Search Scans

Help & Examples

  • All API actions (including Search) are subject to your individual API Quotas.
  • The query field uses the ElasticSearch Query String to search for results. All queries are run in filter mode, sorted by date descending.
  • Refer to the documentation for advanced queries such as wildcard, regex, boolean operators, fuzzy searches, etc.
  • You can group and concatenate search-terms with brackets
    ( )
    ,
    AND
    ,
    OR
    , and
    NOT
    . The default operator is
    AND
    .
  • Always use the field names of the fields you want to search. Wildcards for the field-name are not supported!
  • Always escape reserved characters with backslash:
    + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /
  • Always limit the time-range if possible using
    date
    , e.g.
    date:>now-7d
    or
    date:>now-1y
    .
  • You can use wildcard (though no leading wildcard) and regex search on almost all fields. Regexes are always anchored to beginning/end of the tokens.
  • The
    date
    allows relative queries like
    date:>now-7d
    or range-queries like
    date:[2020-01-01 TO 2020-02-01]
    or both combined.
  • Domain fields contain the whole domain and each smaller domain component
    domain
    can be searched by google.com which will include www.google.com
  • The
    page.url
    field is analysed as text, if you want to find multiple path components you should use phrase search with
    page.url:"foo/bar/batz"
  • The
    user
    and
    team
    field are special, you can search for
    user:me
    or
    team:me
    to get your own scans.
  • Searchable fields:
    ip
    ,
    domain
    ,
    page.url
    ,
    hash
    ,
    asn
    ,
    asnname
    ,
    country
    ,
    server
    ,
    filename
    ,
    task.visibility
    ,
    task.method
  • The fields
    ip
    ,
    domain
    ,
    url
    ,
    asn
    ,
    asnname
    ,
    country
    and
    server
    contain all requests of the scan.
  • To just search for the primary IP/Domain/ASN, prefix it with
    page.
    , e.g.
    page.domain:paypal.com
    .

Examples - Common searches and multiple query terms combined