SecurityTrails

Domain and IP intelligence at conversation speed with SecurityTrails

SecurityTrails gives your AI agent access to 3 billion WHOIS records, 203 million domains, and 1 billion passive DNS datasets. Security teams ask questions about domains, IPs, and SSL certificates and your agent delivers forensic-grade intelligence instantly.

Get started for freeSchedule a Demo
Chosen by 800+ global brands across industries

Cybersecurity reconnaissance on demand

DNS records, WHOIS history, IP intelligence, SSL certificates, and company-associated infrastructure. Your AI agent conducts security research through SecurityTrails without leaving the conversation.

Look Up Domain Data

Security analyst asks about a suspicious domain. The agent queries SecurityTrails' Domain API, returning current DNS records, registrar information, hosting details, and record type statistics. Full domain intelligence delivered in the conversation.

Retrieve SSL Certificates

Team needs to verify a domain's SSL configuration. The agent pulls current and historical SSL certificate data through SecurityTrails, including issuer, validity dates, and certificate chain details for any hostname.

Search IP Addresses

Investigator needs to find hosts associated with a specific IP range. The agent executes DSL queries against SecurityTrails' IP index, filtering by IP address, PTR records, and port numbers to map infrastructure.

Find Company IPs

Mapping an organization's digital footprint. The agent queries SecurityTrails with a company domain and retrieves all associated IP addresses, revealing the full scope of the company's internet-facing infrastructure.

Execute SQL Queries

Complex reconnaissance requires flexible querying. The agent runs SQL-like queries across SecurityTrails' hosts and IPs datasets, enabling custom filters, joins, and aggregations for advanced threat hunting workflows.

Scroll Through Results

Large result sets from DSL or SQL queries need pagination. The agent uses scroll IDs from SecurityTrails to fetch additional result pages, iterating through extensive datasets without losing position or context.

SecurityTrails

Use Cases

Threat intelligence through conversation

From incident response to attack surface mapping, see how AI agents leverage SecurityTrails to perform security reconnaissance that would normally require dedicated tools and manual investigation.

Incident Response Domain Investigation

A SOC analyst receives an alert about traffic to a suspicious domain. They ask the AI agent to investigate. The agent queries SecurityTrails for DNS records, WHOIS history, and associated IPs. Within seconds, the analyst sees the domain was registered two days ago, uses a privacy proxy, and shares infrastructure with known malicious domains. Triage that took 30 minutes happens in one conversation.

Attack Surface Discovery for New Clients

A penetration tester needs the full digital footprint of a target company. The agent queries SecurityTrails for all IPs associated with the company domain, retrieves subdomains, checks SSL certificates, and maps open ports. The complete attack surface assessment starts in the conversation before any active scanning begins.

Brand Protection Through DNS Monitoring

Your brand security team suspects someone registered a lookalike domain. The agent searches SecurityTrails for domains containing your brand name, retrieves their registration dates and hosting details, and flags any that were created recently with suspicious registrars. Potential phishing domains identified before they target your customers.

Try
SecurityTrails

SecurityTrails

FAQs

Frequently Asked Questions

What types of DNS data can the agent retrieve from SecurityTrails?

The agent accesses current DNS records including A, AAAA, MX, NS, SOA, TXT, and CNAME records for any domain. SecurityTrails also provides DNS record statistics showing the count and types of records associated with a domain, plus historical DNS changes for tracking infrastructure modifications over time.

Can the agent search across SecurityTrails' entire dataset with custom queries?

Yes. SecurityTrails offers both DSL queries for IP searches and a SQL-like query API for hosts and IPs. The agent can execute complex filters like 'SELECT * FROM hosts WHERE domain LIKE %target%' or DSL expressions like 'ip = 8.8.8.8 AND port = 443'. Results paginate through scroll IDs for large datasets.

How current is the data in SecurityTrails?

SecurityTrails maintains a daily-updating database of over 203 million domain names and over 1 billion passive DNS datasets. Domain records, WHOIS data, and IP associations refresh continuously. When the agent queries SecurityTrails, it retrieves the most recent data available in the platform.

Does Tars store the security intelligence data retrieved from SecurityTrails?

No. All SecurityTrails queries execute in real-time during conversations. Domain records, IP data, SSL certificates, and WHOIS information are used solely to generate the agent's response. Tars does not persist a copy of SecurityTrails intelligence data in any separate database.

Can the agent look up all IP addresses associated with a specific organization?

Yes. The agent uses SecurityTrails' Company Associated IPs endpoint. Provide a company domain name, and SecurityTrails returns all IP addresses linked to that organization. This is invaluable for attack surface mapping, shadow IT discovery, and understanding an organization's complete internet-facing infrastructure.

What SSL certificate information does the agent have access to?

The agent retrieves both current and historical SSL certificate data for any hostname, including the certificate issuer, subject, validity dates, serial number, and certificate chain. This helps verify SSL configurations, detect certificate changes, and identify domains sharing the same certificate authority.

How is SecurityTrails different from running DNS lookups manually?

Manual DNS lookups show current records for one domain at a time. SecurityTrails provides historical records, WHOIS data, associated IPs, SSL certificates, and cross-domain intelligence across billions of records. The AI agent combines multiple SecurityTrails queries to build a complete picture that would take hours of manual investigation.

Can the agent manage SecurityTrails ASI projects for continuous monitoring?

Yes. The agent can list existing ASI (Attack Surface Intelligence) projects and bulk add or remove static asset monitoring rules. This enables programmatic management of your attack surface monitoring from within conversations. Changes process asynchronously, and the agent can verify them through the Get Static Assets endpoint.

How to add Tools to your AI Agent

Supercharge your AI Agent with Tool Integrations

Don't limit your AI Agent to basic conversations. Watch how to configure and add powerful tools making your agent smarter and more functional.

Privacy & Security

We’ll never let you lose sleep over privacy and security concerns

At Tars, we take privacy and security very seriously. We are compliant with GDPR, ISO, SOC 2, and HIPAA.

GDPR
ISO
SOC 2
HIPAA

Still scrolling? We both know you're interested.

Let's chat about AI Agents the old-fashioned way. Get a demo tailored to your requirements.

Schedule a Demo
Get in touch

Email - sales@hellotars.com

Get in touch

Email - sales@hellotars.com

Company
About usTerms and ConditionsPrivacy PolicyContact usCareers
Resources
Case StudiesBlogHelp DocsPartner ProgramCommunityChatbot Templates
Product
Knowledge HubToolsCategorizerConversational AIAI AnalyticsAI Evaluation
USE CASES
Finance & BankingInsuranceGovernmentHealthcareTelecom
© 2025 Copyright Tars Technologies Inc.