Cross-search (pipeline)
Cross-search is the engine behind several Profundis tools. It chains searches across datasets (hosts, DNS, WHOIS and certificates) and feeds the results of one step into the next, so you can follow a relationship across datasets in a single run instead of copying values between separate searches by hand.
Cross-search is not a standalone API endpoint. You use it through the tools below.
You use it through the tools built on top of it:
- Registrant Explorer: start from an organization name and pull back its domains, hosts and DNS records.
- Entity Intelligence Hub: start from a root domain or company name and map its hosts, certificates, domains, nameservers and IPs.
- Threat Graph: expand a node (domain, IP, certificate, nameserver, ASN, analytics tag or registrar) to pull in related assets.
- Domain Portfolio Analyzer: compare up to 10 domains across their infrastructure and technology.
What it does
Cross-search runs a sequence of steps. Each step searches one dataset, then passes selected values from its results into the next step's search. Following that chain lets you move from one kind of asset to another without writing a single query yourself.
A couple of examples, in words:
- Start from an organization in WHOIS, collect the domains it registered, then look up the hosts behind those domains. You go from a company name to its live infrastructure in one run.
- Start from a domain's private nameservers, then find other domains that use the same nameservers. That surfaces related assets that share hosting setup but don't share an obvious name.
Limits
Any logged-in user can use the tools built on cross-search. The depth of a run depends on your plan.
| Free | Professional / Enterprise | |
|---|---|---|
| Steps per run | 3 | 5 |
| Results per step | 15 | 50 |
| Chained values between steps | 20 | 100 |
| Aggregation buckets | 10 | 50 |
| Load more on large result sets | - | yes |
Cross-search spends 1 credit per step. See the Credits page for details.
Frequent questions
Do I need a paid plan to use cross-search?
No. Any logged-in user can use the tools built on cross-search. A paid plan (Professional or Enterprise) raises the limits in the table above and adds Load more on large result sets. Some individual tools have their own access rules, listed on their own pages.
What happens when a step returns no results?
The run continues. Later steps receive no input, so their results are empty, but the run still completes and shows you each step's output. That lets you see where the chain stopped.
Can the same dataset appear in more than one step?
Yes. A common pattern is WHOIS then WHOIS: take a domain's nameservers, then find other domains that use the same nameservers.
How much does a run cost?
One credit per step. A 3-step run costs 3 credits, a 5-step run costs 5. See Credits.