Real-time and historical DNS intelligence – Farsight DNSDB API Free Trial Key for Maltego

By Rebecca Köhler


Maltego’s transform hub has grown: We are happy to announce that the Farsight Security DNSDB™  set of tranforms is integrated into Maltego. Farsight DNSDB is the world's largest passive DNS database. It provides a historical view of DNS resolutions worldwide dating back to 2010 and is updated in real-time. Indexed for easy use, DNSDB enables users to gain actionable information about the past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.


With Maltego and Farsight DNSDB, threat hunters, incident responders and investigators can easily identify patterns and connections among domains and IP addresses. Security teams can now work more efficiently by quickly contextualizing and correlating indicators used in, and associated with, their investigations.


Farsight DNSDB is available on all Maltego solutions for free with limited results. To expand this trial and increase the results from the DNSDB transforms, users can get a DNSDB Trial API Key and insert it into their Maltego platform to utilize DNSDB for 30 days with 100 queries available per day. Current DNSDB API users can simply add their API key to any Maltego solution.


Farsight DNSDB Transforms

 Farsight DNSDB Transforms on domains include:

  • Hostnames observed within the domain, optionally restricted to A, AAAA, CNAME types
  • Observed name servers (NS records) for a domain,
  • Observed mail servers (MX records) for a domain


Farsight DNSDB Transforms on hostnames include:

  • Domains observed using the hostname as a name server (NS)
  • Domains observed using the hostname as a mail server (MX) TXT records observed for the hostname
  • SRV records observed for the hostname
  • Other hostnames referencing the hostname (e.g. CNAME records)


Additional Farsight DNSDB Transforms include:

  • Extracting hostnames from e-mail addresses and URLs
  • Finding hostnames which start with a given label “phrase”
  • Finding hostnames related to a network address or address range


How It Works

If you are a Maltego user but new to the Farsight DNSDB, all you need to do is install the Farsight DNSDB Transform set and immediately utilize the provided limited free queries without installing a Farsight DNSDB API Key.


                                           


If you are currently both a Farsight DNSDB customer and Maltego user, you should install the Farsight DNSDB Transform set or refresh your existing installation, and enter your existing DNSDB API Key into the settings per the instructions below.


The updated Transform set has a new setting button in the Transform details where you enter your Farsight API Key. Maltego Classic and XL users will continue to have full functionality. With this change, Maltego CE users will be able to utilize their Farsight DNSDB API Key with the standard Maltego CE response query limit.


               


To get more DNSDB queries, upgrade to a free trial by clicking the “Buy more” link in the output log window and sign up. When you receive your trial API Key by email, go into the Transform settings and enter your API Key.


At any time, a Maltego user can revert to the limited free queries by removing the API Key from the settings.


You can find more information on installation, types of pivots and more by visiting the Farsight Maltego page- https://www.farsightsecurity.com/maltego/


For more information on DNSDB please visit https://www.farsightsecurity.com/get-started-guide/.