Conducting Internet investigations from a single dashboard is something that many investigators dream of. There haven’t been many options to do this well until now with Cybertoolbelt.com. And there’s a good reason: Tools like this require a lot of server resources for lookups, data storage, and search. It is also challenging in this space to find API services that are accurate all the time. In our review video, we put the key features to the test and compare it to other services for accuracy.
Cybertoolbelt the home to over a dozen Internet investigation tools on one web page. As you can see from their current list below, the key offerings include IP address lookups, Whois contact search, shared contact information search, email address confirmation, web page monitoring, and service scans. The Beta service migrated to a subscription plan on January 1, 2015. However, Cybertoolbelt is offering NetBootCamp readers an expanded 20-day free trial by entering the promo code NETBOOTCAMP2015 during signup. That’s double the usual trial period.
Easy to Use
Cybertoolbelt’s user interface will appeal to many investigators, particularly new investigators and those who do not dig into IP addresses and domains on a regular basis. Tools are laid out in columns with a fairly logical flow. With a click, you can begin with a domain, expand your search into IP addresses, and capture screenshots or set up a web page monitor without leaving the dashboard.
You experience a delay while the tool looks up data for the first time.
We rated Cybertoolbelt highest in features. In our test, we focused on key features that are core to our own investigations. We examined IP address lookups and geolocation, subdomains, DNS, Traceroutes, and the advanced Whois search, which was the premium feature that caught our attention.
With Cybertoolbelt, all contact fields in a domain registration can be searched to find other domains that currently use the same contact. This is a common method to find related websites; connecting owners through unique domain registration information such as names, phones, and physical or email addresses. The image below illustrates the advanced Whois search options.
Whoisology.com is another subscription service that provides a similar ability to search Whois fields. That recently launched service is limited to domain lookups, with plans beginning at $15.00/month.
There have been several services that specialize in connecting websites through shared information. These connections are usually made through domain and hosting assets, such as shared name servers and IP addresses, the SOA or start-of-authority email address used to setup name servers and shared HTML code such as Google Analytics accounts, social media widgets, advertising publisher accounts, and more.
Unfortunately, several of these services like Reverseget.com folded under pressure. The services allegedly violated Europe’s Data Protection laws by acquiring and analyzing personal information without the subject’s consent. Let’s hope this trend gets corrected.
The IP address and domain registration space is a tough one when it comes to delivering accurate results. It’s also the reason why we gave Cybertoolbelt a slightly better-than-average rating in this area.
Accuracy is the reason why seasoned investigators do not rely on a single tool or dashboard. And, in most cases, it’s not the fault of the tool. The issue has to do with the inconsistencies in how IP address contact information is managed by Regional Internet Registries and ASNs, the Internet networks that manage blocks of IP addresses. For domain registrations, the same inconsistencies impact the Whois database due to the way that registrars and the ccTLDs and gTLDs, which are the providers of the generic and country level domains, manage that information. I can tell you from working on similar in-house projects and ICANN working groups that it will remain challenging to fetch and parse accurate information in both of these spaces.
We anticipated running into these issues with Cybertoolbelt and we did. The IP address geolocation information in our tests was inaccurate; probably due to the data source and the region where the IP address was assigned. Our review video demonstrates how you can troubleshoot these details. Our free class on IP address locations also provides a deeper look into the accuracy of IP address lookups.
Cybertoolbelt’s subdomain search appears to be based on a dictionary search using commonly used names. This is also a difficult space to get full and accurate details. We found the free tools Pentest-tools.com and Robtex.com provided additional details but, like IP addresses, need to be verified.
Website, domain, and IP address information changes often, especially when operators are pursued or trying to anonymize their operations. Because of this, the data that your tool accesses makes a big difference. Stale data or relatively shallow history can potentially deliver less reliable results in an address and in domain lookups. With any tool that you use, it is important to understand where the data comes from and how old it is. Cybertoolbelt responds to some queries with fresh lookups and some with historical data that it captured from previous crawls. We mainly encountered data that was current or not older than a year or so. A lot can change online in a month, so the ability to view a complete history of hosting and domain registration information can sometimes make a case. Doing that within the same search would be even better. Presently, there is really just one service with a deep database of historical hosting and registration information: Domaintools.com. Subscriptions there begin at $ 49.95/month.
Cybertoolbelt plans begin at $11.95 per month and cap off at $99.95 at the top end. Under the first plan, users can make up to 50 queries per day and monitor 2 domains. A few monitoring services are free, like Uptimerobot.com, though you’re looking to pay at least $8.95/month for a real-time monitoring service like Monitis.com. An investigator pursuing an elusive operator or a large group of websites could easily setup several monitors and 50 searches in one sitting. So, Cybertoolbelt’s entry level plan is a good value.
Cybertoolbelt is a great interface and a good place for new investigators to learn how to find related websites. You may need to troubleshoot the supplied IP address geolocation information using a traceroute and that could detract your confidence in the subscription’s accuracy. We ’d like access to see more historical data on the same click and the ability to access this data in the same search. All in all, Cybertoolbelt is a unique tool and it’s this month’s trainer’s choice for Internet investigative tools.
* Prices and features are accurate as described at the time of the review
* NetBootCamp was not provided compensation for providing the promotional code