Pricing

from $0.50 / 1,000 domain osint recons

Try for free

Go to Apify Store

Domain OSINT Recon

Try for free

Aggregates WHOIS, DNS records, certificate-transparency subdomains and PTR records for a domain into one structured report.

Pricing

from $0.50 / 1,000 domain osint recons

Rating

5.0

(1)

Developer

Prooflio AI

Actor stats

Bookmarked

Total users

Monthly active users

2 days ago

Last modified

Input

Field	Type	Default	Description
`domains`	string[]	—	Root domains to investigate (e.g. `example.com`). Required.
`includeWhois`	boolean	`true`	Run the WHOIS lookup.
`includeDns`	boolean	`true`	Resolve DNS records.
`includeSubdomains`	boolean	`true`	Enumerate subdomains via crt.sh.
`includeReverseIp`	boolean	`true`	PTR lookups for resolved A records.

Example:

{
    "domains": ["example.com"],
    "includeSubdomains": true
}

Output

{
    "domain": "example.com",
    "scannedAt": "2025-01-01T00:00:00.000Z",
    "whois": { "registrar": "...", "createdDate": "...", "expiryDate": "...", "nameServers": "...", "raw": {} },
    "dns": { "a": ["..."], "aaaa": [], "mx": [], "ns": ["..."], "txt": ["..."], "cname": [] },
    "subdomains": ["www.example.com", "mail.example.com"],
    "reverseIp": { "93.184.216.34": ["..."] }
}

A source that fails returns { "error": "<message>" } in its slot.

Legal & acceptable use

This tool queries only publicly available, open data sources (public WHOIS, the public DNS system, and public certificate-transparency logs). It performs no authentication, no scraping behind logins, and collects no personal data beyond what registrars publish in public WHOIS. You are responsible for ensuring your use complies with applicable law (including data-protection regulations) and the terms of the data sources. Do not use it to harass, stalk, or target individuals.

theHarvester Cloud - Email + Subdomain OSINT | 54 Sources Bulk

anshumanatrey/theharvester-osint

Cloud-hosted theHarvester OSINT tool. Harvest emails, subdomains, IPs, URLs and ASNs from 54+ public sources (Shodan, Censys, crt.sh, VirusTotal, SecurityTrails, GitHub, hunter.io). Full CLI feature parity — DNS brute force, subdomain takeover, screenshots. $0.003 per record harvested.

Anshuman Atrey

Real Subdomain Finder

onescales/real-subdomain-finder

Discover every subdomain for any domain. Queries 40+ OSINT sources including cert transparency, DNS archives & web scanners. Results enriched with DNS validation, HTTP probing, and subdomain takeover detection. Simple Subdomain Lookup that works!

One Scales

5.0

(2)

Sherlock Username Recon

datacach/userrecon

Scan 400+ social networks for any username in minutes. Returns confirmed profile URLs with platform categories and metadata. Built for OSINT, digital footprint mapping, brand monitoring, and background research.

DataCach

5.0

(1)

NetIntel - IP + Domain Intelligence | WHOIS DNS Geo Port

anshumanatrey/netintel

Unified IP & domain intelligence tool. Get WHOIS, DNS, GeoIP, reputation & port scan data with confidence scores. Reduce false positives by 90%.

Anshuman Atrey

Subdomain Finder & Recon Tool

andok/subdomain-finder

Discover subdomains for any target via passive OSINT sources. Ideal for security bug bounties and attack surface mapping.

Andok

🌐 Domain Intel MCP — AI WHOIS & DNS Analysis

nexgendata/domain-intelligence-mcp-server

🔍 Domains, WHOIS, DNS lookup, domain intelligence MCP server for AI agents (Claude Desktop, Cursor, OpenAI Agents SDK, Vercel AI SDK). WHOIS + DNS records + subdomain discovery + SSL + tech stack detection via MCP — for OSINT and SEO AI workflows. Free tier available.

NexGenData

Cyber Attack Surface — DNS, SSL & CVE Exposure

ryanclinton/cyber-attack-surface-report

Comprehensive external attack surface report that maps any domain's infrastructure, vulnerabilities, and exposure using 11 sub-actors in parallel.

Ryan Clinton

Digital Infrastructure Exposure MCP Server

ryanclinton/digital-infrastructure-exposure-mcp

Passive infrastructure reconnaissance and misconfiguration detection intelligence for AI agents via the Model Context Protocol.

Ryan Clinton

Bug Bounty Finder - HackerOne + Bugcrowd + security.txt

anshumanatrey/bug-bounty-finder

Find every public bug bounty / responsible disclosure program for a target. Aggregates HackerOne directory + Bugcrowd engagements + target /.well-known/security.txt. Daily-use lookup for bug bounty hunters — know if a target has a program before hunting.

Anshuman Atrey

Ghost Shadow Discovery

wonderful_beluga/ghost-shadow-discovery

Zaher el siddik

Zomato Restaurant Scraper - City, Cuisine, Contact

anshumanatrey/zomato-restaurant-scraper

Scrape restaurants from any Zomato city page. Each restaurant pushed as one record with name, phone, address, cuisines, rating, cost for two. Built for B2B sales, food-tech research, ghost kitchen analysis, and restaurant competitor intelligence.

Anshuman Atrey