Case Study: CyberPeace Institute achieves broader cloud asset enumeration with WhoisXML API’s passive DNS intelligence

CyberPeace Institute and WhoisXML API Enumerating Cloud Assets with Passive DNS Intelligence

CyberPeace Institute, based in Genève, Switzerland, needed a better way to demonstrate how malicious actors can enumerate cloud application tenants and expose multitenant users through subdomain discovery. Traditional methods like certificate transparency logs and standard enumeration tools were not effective enough, so they turned to WhoisXML API and its DNS Database Download Lite for academic research.

Using WhoisXML API’s passive DNS data, the researcher was able to query and retrieve a broader set of subdomains for cloud assets and multitenant applications, including instances that hinted at client names or cloud resources. WhoisXML API’s extensive subdomain coverage, intuitive interface, and fast query response time helped uncover more subdomains than traditional, commercial, or free alternatives, simplifying tenant enumeration and improving coverage.

CyberPeace Institute

Shahnoor Kiani

Volunteer