Tutorials
Welcome to the Tutorials section of MerkleMap's documentation. Here, you'll find a collection of tutorials and examples to help you make the most of MerkleMap's powerful search capabilities. Whether you're new to MerkleMap or an experienced user, these tutorials will guide you through common search patterns, using wildcards, and ways to automate your searches.
Common Search Patterns
MerkleMap's search functionality allows you to discover subdomains and SSL/TLS certificates across the internet. Here are some common search patterns to get you started:
- Default search behavior:
By default, MerkleMap interprets search terms as
*query*
, meaning that a wildcard (*
) is automatically added at the start and end of the search term. For example, searching forexample
will match subdomains likeexample.com
,www.example.com
,dev.example.org
, etc.
This default behavior is disabled if:
- The exact match operator
=
is used. - At least one wildcard (
*
) is manually specified in the search query.
-
Searching for subdomains of a specific domain: To find subdomains of a particular domain, enter the domain name in the search query field. For example, to find subdomains of
example.com
, use the following search query: example.com -
Using wildcards: MerkleMap supports the use of wildcards (
*
) in search queries. This allows you to find subdomains that match a specific pattern. For instance, to find subdomains starting with "dev" forexample.com
, use the following search query: dev*.example.com -
Exact matches: If you want to search for an exact subdomain, prefix your search query with
=
. This ensures that MerkleMap returns only the exact match. For example, to find the exact subdomainapi.example.com
, use the following search query: =api.example.com -
Finding instances of a specific keyword: MerkleMap can help you find subdomains containing a specific keyword. For instance, to find subdomains that include the word "jira", use the following search query: jira This will return subdomains like
jira.example.com
,dev-jira.example.org
, etc.
Automating Searches
MerkleMap provides an API that enables you to automate your searches and integrate MerkleMap's functionality into your own tools and scripts. Here's an example of how to use the MerkleMap API to automate searches:
- API Endpoint: The MerkleMap search API endpoint is:
https://api.merklemap.com/search
- API Parameters: The API supports the following query parameters:
query
: The search query (e.g.,example.com
).page
: The page number for paginated results.stream_progress
: Set totrue
to get the search progress in the response stream.stream
: Set totrue
to get the search results in the response stream. Pagination is ignored in this mode.
- Example API Request:
Here's an example API request using curl to search for subdomains of
example.com
:
curl -N -G https://api.merklemap.com/search \
-d query=example.com \
-d page=1
- API Response Format:
The API response is returned as a JSON object by default. However, when
stream=true
and/orstream_progress=true
are used, the response is returned as a Server-Sent Events (SSE) stream.
- JSON Response:
{
"count": 9588,
"results": [
{
"domain": "3.example.com",
"subject_common_name": "1.example.com",
"not_before": 1726168444
},
{
"domain": "www.2.example.com",
"subject_common_name": "www.2.example.com",
"not_before": 1726130923
},
...
]
}
- SSE Stream Response:
data: {"progress_percentage":10.0}
data: {"progress_percentage":20.0}
data: {"domain":"example.com","not_before":1726168444,"subject_common_name":"example.com"}
data: {"progress_percentage":30.0}
data: {"domain":"www.example.com","not_before":1726130923,"subject_common_name":"www.example.com"}
...
By leveraging the MerkleMap API, you can automate your searches, integrate MerkleMap into your existing tools, and build custom solutions tailored to your specific needs.
These tutorials provide a starting point for exploring MerkleMap's search capabilities. Feel free to experiment with different search patterns, use wildcards, and automate your searches to unleash the full potential of MerkleMap in your subdomain enumeration and certificate transparency exploration efforts.