Securitytrails
Cybersecurity intelligence platform for domains, IPs, DNS history, SSL certificates, ASI projects, and DSL-driven search.
Built for threat hunters and attack-surface analysts that pull historical DNS and SSL data, search IPs with DSL, and manage static-asset rules per project.
Sign in to connect Securitytrails
Sign in to connect an account and start using Securitytrails in your apps.
Example Use Cases
These are example ways Snow can use Securitytrails when building apps with you. This list is meant to show examples, not document every possible capability. Connecting an account does not make Snow run these automatically on its own.
Bulk add or remove static asset rules for a SecurityTrails ASI project. Static asset rules define which domains/IPs are included or excluded from the project's monitoring scope. This operation processes up to 1000 rules (combined add + remove) per request. The API processes rules asynchronously, waiting up to 2 seconds for completion. If processing takes longer, task_ids are returned for status polling. Note: Requires a valid project_id from the List Projects endpoint. Use the Get Static Assets endpoint to verify changes after bulk operations complete.
Tool to retrieve IPs associated with a company domain. Use when you need to find all IP addresses linked to an organization's domain name.
Retrieves comprehensive domain information from SecurityTrails including current DNS records, infrastructure details, and statistics. This tool fetches detailed DNS data (A, AAAA, MX, NS, SOA, TXT records) along with metadata about when records were first seen, which organizations own the infrastructure, and how many other domains share the same servers. Useful for domain reconnaissance, infrastructure mapping, security analysis, and understanding domain configurations. Returns structured data with typed fields for easy programmatic access by AI agents.
Tool to fetch current and historical SSL certificate details for a hostname. Use when you need to retrieve SSL data after identifying the domain. Coverage limited to certificates indexed by SecurityTrails; private, internally-issued, or very recently issued certificates may be absent.
Fetch aggregated statistics for IP addresses matching a DSL query. Returns top open ports by frequency, common reverse DNS patterns, and total count. Useful for analyzing IP infrastructure patterns, port distributions, and PTR records across specific IP ranges or reverse DNS domains.
Tool to list ASI projects available to the account. Use when you need project IDs for subsequent ASI operations.
Tool to test authentication and connectivity with the SecurityTrails API. Use after configuring API key.
Tool to continue scrolling through DSL search results. Use after receiving a scroll_id from SECURITYTRAILS_SEARCH_IPS or SECURITYTRAILS_SQL_API_EXECUTE_QUERY to fetch the next batch of data. Call iteratively until no scroll_id is returned to retrieve all pages.
Tool to search IP addresses via SecurityTrails DSL. Use when you need to filter IPs with custom DSL queries. Results are paginated; use SecurityTrails scroll mechanisms for large result sets to avoid missing assets.
Execute SQL-like queries against SecurityTrails data. Query the 'hosts' table for domain/DNS information or the 'ips' table for IP address/ASN/port data. Returns up to 100 records per request with a scroll ID for pagination. Supports standard SQL syntax (SELECT, WHERE, AND, OR, IN, IS NULL) but does NOT support LIMIT clause.