External Attack Surface Management (EASM) Solutions | WhoisXML API

External Attack Surface Management (EASM) Solutions

Stay ahead of threat actors by getting a complete view of attack surfaces beyond firewalls. Internet-facing assets, such as domain names, IP addresses, subdomains, and DNS records, can be vulnerable and exploited as attack vectors.

WhoisXML API’s External Attack Surface Management (EASM) Solutions enable you to comprehensively discover, validate, prioritize, and monitor external digital assets.

Our EASM Solutions comprise a customizable set of domain, WHOIS, IP, DNS, and cyber threat intelligence sources to supplement attack surface management capabilities and provide a 360° view of the Internet.

Have questions?

Contact us at

13.7+ billionWHOIS records
721+ millionDomains tracked
2,864+TLDs & ccTLDs
4.2+ billionDomains and subdomains

Benefits of Working with WhoisXML API for External Attack Surface Management

  • Complete, timely, and relevant WHOIS, IP, and DNS footprint data

    We provide vast and complete Internet data footprints and have gathered, analyzed, and parsed WHOIS, IP, and DNS data for more than a decade now.

  • Various consumption models to support multiple use cases

    We offer different consumption models, including a wide array of APIs, data feeds, and web-based solutions to fit your organization’s needs for data access.

  • Multiple data exchange and integration partners

    We work with dozens of registrars, registries, ISPs, and security vendors to provide the best data coverage, quality, and integration options through our data exchange and partnership programs.

Take control of your cyber attack surface at every step:

1. Asset discovery

External asset discovery refers to the process of bringing to light domains, IP addresses, and relevant DNS records that could serve as attack vectors.

Here are some of the ways we can help at this stage:

  • Discover domains and subdomains related to your or your clients’ organizations
  • Uncover subdomains that could have dangling DNS records
  • Track down domains and subdomains connected to your organization based on IP address resolutions

2. Asset attribution and validation

Uncovered external assets must be analyzed and processed for anomalies and vulnerabilities. Our EASM Solutions can help by providing context in terms of:

  • Checking the current and historical WHOIS ownership data of Internet properties
  • Identifying the geolocation, network information, and related infrastructure of IP addresses and ranges
  • Discovering vulnerabilities in SSL configurations and certificates, domain infrastructure, and dozens of other potential attack vectors

3. Remediation prioritization

Get insights into which assets are the most vulnerable and require immediate attention and remediation.

Here are some of the ways we can help at this stage:

  • Rank domain names and IP addresses according to their risk scores
  • Take immediate action on assets that are flagged “malicious”
  • Assess vulnerabilities and address the most severe ones first

4. Continuous monitoring

External attack surface management is a never-ending and multidimensional process.

Our EASM Solutions can notably help in these ways:

  • Monitor when company-related assets appear in the DNS
  • Notice when previously identified attack vectors and vulnerable assets get updated or become newly active
  • Visualize changes to the content that typosquatting domains and subdomains host

Customizable EASM Components

  • Passive DNS Data

    DNS Database Download is a comprehensive passive DNS data repository covering 2+ billion hostnames and 100 billion historical DNS events across A, MX, NS, TXT, CNAME, and SOA records.

  • Subdomain Data

    Subdomains Database Download contains more than 2.3 billion records, over 1 million of which are added daily to the database to keep track of all the latest subdomains created.

  • WHOIS and Historical WHOIS Records

    WHOIS Database Download is an extensive repository of more than 13.7 billion current and historical WHOIS records with all the relevant dates and critical registrant, registrar, and other data points.

  • IP Geolocation Data

    IP Geolocation Data Feed provides geographical context to IPv4 and IPv6 addresses, covering over 300,000 unique locations and 99.68% of all active IP addresses.

  • IP Netblocks Data

    IP Netblocks WHOIS Database is an IP intelligence repository containing information on 9.5+ million IP netblocks and 48,000+ IP ranges, including their ownership, network, and contact information.

  • Website Contact and Categorization Data

    Website Contacts & Categorization Database uses machine-learning algorithms to classify websites into different categories and provide the most relevant web contact points.

  • Domain Research Suite (DRS)

    Domain Research Suite (DRS) is an extensive web-based set of tools to discover domain and subdomains, search across our entire WHOIS and DNS footprints for connections, and monitor domain name activity for specific strings, registrants, and Internet properties.

  • Domain Brand Monitoring

    Brand Monitor alerts organizations of potentially rogue domain registration activities that involve their brand and company names. Brand Monitor’s results are stored within the Domain Research Suite (DRS) for immediate follow-up pivoting and contextualization.

  • Domain Reputation

    Domain Reputation API and Threat Intelligence APIs deliver complete risk profiles for Internet properties considering more than 100 parameters such as presence on malware databases, domain infrastructure, SSL configurations, open ports, and more.


Looking for an all-in-one package? Learn more about the Security Intelligence (SI) Suite.

The SI Suite is WhoisXML API’s ultimate WHOIS, IP, DNS, and subdomain data package for external attack surface management and all types of security R&D and product initiatives.

Related Success Stories

Enriching attack surface mapping with domain and IP intelligence

WhoisXML API is part of the OWASP Amass Project and contributes to the ecosystem in different ways to support advanced attack surface mapping and external asset discovery.

Read full story

WhoisXML API transforms are available on Maltego

WhoisXML API data footprints are now accessible on Maltego to support security investigations and advanced visual representations of Internet-facing assets and their connected data points.

Read full story

Third-party risk monitoring with domain and IP intelligence

NormShield uses our comprehensive sets of domain, subdomain, and IP intelligence sources to conduct thorough risk evaluations and deliver results through intuitive scorecards.

Read full story

WHOIS data helps identify dangerous web assets

IBM’s QRadar collects DNS transactions and correlates them with WHOIS data to support fraud prevention by identifying risky domains and IP addresses.

Read full story

For pricing details and building your customized solution, please contact us!