loading
loading
Discovery
Query the SecurityTrails API and embed the SQL queries you want to run.
overview
securitytrails-sql pulls DNS and domain intelligence from SecurityTrails by sending a scroll query against the API and capturing every page of results. SecurityTrails holds historical and current DNS records, WHOIS data, and subdomain inventories for a huge slice of the internet, and this node lets you express exactly which slice you want as an embedded query rather than clicking through a web console.
The scroll mechanism matters for large result sets. Instead of one capped response, the query walks the full match set page by page, so a broad lookup against a popular registrar or a shared IP range returns the complete record list rather than a truncated sample.
On Trickest, securitytrails-sql is a Discovery node that takes a query and an API key and writes a file and a folder of results. Use it to seed a recon pipeline with passive data, or to cross-reference active findings against SecurityTrails history before probing or scanning.
source github.com/trickest
use cases
Run a scroll query for a domain's historical A, MX, and NS records to reconstruct infrastructure changes that current DNS no longer shows.
Query every domain that has pointed at an IP or netblock so you can map co-hosted assets that belong to the same owner.
Feed SecurityTrails records into a workflow as the first stage so probing and scanning run against a curated asset list instead of guesses.
Compare brute-forced or crawled subdomains against SecurityTrails history to catch hosts that resolve intermittently or were recently retired.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| query | STRING | · | Scroll query. MUST BE IN SINGLE QUOTES |
| api-key | STRING | · | Specify Securitytrails API key |
Showing key inputs. securitytrails-sql exposes 2 inputs in total.
example
# securitytrails-sql: scroll query for hosts on a documentation IP, api-key set as input# query: 'ip = "198.51.100.10"'# returns hostname rows such as api.example.com, mail.example.comapi.example.commail.example.comwww.example.comstaging.example.comdev.example.comcdn.example.comvpn.example.comportal.example.comguidance
Use securitytrails-sql when you want SQL-style precision over SecurityTrails data and need the full scrolled result set. For a simpler subdomain pull from the same source, use securitytrails-subdomains. For Shodan-style device data instead of DNS history, reach for shodan-python.
Same data source, simpler interface. Returns subdomains for a root domain without writing a query.
Device and service intelligence rather than DNS history. Complements SecurityTrails records.
Bulk-exports Shodan banner data. Use it for raw service dumps, not DNS lookups.
faq
related
Check whether a URL redirects to a masked 404 page.
Append lines to a file only if they are not already there.
Extract URLs and endpoints from Android APK files.
Visual inspection of websites across a large number of hosts.
Find suspicious files across a large set of AWS S3 buckets.
An automated tool that checks for backup artifacts that may disclose a web application's source code.
A scroll query feeds securitytrails-sql, which pulls the matching SecurityTrails DNS records and writes them as a queryable output.
Facts on this page come from the live Trickest tool library.