Driftnet API

A comprehensive RESTful JSON API.


Domain Scans


Overview

Many web servers respond differently when a domain name is presented to them. The same server can be configured to provide a different TLS certificate and/or HTTP response for each of potentially very many domain names.

To cover off this case, Driftnet uses DNS data to match up domain names to IPs, and then presents those domain names during the scan process.

This feature is particularly important in discovering cloud-hosted services, where the only indication that a particular server is in use by a particular company is the domain name.

Domain Scan Searches

Domain scan searches use the scan/domains endpoint, which works in a very similar way to the scan/protocols endpoint:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/domains?host=google.com&direct=true' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 1,
  "result_count": 32,
  "results": [
    {
      "date": "2019-06-13",
      "id": "z2Wit4H0Sr-MYAqoiEmfSA",
      "items": [
        {
          "context": "",
          "is_metadata": true,
          "type": "ip",
          "value": "199.36.158.100"
        },
        {
          "context": "",
          "is_metadata": true,
          "type": "port-tcp",
          "value": "80"
        },
        {
          "context": "",
          "is_metadata": true,
          "type": "host",
          "value": "auth.driftnet.io"
        },
        ...

Note the third item, which has an empty context and a type of host. This is the domain name that was presented to the remote server during the scan.

Most-Recent Results

Driftnet stores results as a time series. Often, you only want to know the most recent result for an {ip, port, domain} tuple. Set most_recent=true, and your wish will be granted.

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/domains?host=google.com&direct=true&most_recent=true' \
  | jq . \
  | less -S

Additional Features

All other features described in the Internet Scans section are also available for the scan/domains endpoint, including filtering, boolean searches and summarization. Prioritization is also available, and works in a similar way.

Body searches are not currently available for domain scan data.