Suggested Domains API
The Suggested Domains API provides suggestions for domains that may be related to your organization, helping discover shadow IT, acquisitions, partnerships, and related infrastructure.
info
This API endpoint is available for enterprise accounts only.
Get Suggested Domains
Fetch suggested domains related to your organization.
HTTP Request
GET https://fullhunt.io/api/v1/enterprise/suggested-domains
Example Request
curl "https://fullhunt.io/api/v1/enterprise/suggested-domains" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"
Example Response
{
"results": [
{
"discovery_data": "2024-05-12 18:02:09",
"identification_method": "correlation",
"suggested_domain": "google.org"
}
],
"total_query_results": 1
}
Response Fields
| Field | Type | Description |
|---|---|---|
results | array | Array of suggested domain objects |
total_query_results | integer | Total number of suggested domains |
Suggested Domain Object Fields
| Field | Type | Description |
|---|---|---|
discovery_data | string | Date and time when the domain was discovered |
identification_method | string | Method used to identify the relationship |
suggested_domain | string | The suggested domain name |
Identification Methods
Correlation
Domains identified through various correlation techniques:
- SSL Certificate Correlation: Domains sharing SSL certificates or certificate authorities
- IP Address Correlation: Domains hosted on similar IP ranges
- DNS Infrastructure: Domains using similar DNS servers or configurations
- Technology Stack: Domains using similar technology combinations
Pattern Recognition
Domains identified through naming patterns:
- Brand Variations: Different spellings or formats of company names
- Product Names: Domains containing product or service names
- Geographic Variations: Regional or country-specific domain variants
- Department/Division Names: Domains for specific business units
Acquisition Detection
Domains potentially related through business relationships:
- Recent Acquisitions: Domains of recently acquired companies
- Partnership Infrastructure: Domains associated with business partners
- Subsidiary Operations: Domains of subsidiary companies
- Joint Ventures: Domains for collaborative projects
Historical Analysis
Domains identified through historical data analysis:
- WHOIS History: Domains with shared registration information
- DNS History: Domains with historical DNS connections
- Certificate History: Domains with shared certificate lineage
- Infrastructure Changes: Domains with similar infrastructure evolution
Integration Example
import requests
import json
from datetime import datetime, timedelta
class SuggestedDomainsAnalyzer:
def __init__(self, api_key):
self.api_key = api_key
self.headers = {"X-API-KEY": api_key}
self.base_url = "https://fullhunt.io/api/v1/enterprise"
def get_suggested_domains(self):
"""Get all suggested domains for the organization."""
url = f"{self.base_url}/suggested-domains"
response = requests.get(url, headers=self.headers)
if response.status_code == 200:
return response.json()
else:
print(f"Error getting suggested domains: {response.status_code}")
return None
def analyze_suggestions(self):
"""Analyze suggested domains and categorize them."""
data = self.get_suggested_domains()
if not data or not data.get('results'):
print("No suggested domains found")
return None
suggestions = data['results']
print(f"🔍 Found {len(suggestions)} suggested domains")
print("=" * 50)
# Categorize by identification method
methods = {}
recent_discoveries = []
for suggestion in suggestions:
method = suggestion.get('identification_method', 'unknown')
domain = suggestion.get('suggested_domain')
discovery_date = suggestion.get('discovery_data')
# Count by method
methods[method] = methods.get(method, 0) + 1
# Check for recent discoveries (last 30 days)
try:
disc_date = datetime.strptime(discovery_date, "%Y-%m-%d %H:%M:%S")
if (datetime.now() - disc_date).days <= 30:
recent_discoveries.append(suggestion)
except (ValueError, TypeError):
pass
print("📊 Analysis by Identification Method:")
for method, count in sorted(methods.items()):
print(f" {method.title()}: {count} domains")
print(f"\n🆕 Recent Discoveries (last 30 days): {len(recent_discoveries)}")
for discovery in recent_discoveries[:5]: # Show first 5
print(f" • {discovery['suggested_domain']} ({discovery['discovery_data']})")
return {
"total_suggestions": len(suggestions),
"by_method": methods,
"recent_discoveries": recent_discoveries,
"all_suggestions": suggestions
}
def validate_suggested_domains(self, suggestions=None):
"""Validate suggested domains by checking their current status."""
if suggestions is None:
data = self.get_suggested_domains()
suggestions = data.get('results', []) if data else []
validated_domains = []
print("🔎 Validating suggested domains...")
for suggestion in suggestions:
domain = suggestion.get('suggested_domain')
# Check if domain is active and accessible
validation_result = self._validate_domain(domain)
suggestion['validation'] = validation_result
validated_domains.append(suggestion)
print(f" {domain}: {validation_result['status']}")
return validated_domains
def _validate_domain(self, domain):
"""Validate a single domain."""
validation = {
'status': 'unknown',
'resolves': False,
'has_website': False,
'ssl_cert': False,
'technologies': []
}
# Try to get domain details from FullHunt API
try:
url = f"https://fullhunt.io/api/v1/domain/{domain}/details"
response = requests.get(url, headers=self.headers)
if response.status_code == 200:
data = response.json()
hosts = data.get('hosts', [])
if hosts:
validation['status'] = 'active'
validation['resolves'] = True
# Check for website and SSL
for host in hosts:
if host.get('is_live'):
validation['has_website'] = True
if host.get('cert_object'):
validation['ssl_cert'] = True
# Collect technologies
products = host.get('products', [])
validation['technologies'].extend(products)
else:
validation['status'] = 'inactive'
elif response.status_code == 404:
validation['status'] = 'not_found'
except Exception as e:
print(f"Error validating {domain}: {e}")
validation['status'] = 'error'
return validation
def generate_investigation_report(self):
"""Generate a comprehensive investigation report."""
print("📋 Suggested Domains Investigation Report")
print("=" * 60)
# Get and analyze suggestions
analysis = self.analyze_suggestions()
if not analysis:
return None
# Validate domains
validated = self.validate_suggested_domains(analysis['all_suggestions'])
# Categorize by validation status
active_domains = [d for d in validated if d['validation']['status'] == 'active']
inactive_domains = [d for d in validated if d['validation']['status'] == 'inactive']
not_found_domains = [d for d in validated if d['validation']['status'] == 'not_found']
print(f"\n🎯 Validation Summary:")
print(f" Active Domains: {len(active_domains)}")
print(f" Inactive Domains: {len(inactive_domains)}")
print(f" Not Found: {len(not_found_domains)}")
# Highlight high-priority domains
high_priority = []
for domain in active_domains:
validation = domain['validation']
# Consider domains with websites and SSL as high priority
if validation['has_website'] and validation['ssl_cert']:
high_priority.append(domain)
print(f"\n🚨 High Priority Domains (Active with SSL): {len(high_priority)}")
for domain in high_priority[:10]: # Show first 10
name = domain['suggested_domain']
method = domain['identification_method']
techs = ', '.join(domain['validation']['technologies'][:3])
print(f" • {name}")
print(f" Method: {method}")
print(f" Technologies: {techs}")
print()
# Create actionable recommendations
recommendations = self._generate_recommendations(validated)
print("💡 Recommendations:")
for i, rec in enumerate(recommendations, 1):
print(f" {i}. {rec}")
# Save detailed report
report = {
"timestamp": datetime.now().isoformat(),
"summary": analysis,
"validated_domains": validated,
"high_priority_domains": high_priority,
"recommendations": recommendations
}
with open(f"suggested_domains_report_{datetime.now().strftime('%Y%m%d_%H%M%S')}.json", "w") as f:
json.dump(report, f, indent=2)
print(f"\n📁 Detailed report saved to file")
return report
def _generate_recommendations(self, validated_domains):
"""Generate actionable recommendations based on analysis."""
recommendations = []
active_count = len([d for d in validated_domains if d['validation']['status'] == 'active'])
correlation_count = len([d for d in validated_domains if d['identification_method'] == 'correlation'])
if active_count > 0:
recommendations.append(f"Investigate {active_count} active domains for potential security risks")
if correlation_count > 5:
recommendations.append("Review infrastructure correlation - may indicate shared hosting or partnerships")
# Check for recently discovered domains
recent = [d for d in validated_domains
if self._is_recent_discovery(d.get('discovery_data', ''))]
if recent:
recommendations.append(f"Prioritize investigation of {len(recent)} recently discovered domains")
# Technology-based recommendations
tech_domains = [d for d in validated_domains
if d['validation'].get('technologies')]
if tech_domains:
recommendations.append("Analyze technology stacks of validated domains for security assessment")
recommendations.append("Consider adding validated active domains to regular monitoring")
recommendations.append("Review domain ownership and registration details for confirmed assets")
return recommendations
def _is_recent_discovery(self, discovery_date_str):
"""Check if discovery date is recent (last 30 days)."""
try:
disc_date = datetime.strptime(discovery_date_str, "%Y-%m-%d %H:%M:%S")
return (datetime.now() - disc_date).days <= 30
except (ValueError, TypeError):
return False
# Usage Examples
api_key = "your-api-key-here"
analyzer = SuggestedDomainsAnalyzer(api_key)
# Basic analysis
analysis = analyzer.analyze_suggestions()
# Validate domains
suggestions_data = analyzer.get_suggested_domains()
if suggestions_data:
validated = analyzer.validate_suggested_domains(suggestions_data.get('results', []))
# Generate comprehensive report
report = analyzer.generate_investigation_report()
Automated Monitoring Integration
import requests
import json
import time
from datetime import datetime
import schedule
def monitor_suggested_domains(api_key, notification_webhook=None):
"""Monitor for new suggested domains and send alerts."""
analyzer = SuggestedDomainsAnalyzer(api_key)
# Load previous suggestions from cache
cache_file = "suggested_domains_cache.json"
try:
with open(cache_file, 'r') as f:
previous_domains = set(json.load(f))
except FileNotFoundError:
previous_domains = set()
# Get current suggestions
data = analyzer.get_suggested_domains()
if data and data.get('results'):
current_domains = set(s['suggested_domain'] for s in data['results'])
# Find new suggestions
new_domains = current_domains - previous_domains
if new_domains:
print(f"🆕 Found {len(new_domains)} new suggested domains")
# Validate new domains immediately
new_suggestions = [s for s in data['results']
if s['suggested_domain'] in new_domains]
validated = analyzer.validate_suggested_domains(new_suggestions)
# Check for high-priority new domains
active_new = [d for d in validated
if d['validation']['status'] == 'active']
if active_new:
message = f"🚨 {len(active_new)} new ACTIVE suggested domains discovered"
print(message)
for domain in active_new:
name = domain['suggested_domain']
method = domain['identification_method']
print(f" • {name} (Method: {method})")
# Send notification
if notification_webhook:
send_notification(notification_webhook, message, active_new)
# Update cache
with open(cache_file, 'w') as f:
json.dump(list(current_domains), f)
else:
print("✅ No new suggested domains found")
def send_notification(webhook_url, message, domains):
"""Send notification about new suggested domains."""
payload = {
"text": message,
"domains": [
{
"name": d['suggested_domain'],
"method": d['identification_method'],
"active": d['validation']['status'] == 'active'
}
for d in domains
],
"timestamp": datetime.now().isoformat()
}
try:
response = requests.post(webhook_url, json=payload)
if response.status_code == 200:
print("📤 Notification sent successfully")
else:
print(f"❌ Failed to send notification: {response.status_code}")
except Exception as e:
print(f"❌ Notification error: {e}")
# Schedule regular monitoring
api_key = "your-api-key-here"
webhook_url = "https://your-webhook-endpoint.com/alerts"
# Monitor every 6 hours
schedule.every(6).hours.do(monitor_suggested_domains, api_key, webhook_url)
print("🤖 Starting suggested domains monitoring...")
while True:
schedule.run_pending()
time.sleep(60)
Use Cases
Shadow IT Discovery
- Identify unknown infrastructure managed by different teams
- Discover unofficial cloud services and applications
- Find development and testing environments
Acquisition Integration
- Monitor for newly acquired company domains
- Track integration of acquired infrastructure
- Identify partnership-related domains
Brand Protection
- Discover domains that may impact brand reputation
- Identify potential trademark infringement
- Monitor for suspicious domain registrations
Security Assessment
- Expand attack surface visibility
- Identify potential security gaps
- Monitor for unauthorized infrastructure
Best Practices
Investigation Workflow
- Regular Review: Check suggested domains weekly
- Validation: Always validate domain ownership and purpose
- Classification: Categorize domains by business relevance
- Documentation: Maintain records of investigation results
Security Considerations
- Access Control: Verify if discovered domains should be accessible
- Configuration Review: Check security configurations of active domains
- Monitoring Integration: Add confirmed assets to regular monitoring
- Incident Response: Have procedures for handling suspicious discoveries
Automation Best Practices
- Alerting: Set up alerts for high-priority discoveries
- Validation: Automate initial domain validation
- Reporting: Generate regular summary reports
- Integration: Connect with existing security tools and workflows
Contact FullHunt Enterprise Support for assistance with suggested domain investigations.