DEV Community

Alex Spinov
Alex Spinov

Posted on

SecurityTrails Has a Free API — Get DNS History and Subdomains for Any Domain

#python #api #security #tutorial

The Story

I was investigating a phishing domain that appeared overnight. I needed to know: when was it registered? What DNS records did it have before? Who else used that IP?

SecurityTrails answered all three questions in one API call.

What Is SecurityTrails?

SecurityTrails is a DNS intelligence platform. They crawl the entire internet's DNS infrastructure and keep historical records. Think of it as the Wayback Machine, but for DNS.

Free API Tier

  • 50 API calls per month (free account)
  • Enough for security investigations and research
  • Sign up at securitytrails.com for an API key

The API 

# Get current DNS records
curl -s "https://api.securitytrails.com/v1/domain/example.com" \
  -H "APIKEY: YOUR_FREE_KEY"

# Get subdomains
curl -s "https://api.securitytrails.com/v1/domain/example.com/subdomains" \
  -H "APIKEY: YOUR_FREE_KEY"

# Get DNS history
curl -s "https://api.securitytrails.com/v1/history/example.com/dns/a" \
  -H "APIKEY: YOUR_FREE_KEY"
Enter fullscreen mode Exit fullscreen mode

Practical Example: Domain Investigation 

import requests

API_KEY = "your-free-key"
BASE = "https://api.securitytrails.com/v1"
headers = {"APIKEY": API_KEY}

def investigate_domain(domain):
    # 1. Get current DNS
    dns = requests.get(f"{BASE}/domain/{domain}", headers=headers).json()
    a_records = dns.get("current_dns", {}).get("a", {}).get("values", [])

    # 2. Get subdomains
    subs = requests.get(f"{BASE}/domain/{domain}/subdomains", headers=headers).json()
    subdomain_list = subs.get("subdomains", [])

    print(f"Domain: {domain}")
    print(f"A Records: {[r['ip'] for r in a_records]}")
    print(f"Subdomains: {len(subdomain_list)} found")
    print(f"First 10: {subdomain_list[:10]}")

investigate_domain("github.com")
Enter fullscreen mode Exit fullscreen mode

What You Get

  • Current DNS records (A, AAAA, MX, NS, TXT, SOA)
  • Subdomains (all known subdomains)
  • DNS history (how records changed over time)
  • Associated domains (other domains on same IP)
  • WHOIS data (registration info)

Use Cases

  1. Phishing investigation — Check when a domain was created, what it pointed to before
  2. Bug bounty — Discover subdomains and associated infrastructure
  3. Brand protection — Monitor for similar domain registrations
  4. Competitor research — See what infrastructure they use

The DNS Intelligence Stack

Tool What It Does Free Tier
SecurityTrails DNS history + subdomains 50/month
crt.sh Certificate Transparency Unlimited
RDAP Domain registration Unlimited
Shodan Open ports 100/search
GreyNoise IP classification 50/day

Full list: Free Security APIs

What DNS tools do you use for investigations? Do you prefer SecurityTrails, PassiveTotal, or something else? Share your stack!

Follow me for daily free API discoveries and security tools.

Top comments (0)