query. See [here](https://docs.securitytrails.com/docs/how-to-use-the-dsl) for more details.
```
haktrails dsl -query
```### Get company details
Returns the company that is associated with the provided domain(s).
```
cat domains.txt | haktrails company
```### Get domain details
Returns all details of a domain including DNS records, alexa ranking and last seen time.
```
cat domains.txt | haktrails details
```### Get whois data
Returns whois data in JSON format.
```
cat domains.txt | haktrails whois
```### Get domain tags
Returns "tags" of a specific domain.
```
cat domains.txt | haktrails tags
```### Usage
Returns data about API usage on your SecurityTrails account.
```
haktrails usage
```### Ping
Pings SecurityTrails to check if your API key is working properly.
```
haktrails ping
```### Banner
Shows a nice ascii-art banner :)
```
haktrails banner
```## Not Yet Supported
Currently, some of the features of the SecurityTrails API are not yet supported. Pull requests are welcome!
- Scroll
- Domains Search
- Domains Statistics
- SSL Certificates (Stream)
- SSL Certificates (Pages)
- IP Neighbours
- IP Statistics
- IP Whois
- IP Useragents
- Domains feed
- Domains DMARC feed
- Domains subdomains feed
- Certificate transparency firehose## SecurityTrails API Reference
The full API reference is [here](https://docs.securitytrails.com/reference).