HakTrails – Subdomain Recon Tool for bug bounty
Haktrails tool is a Golang language-based tool used for querying SecurityTrails API data. Security Trails sponsor the Haktrails tool. Haktrails is an excellent tool for reconnaissance. The primary purpose of this tool is for subdomain enumeration, but you can work beyond this enumeration. Haktrails is designed in such a way that it can be chain easily with other tools. Being a Security Researcher, you can add this tool to your Bug Bounty Recon Bucket.
Note: As Haktrails is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to install Golang in your system – How to Install Go Programming Language in Linux
Features of Haktrails tool
- Stdin input for easy tool chaining
- Subdomain discovery
- Associated root domain discovery
- Associated IP discovery
- Historical DNS data
- Historical whois data
- DSL queries (currently a prototype)
- Company discovery (discover owner of any domain)
- Whois (returns JSON whois data for any given domain)
- Ping (check that whether your current SecurityTrail’s configuration/key is working)
- Usage (check your current SecurityTrails usage)
- “JSON” or “list” output options for easy tool chaining
- “ZSH & Bash autocompletion”
Installation of Haktrails in Kali Linux
Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.
go version
Step 2: Get the Haktrails repository or clone the Haktrails tool from Github, use the following command.
sudo go get github.com/hakluke/haktrails
Step 3: Copy the Haktrails tool in the bin directory so we can easily use the tool without running the tool manually by golang, use the following command.
sudo cp /root/go/bin/haktrails /usr/local/go/bin/
Step 4: To get your API key, go to https://securitytrails.com/app/signup?plan=api-0 website and register your account. You will get your unique API key;
https://securitytrails.com/app/signup?plan=api-0
Step 5: Make mkdir ~/.config/haktools/ directory to insert API key required for running the tool, use the following command.
sudo mkdir ~/.config/haktools/
Step 6: (Setting Up the Config File) Create a haktrails-config.yml file in which the API key will be inserted, use the following command.
sudo mousepad ~/.config/haktools/haktrails-config.yml
Step 7: Verify whether haktrails is successfully configured or not, use the following command.
haktrails
Step 8: Verify if your API key is properly inserted or not, use the following command.
haktrails ping
If you get this {“success”:true} response then your key is configured properly.
Understanding Flags
- -o json or -o list: Hakrails tool can specify the output in the JSON or list format. The list format is the default format for output. Subdomains, associated domains, and associated IPs are compatible with a list format. All the remaining endpoints are compatible with JSON format.
- -t <int number>: Haktrails tool allows to set the number of threads manually. This will specify how many domains can be processed at the same instance of time.
- -c <file path>: Haktrails tool allows to set the config file in any file location using -c <file path> flag.
- -type <type> : Haktrails tool has the feature of historical DNS lookups, so tot set that -type <type> flag is used. Other available types are a,aaaa,mx,ns,soa,txt.
Note: With this tool, it’s straightforward to utilize through a lot of API credits. For example, if you have more than 10,000 domains in target_domains.txt, running cat target_domains.txt | haktrails subdomains will use 10,000 credits. It’s also worth noting that some functions (such as associated domains) will use multiple API requests. For example, echo “w3wiki.net” | haktrails associated domains would use about 20 API requests because the data is paginated, and w3wiki.net has many associated domains.
Working with Haktrails Tool
The contents or the target domains are listed in the domains.txt file. In the below screenshot, the contents of domains.txt are shown.
Example 1: Gathering associated domains
“Gathering Associated Domains” is the term of getting just domains that are acquired or owned by the same company. We will gather all the associated domains for every specified domain in our domains.txt file.
cat domains.txt | haktrails associateddomains
Example 2: Gathering associated IPs
In this example, we will gather the IP addresses or IP ranges that are owned by the company. We will specify the domains list and find the IP addresses.
cat domains.txt | haktrails associatedips
Example 3: Ping
Ping attributes check whether our API key is working properly or not. If it’s having any problem then ping will return an error.
haktrails ping
Example 4: Getting historical DNS data
In this example, we will try to gather the important historical or past DNS (Domain Name System) data for the target domain or company.
cat domains.txt | haktrails historicaldns
Example 5: Getting company details
Getting detailed information about the company is very important. So in this example, we will try to get company details and explore the company more briefly.
cat domains.txt | haktrails company
Example 6: Getting domain detail
In this example, we will gather the details about the specified domain, which includes DNS records, Alexa ranking of the domain, and last seen time.
cat domains.txt | haktrails details
Example 7: Getting whois data
WHOIS data or records are very important while penetrating the domain. So to gather the whois data is also crucial work. So in this example, we will gather the Whois data of the domain. The output is shown in JSON format.
cat domains.txt | haktrails whois
Example 8: Getting domain tags
In this example, we will return the tags of a specific target domain.
cat domains.txt | haktrails tags
Example 9: Getting API Usage Data
In this example, we will return the information or usage data of API on our SecurityTrails Account.
haktrails usage
Example 10: Checking Your API Key
The following command will Ping SecurityTrails to check if your API key is working properly.
haktrails ping
Example 11: Showing Some Average ASCII Art
Banner is the creative art of showing the design of Tool. So in this example, we will use the banner to just show a fancy banner or ASCII Art
haktrails banner
Example 12: Getting Subdomains
Haktrails has the feature to gather the subdomains related to the target domain. So in this example, we will gather the subdomains for our domains.txt file
cat domains.txt | haktrails subdomains
Contact Us