• Stars
    star
    528
  • Rank 83,941 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created over 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Golang client for querying SecurityTrails API data

haktrails

haktrails is a Golang client for querying SecurityTrails API data, sponsored by SecurityTrails.

Tool Features

  • stdin input for easy tool chaining
  • subdomain discovery
  • associated root domain discovery
  • associated IP discovery
  • historical DNS data
  • historical whois data
  • DSL queries (currently a prototype)
  • company discovery (discover the owner of a domain)
  • whois (returns json whois data for a given domain)
  • ping (check that your current SecurityTrails configuration/key is working)
  • usage (check your current SecurityTrails usage)
  • "json" or "list" output options for easy tool chaining
  • "ZSH & Bash autocompletion"

Installation

You will need a SecurityTrails API key to use this tool. If you're using it for bug bounties, I'd recommend checking out the bug bounty hunter's toolkit if you're a bug bounty hunter. It provides access to the majority of data that you will need for a good price. See the details below.

Once you have an API key, install golang, then:

#Go version > 1.17
go install -v github.com/hakluke/haktrails@latest
~/go/bin/haktrails

# Go version < 1.17
# https://golang.org/doc/go-get-install-deprecation

go get github.com/hakluke/haktrails
~/go/bin/haktrails

I'd recommend adding ~/go/bin/ to your $PATH if you haven't already, then you can just run haktrails.

Autocompletion (optional)

ZSH and Bash autocompletion is available Just add this to your ~/.zshrc or ~/.bashrc

source ~/go/src/github.com/hakluke/haktrails/haktrails-completion.zsh
or
source ~/go/src/github.com/hakluke/haktrails/haktrails-completion.bash

NOTE: If you are using a custom GOPATH location, use it instead of the default one (which is ~/go)

Usage

Note

Note: In these examples, domains.txt is a list of root domains that you wish to gather data on. For example:

hakluke.com
bugcrowd.com
tesla.com
yahoo.com

Flags

  • The output type can be specified with -o json or -o list. List is the default. List is only compatiable with subdomains, associated domains and associated ips. All the other endpoints will return json regardless.
  • The number of threads can be set using -t <number>. This will determine how many domains can be processed at the same time. It's worth noting that the API has rate-limiting, so setting a really high thread count here will actually slow you down.
  • The config file location can be set with -c <file path>. The default location is ~/.config/haktools/haktrails-config.yml. A sample config file can be seen below.
  • The lookup type for historical DNS lookups can be set with -type <type>, available options are a,aaaa,mx,txt,ns,soa.
  • The DSL query can be set with -query <query>. See here for more details.

Config file

You will need to set up a configuration file with your SecurityTrails key to use this tool. By default, the tool will look for the file in ~/.config/haktools/haktrails-config.yml. If you wish to put the config file somewhere else, the location must be specified with the -c flag.

The format of the file is very simple, just copy paste this, and replace <yourkey> with your SecurityTrails API key:

securitytrails:
  key: <yourkey>

Warning

Warning: With this tool, it's very easy to burn through a lot of API credits. For example, if you have 10,000 domains in domains.txt, running cat domains.txt | haktrails subdomains will use all 10,000 credits. It's also worth noting that some functions (such as associated domains) will use multiple API requests, for example, echo "yahoo.com" | haktrails associateddomains would use about 20 API requests, because the data is paginated and yahoo.com has a lot of associated domains.

Gather subdomains

This will gather all subdomains of all the domains listed within domains.txt.

cat domains.txt | haktrails subdomains

Of course, a single domain can also be specified like this:

echo "yahoo.com" | haktrails subdomains

Gather associated domains

"Associated domains" is a loose term, but it is generally just domains that are owned by the same company. This will gather all associated domains for every domain in domains.txt

cat domains.txt | haktrails associateddomains

Gather associated IPs

Again, associated IPs is a loose term, but it generally refers to IP addresses that are owned by the same organisation.

cat domains.txt | haktrails associatedips

Get historical DNS data

Returns historical DNS data for a domain.

cat domains.txt | haktrails historicaldns

Get historical whois data

Returns historical whois data for a domain.

cat domains.txt | haktrails historicalwhois

Run a DSL query

Runs a custom SecurityTrails DSL query. See here for more details.

haktrails dsl -query <query>

Get company details

Returns the company that is associated with the provided domain(s).

cat domains.txt | haktrails company

Get domain details

Returns all details of a domain including DNS records, alexa ranking and last seen time.

cat domains.txt | haktrails details

Get whois data

Returns whois data in JSON format.

cat domains.txt | haktrails whois

Get domain tags

Returns "tags" of a specific domain.

cat domains.txt | haktrails tags

Usage

Returns data about API usage on your SecurityTrails account.

haktrails usage

Ping

Pings SecurityTrails to check if your API key is working properly.

haktrails ping

Banner

Shows a nice ascii-art banner :)

haktrails banner

Not Yet Supported

Currently, some of the features of the SecurityTrails API are not yet supported. Pull requests are welcome!

  • Scroll
  • Domains Search
  • Domains Statistics
  • SSL Certificates (Stream)
  • SSL Certificates (Pages)
  • IP Neighbours
  • IP Statistics
  • IP Whois
  • IP Useragents
  • Domains feed
  • Domains DMARC feed
  • Domains subdomains feed
  • Certificate transparency firehose

SecurityTrails API Reference

The full API reference is here.

More Repositories

1

how-to-exit-vim

Below are some simple methods for exiting vim.
7,022
star
2

hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Go
4,374
star
3

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.
Go
1,404
star
4

weaponised-XSS-payloads

XSS payloads designed to turn alert(1) into P1
JavaScript
1,338
star
5

hakoriginfinder

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
Go
831
star
6

hakip2host

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
Go
416
star
7

hakcheckurl

Takes a list of URLs and returns their HTTP response codes
Go
388
star
8

bug-bounty-standards

A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
225
star
9

haklistgen

Turns any junk text into a usable wordlist for brute-forcing.
Go
212
star
10

hakscale

Distribute ordinary bash commands over many systems
Go
162
star
11

haktldextract

Extract domains/subdomains from URLs en masse
Go
133
star
12

hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal
Go
92
star
13

hakcron

Easily schedule commands to run multiple times at set intervals (like a cronjob, but with one command)
Go
84
star
14

hakq

A basic golang server/client for distributing tasks over multiple systems.
Go
38
star
15

hakrevshell

Shell
37
star
16

hakcertstream

Basic implementation of certstream to print new subdomains and domains
Go
37
star
17

hakstore

Go
27
star
18

hakluke

18
star
19

hakcsp

Return domains in CSP headers in http response
Go
16
star
20

hakaxfr

Attempt zone transfers on domains
Go
16
star
21

hakjoke

Gets joke from icanhazdadjoke.com, prints it
Go
13
star
22

haksecuritytxt

Takes a list of domains as the input, checks if they have a security.txt, outputs the results.
Go
13
star
23

helloworlds

hello world in different languages
Assembly
12
star
24

----svg-onload-alert---

jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
HTML
11
star
25

XSS

Xss payloads
JavaScript
9
star
26

hakawshostnames

Generate a list of all AWS hostnames
Go
8
star
27

hakurlencode

(en|de)code urls from the CLI
Go
6
star
28

gzipsplit

split lines of text into multiple gzip files
Go
6
star
29

hakgzsplit

Split text files into gzip files with x lines
Go
5
star
30

vulnerable-code-examples

An unorganized batch of vulnerable code examples for use in my blogs, training, etc.
PHP
5
star
31

wordlesolver

Little python script + dictionary to help solve Wordle puzzles
Python
4
star
32

FakeKoala

3
star
33

diodb-api

Go
2
star