Attack Surface Search API

Search for attack surface data related to domains, including subdomains, technologies, and more.

warning

OEM API requires special partner access. Contact FullHunt sales to enable OEM capabilities on your account.

Search Attack Surface Data

Search for comprehensive attack surface information related to a domain.

HTTP Request

POST https://fullhunt.io/api/v1/oem/attack-surface/search

Request Body Parameters

Parameter	Required	Type	Description
type	Yes	string	Type of search to perform. Currently only supports "domain"
query	Yes	string	The domain to search for
query_tags	No	object	Key-value pairs for client-specific tracking

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/attack-surface/search" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "domain",
    "query": "acme.com",
    "query_tags": {
      "client_name": "ACMECorp",
      "workspace": "production"
    }
  }'

Example Response

{
  "response": {
    "domain": "acme.com",
    "hosts": [
      {
        "categories": ["Web-Servers"],
        "cdn": "",
        "cert_object": {
          "dns_names": ["*.acme.com", "acme.com"],
          "issuer_common_name": "DigiCert TLS RSA SHA256 2020 CA1",
          "issuer_country": "US",
          "issuer_organization": "DigiCert Inc",
          "not_after": "04-05-2024 23:59:59",
          "not_before": "05-05-2023 00:00:00",
          "signature_algorithm": "SHA256-RSA",
          "subject_common_name": "*.acme.com",
          "subject_country": "US",
          "subject_organization": "Acme Corporation"
        },
        "dns": {
          "a": ["192.0.2.1"],
          "aaaa": null,
          "cname": [],
          "mx": ["mail.acme.com"],
          "ns": ["ns1.acme.com", "ns2.acme.com"],
          "txt": ["v=spf1 include:_spf.acme.com ~all"]
        },
        "domain": "acme.com",
        "host": "www.acme.com",
        "http_status_code": 200,
        "http_title": "Acme Corporation - Home",
        "ip_address": "192.0.2.1",
        "is_live": true,
        "is_resolvable": true,
        "products": ["Nginx", "React"],
        "tags": ["https", "web-servers", "nginx"],
        "technologies": [
          {
            "categories": ["Web servers"],
            "name": "Nginx"
          },
          {
            "categories": ["JavaScript frameworks"],
            "name": "React"
          }
        ]
      }
    ],
    "metadata": {
      "all_results_count": 25,
      "available_results_for_user": 25,
      "timestamp": 1683721587,
      "domain": "acme.com"
    }
  }
}

Response Fields

Root Response Object

Field	Type	Description
`response`	object	Main response containing domain data
`response.domain`	string	The searched domain
`response.hosts`	array	Array of host objects containing attack surface data
`response.metadata`	object	Metadata about the search results

Host Object Fields

Field	Type	Description
`categories`	array	Categories the host belongs to (e.g., "Web-Servers")
`cdn`	string	CDN provider if the host is behind a CDN
`cert_object`	object	SSL/TLS certificate information
`dns`	object	DNS records for the host
`domain`	string	Parent domain of the host
`host`	string	The full hostname
`http_status_code`	integer	HTTP status code returned by the host
`http_title`	string	HTTP page title
`ip_address`	string	IP address of the host
`is_live`	boolean	Whether the host is currently live
`is_resolvable`	boolean	Whether the host resolves to an IP
`products`	array	Detected products/technologies
`tags`	array	Tags associated with the host
`technologies`	array	Detailed technology information

Certificate Object Fields

Field	Type	Description
`dns_names`	array	DNS names in the certificate
`issuer_common_name`	string	Certificate issuer common name
`issuer_country`	string	Certificate issuer country
`issuer_organization`	string	Certificate issuer organization
`not_after`	string	Certificate expiration date
`not_before`	string	Certificate valid from date
`signature_algorithm`	string	Certificate signature algorithm
`subject_common_name`	string	Certificate subject common name
`subject_country`	string	Certificate subject country
`subject_organization`	string	Certificate subject organization

DNS Object Fields

Field	Type	Description
`a`	array	A records (IPv4 addresses)
`aaaa`	array	AAAA records (IPv6 addresses)
`cname`	array	CNAME records
`mx`	array	MX records
`ns`	array	NS records
`txt`	array	TXT records

Technology Object Fields

Field	Type	Description
`categories`	array	Technology categories
`name`	string	Technology name

Metadata Object Fields

Field	Type	Description
`all_results_count`	integer	Total number of results found
`available_results_for_user`	integer	Number of results available to the user
`timestamp`	integer	Unix timestamp of the search
`domain`	string	The searched domain

Use Cases

Attack Surface Management

Discover all subdomains and hosts for a domain
Identify exposed services and technologies
Monitor SSL/TLS certificate status and expiration

Security Assessment

Identify potential attack vectors
Analyze technology stack for vulnerabilities
Assess DNS configuration security

Partner Integration

Integrate attack surface data into security platforms
Provide comprehensive domain intelligence to clients
Build external attack surface management solutions

Query Tags for Tracking

Use the query_tags parameter to track searches by client or context:

{
  "query_tags": {
    "client_id": "client_123",
    "client_name": "ACME Corporation",
    "workspace": "production",
    "scan_type": "attack_surface",
    "user_id": "user456"
  }
}

Rate Limiting

OEM Attack Surface Search API has custom rate limits based on your partner agreement:

Negotiated limits based on usage requirements
Burst capacity for high-volume periods
Priority processing for partner requests

Error Handling

The API returns standard HTTP status codes:

Status Code	Description
200	Success
400	Bad Request - Invalid parameters
401	Unauthorized - Invalid API key
403	Forbidden - OEM access not enabled
429	Rate limit exceeded
500	Internal server error

Data Freshness

Attack surface data is continuously updated
Results include timestamp information
Some data may be cached for performance
Real-time scanning available for premium partners

Security Considerations

All data is transmitted over HTTPS
API keys should be kept secure and rotated regularly
Results may contain sensitive infrastructure information
Consider implementing additional access controls in your platform
Be mindful of rate limiting when integrating into automated systems

Search Attack Surface Data​

Root Response Object​

Host Object Fields​

Certificate Object Fields​

DNS Object Fields​

Technology Object Fields​

Metadata Object Fields​

Use Cases​

Attack Surface Management​

Security Assessment​

Partner Integration​

Query Tags for Tracking​

Rate Limiting​

Error Handling​

Data Freshness​

Security Considerations​