Securitytrails

Bulk add or remove static asset rules for a SecurityTrails ASI project. Static asset rules define which domains/IPs are included or excluded from the project's monitoring scope. This operation processes up to 1000 rules (combined add + remove) per request. The API processes rules asynchronously, waiting up to 2 seconds for completion. If processing takes longer, task_ids are returned for status polling. Note: Requires a valid project_id from the List Projects endpoint. Use the Get Static Assets endpoint to verify changes after bulk operations complete.

Tool to retrieve IPs associated with a company domain. Use when you need to find all IP addresses linked to an organization's domain name.

Retrieves comprehensive domain information from SecurityTrails including current DNS records, infrastructure details, and statistics. This tool fetches detailed DNS data (A, AAAA, MX, NS, SOA, TXT records) along with metadata about when records were first seen, which organizations own the infrastructure, and how many other domains share the same servers. Useful for domain reconnaissance, infrastructure mapping, security analysis, and understanding domain configurations. Returns structured data with typed fields for easy programmatic access by AI agents.

Tool to fetch current and historical SSL certificate details for a hostname. Use when you need to retrieve SSL data after identifying the domain. Coverage limited to certificates indexed by SecurityTrails; private, internally-issued, or very recently issued certificates may be absent.

Fetch aggregated statistics for IP addresses matching a DSL query. Returns top open ports by frequency, common reverse DNS patterns, and total count. Useful for analyzing IP infrastructure patterns, port distributions, and PTR records across specific IP ranges or reverse DNS domains.

Tool to list ASI projects available to the account. Use when you need project IDs for subsequent ASI operations.

Tool to test authentication and connectivity with the SecurityTrails API. Use after configuring API key.

Tool to continue scrolling through DSL search results. Use after receiving a scroll_id from SECURITYTRAILS_SEARCH_IPS or SECURITYTRAILS_SQL_API_EXECUTE_QUERY to fetch the next batch of data. Call iteratively until no scroll_id is returned to retrieve all pages.

Tool to search IP addresses via SecurityTrails DSL. Use when you need to filter IPs with custom DSL queries. Results are paginated; use SecurityTrails scroll mechanisms for large result sets to avoid missing assets.

Execute SQL-like queries against SecurityTrails data. Query the 'hosts' table for domain/DNS information or the 'ips' table for IP address/ASN/port data. Returns up to 100 records per request with a scroll ID for pagination. Supports standard SQL syntax (SELECT, WHERE, AND, OR, IN, IS NULL) but does NOT support LIMIT clause.

Tool to fetch next page of SQL query results. Use after obtaining scroll_id from initial SQL API response.

Retrieve account usage information from the SecurityTrails API. This action fetches the current monthly usage and allowed monthly usage limits for your SecurityTrails API account. Use this to monitor your API quota consumption. Returns: On success (200): - current_monthly_usage: Your current API usage for the month - allowed_monthly_usage: Your total allowed monthly API quota On error: - status_code: HTTP status code - response_text: Error message from API