Understanding Flags
- -o json or -o list: Hakrails tool can specify the output in the JSON or list format. The list format is the default format for output. Subdomains, associated domains, and associated IPs are compatible with a list format. All the remaining endpoints are compatible with JSON format.
- -t <int number>: Haktrails tool allows to set the number of threads manually. This will specify how many domains can be processed at the same instance of time.
- -c <file path>: Haktrails tool allows to set the config file in any file location using -c <file path> flag.
- -type <type> : Haktrails tool has the feature of historical DNS lookups, so tot set that -type <type> flag is used. Other available types are a,aaaa,mx,ns,soa,txt.
Note: With this tool, it’s straightforward to utilize through a lot of API credits. For example, if you have more than 10,000 domains in target_domains.txt, running cat target_domains.txt | haktrails subdomains will use 10,000 credits. It’s also worth noting that some functions (such as associated domains) will use multiple API requests. For example, echo “w3wiki.org” | haktrails associated domains would use about 20 API requests because the data is paginated, and w3wiki.org has many associated domains.
HakTrails – Subdomain Recon Tool for bug bounty
Haktrails tool is a Golang language-based tool used for querying SecurityTrails API data. Security Trails sponsor the Haktrails tool. Haktrails is an excellent tool for reconnaissance. The primary purpose of this tool is for subdomain enumeration, but you can work beyond this enumeration. Haktrails is designed in such a way that it can be chain easily with other tools. Being a Security Researcher, you can add this tool to your Bug Bounty Recon Bucket.
Note: As Haktrails is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to install Golang in your system – How to Install Go Programming Language in Linux
Contact Us