Open Domain Intel

Free, self-hosted domain intelligence API.
A self-hosted alternative to SecurityTrails ($11K–$70K/year).

✓ 6 Intel Modules ✓ No External API Keys ✓ REST API + Shortcode SecurityTrails: $11K–$70K/yr

Downloads are free — clicking the link below opens a short ad that helps support Max Intel. Wait 15 seconds after clicking to unlock.

Click here for an ad
15
seconds remaining…
✓ Unlocked — thank you!
← All Self-Hosted Tools

Version 1.0.0 · Last updated:

Why This Exists

After Mastercard acquired Recorded Future for $2.65 billion (closed Q1 2025), SecurityTrails — which Recorded Future had previously acquired for $65 million — became a subsidiary of a credit card company. The free tier was cut to 50 queries/month. Paid plans now range from $11,000 to $70,000/year with an average of $34,000.

Open Domain Intel gives you the same core intelligence — DNS, WHOIS, SSL, tech detection, subdomains, security headers — running on your own server, querying only public data sources. No SecurityTrails account, no API keys, no query limits, no annual contract.

6 Intelligence Modules

📡

DNS Records

A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, CAA. Auto-detects mail provider (Google, O365, Proton) and DNS provider (Cloudflare, Route53). Checks SPF, DMARC, DKIM.

📋

WHOIS / RDAP

Queries RDAP first (ICANN standard since Jan 2025) for structured JSON. Falls back to raw WHOIS. Returns registrar, creation/expiry dates, status, registrant info.

🔒

SSL Certificates

Full certificate chain, issuer, SAN list, days until expiry, DV/OV/EV type detection, signature algorithm. Catches expiring certs before they break.

⚙️

Technology Detection

Identifies 50+ technologies: CMS (your server, Shopify), frameworks (React, Next.js, Laravel), analytics (GA4, Plausible), CDN, server software, and more.

🗺️

Subdomain Discovery

Certificate Transparency log search (crt.sh) + DNS brute force of 100+ common prefixes. Same technique used by Subfinder, Amass, and SecurityTrails.

🛡️

Security Headers

Checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. Returns A/B/C/D grade with pass/fail per header.

SecurityTrails vs Open Domain Intel

FeatureSecurityTrailsOpen Domain Intel
DNS recordsYesYes (all types)
WHOIS/RDAPYesYes (RDAP-first)
SSL certificatesPro+ onlyYes (free)
SubdomainsYesYes (CT + brute)
Tech detectionYesYes (50+ techs)
DNS historyYes (massive DB)No (live only)
IP neighborsYesNo
Passive DNS feedsEnterprise onlyNo
Self-hostedNoYes
Query limits50/mo free, then $$$Unlimited
Price$11,000–$70,000/yr$0 forever

What Open Domain Intel doesn't do: historical DNS data (SecurityTrails has a massive proprietary database of past DNS records), reverse IP lookups, and passive DNS feeds. These require large-scale data collection infrastructure. Open Domain Intel focuses on live, real-time intelligence from public sources — which covers the vast majority of investigative use cases.

Quick Start

Step 1. Download and upload to your server. Point your domain to the /public directory.

Step 2. Make /cache writable. Visit /admin to configure (default password: changeme).

Step 3. Use it:

# Full report (all 6 modules)
curl "https://yoursite.com/api/lookup?domain=github.com" | jq .

# Individual modules
curl "https://yoursite.com/api/dns?domain=github.com"
curl "https://yoursite.com/api/whois?domain=github.com"
curl "https://yoursite.com/api/ssl?domain=github.com"
curl "https://yoursite.com/api/tech?domain=github.com"
curl "https://yoursite.com/api/subdomains?domain=github.com"
curl "https://yoursite.com/api/headers?domain=github.com"

API Endpoints

GET /api/lookup?domain={domain}     → Full report (all modules)
GET /api/dns?domain={domain}         → DNS records + SPF/DMARC/DKIM
GET /api/whois?domain={domain}       → RDAP or WHOIS
GET /api/ssl?domain={domain}         → SSL certificate details
GET /api/tech?domain={domain}        → Technology fingerprinting
GET /api/subdomains?domain={domain}  → Subdomain discovery
GET /api/headers?domain={domain}     → HTTP headers + security grade
GET /api/status                      → Health check

Embedding in Your Site

[domain_intel domain="github.com" module="dns"]
[domain_intel domain="github.com" module="ssl"]
[domain_intel domain="github.com" module="tech" format="json"]

Requirements

PHP 7.4+ with OpenSSL, Apache (mod_rewrite) or Nginx, allow_url_fopen = On. No database. No Composer. No npm. No your server. Works on shared hosting, VPS, or dedicated servers.

License

GPLv2 or later. Free to use, modify, and distribute. Built by Max Intel. See all self-hosted tools.

Open Domain Intel — Frequently Asked Questions

What is a free alternative to SecurityTrails?

Open Domain Intel is a free, self-hosted PHP project that provides DNS records, WHOIS/RDAP data, SSL certificate analysis, technology detection, subdomain discovery, and HTTP security header grading — the same core capabilities as SecurityTrails, which costs $11,000–$70,000/year. It uses only public data sources and requires no external API keys.

How does Open Domain Intel find subdomains?

Open Domain Intel discovers subdomains using two methods: Certificate Transparency log search via crt.sh (the same technique used by SecurityTrails, Subfinder, and Amass), and DNS brute force of 100+ common subdomain prefixes. Results are deduplicated and cached.

Does Open Domain Intel use RDAP or WHOIS?

It tries RDAP first, which became the official ICANN replacement for WHOIS on January 28, 2025. RDAP returns structured JSON data. If RDAP is unavailable for a TLD, the plugin falls back to traditional WHOIS via port 43. Both are parsed into a consistent format.

Open Domain Intel

Open-source domain intelligence tools including WHOIS, DNS, and certificate transparency lookups.

Domain Intel

Desktop domain investigation tool.

Domain Recon

Advanced domain reconnaissance.

DNS Deep Dive

DNS record analysis.

Subdomain Scanner

Discover subdomains.
ipt src="tools.json" type="application/json" id="tools-data">