Home
Get Started
API Usage Guides
Use Cases
Developer Tools
Integrations
Community
API ExplorerAPI Reference
Use Cases

See Everything You Own Online

This guide explains how to use the Whisper API to map an organization's digital footprint and perform comprehensive asset discovery. By systematically enumerating and analyzing an organization's internet-facing assets, you can enhance security, maintain an accurate inventory, and identify potential shadow IT.

Goal: See Everything You Own Online

An organization's digital footprint includes all of its discoverable domains, subdomains, IP addresses, and related network infrastructure. Mapping this footprint is a foundational step for security reconnaissance, asset management, and attack surface analysis. The Whisper API provides the tools to automate this discovery process.

The Workflow: From a Domain to a Full Asset Map

The discovery process starts with a single known domain and expands outward by discovering related assets and infrastructure.

Step 1: Find All Subdomains

The starting point for any footprinting exercise is to discover all associated subdomains. The Domain Management API is the perfect tool for this.

Use the findSubdomains endpoint to get a complete list of subdomains for a base domain.

curl -X GET "https://api.whisper.security/domainer/api/domains/subdomains/github.com?level=ALL" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

This call will return a list of all known subdomains, such as api.github.com, docs.github.com, and many others.

Step 2: Enrich Each Subdomain

For each subdomain you discover, the next step is to understand its purpose and infrastructure. Use the Domain Intelligence API to get a detailed profile.

curl -X GET "https://api.whisper.security/intelligence/v1/domain/api.github.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

From this response, you can extract crucial information like:

  • Associated IP Addresses: The infrastructure.ip_addresses field shows you where the subdomain is hosted.
  • DNS Records: The dns records can reveal mail servers (mx_records) or other services.

Step 3: Analyze the Underlying Infrastructure

Now that you have a list of IP addresses, you can analyze the infrastructure using the IP Intelligence API.

curl -X GET "https://api.whisper.security/intelligence/v1/ip/{IP_FROM_PREVIOUS_STEP}" \
  -H "Authorization: Bearer YOUR_API_KEY"

This will tell you:

  • Who Owns the IP: The summary.organization field reveals the hosting provider or owner of the network.
  • Geolocation: The geolocation object shows where the asset is physically located.
  • Relationships: The relationships object might uncover other domains or services hosted on the same IP, potentially revealing more assets.

By repeating this process, you can build a comprehensive and interconnected map of an organization's entire digital footprint from a single starting domain.

Next Steps

Explore our SDKs to build automated asset discovery workflows.

View the full API Reference for detailed information on each endpoint.