DNS & IP Tools provide tactical intelligence to Security Operations (SOCS). Penetration Testers use the tools to map the attack surface of a target. Blue teams benefit from quickly identifying areas of security weakness and during incident response. Collect information about IP Addresses, Networks, Web Pages and DNS records.
The information gathering tools here are a quick reference point. Pivot from the information found with these tools to perform deeper enumeration using port scanners, web page analysis and other more aggressive tools.
Free IP and Network Tools
|Test Ping||A common tool for testing connectivity to a host, perform a
|DNS Lookup||Find DNS records for a domain, results are determined using the
|Find (A) Records||Find forward DNS (A) records for a domain.|
|Reverse DNS||Find Reverse DNS records for an IP address or a range of IP addresses.|
|Find Shared DNS Servers||Find hosts sharing DNS servers.|
|Zone Transfer||Online Test of a zone transfer that will attempt to get all DNS records for a target domain|
|Whois Lookup||Determine the registered owner of a domain or IP address block with the
|IP Geolocation Lookup||Find the geographic location of an
|Reverse IP||Discover web hosts sharing an IP address with a reverse IP lookup.|
|TCP Port Scan||Determine the status of an Internet facing service or firewall|
|UDP Port Scan||Online UDP port scan available for common UDP services|
|Subnet Lookup Online||Determine the properties of a network subnet|
|Page Links||Dump all the
|AS Lookup||Get Autonomous System Number or
|Banner Grabbing (Search)||Discover network services by querying the service port.|
|Chrome extension||Chrome Extension for Fast access to IP Tools.|
Many of these tools are passive in nature with no packets sent to target IP ranges. For tools that do generate a small number of packets against target networks there are benefits from not being sourced from your own IP range. Particular helpful in investigations or red team testing where you may benefit from not being directly attributable.
To balance the Free availability of these tools against the need to minimise abuse; a number of limits exist on the Free access to the IP Tools. Queries are are available through the web forms on each tool page. In addition access is also available using the simple API.
Using the IP Tools API
Try the Free API access to the IP Tools. The purpose of providing these tools accessible via an API is to make it as easy as possible to quickly get access to information that can assist when assessing the security of an organizations network. Remove limits with a Full Membership
The output from the API is basic text, you can access the API using
curl, a web browser or a scripting language of your choice such as
Using the API is straight forward, the target system IP address or hostname can be added to the q= parameter. No key or sign-up is required to access the API.
If you are a registered user you can access an API key in the user dashboard. Access with the API key must use
Example request with curl and a valid API Key:
Access to the MTR Traceroute API
Access to the on-line Test Ping API
Access to the DNS Lookup API
Access to the Reverse DNS Lookup API
Access to the Whois Lookup API
Access to the IP Geolocation Lookup API
Access to the Reverse IP Lookup API
Access to the HTTP Headers API
Access to the Page Links API
Access to the AS Lookup API
These tools have been made available for adhoc lookups to assist in the security assessment process. There is a limit of 50 API calls per day from a single IP address as a Free user. As some of the data from cached resources there is no guarantee made for accuracy or reliability of this service. See the HackerTarget.com terms of service for more information.
Rate Limiting of API Requests
To ensure service reliability we have a rate limit that amounts to a maximum of 2 requests per second from a single IP address. If you exceed the rate limit you will receive a HTTP 429 response code from the API server.
API Usage and Quota Monitoring
The current users API quota and usage can both be monitored by examining the HTTP Headers of the response from the API endpoint.
In the example below the
curl -i command is used, this will display the HTTP Headers as part of the output. The
x-api-quota reports on the current users API quota and the
x-api-count shows the current API usage count for the day.
test@thematrix:~$ curl -i https://api.hackertarget.com/geoip/?q=126.96.36.199 HTTP/2 200 server: nginx date: Wed, 27 Jan 2021 21:17:26 GMT content-type: text/plain; charset=utf-8 content-length: 91 x-api-quota: 51 x-api-count: 8 IP Address: 188.8.131.52 Country: Australia Latitude: -33.494 Longitude: 143.2104
Domain Profiler for Attack Surface Discovery
Use the Domain Profiler tool to perform automated reconnaissance against a domain name. This provides a quick overview of an organisations Internet facing infrastructure within a few minutes.
Chrome Extension for Fast access to IP Tools
If you are a Chrome user you may find this extension helpful in your day to day work. Access all the IP Tools using a quick popup window that will be available after you install the extension.
If you are on a Windows box this is a great way to get easy access to helpful Linux command line tools (dig, whois, curl, wget).