Help & Examples

• All API actions (including Search) are subject to your individual API Quotas.
• The query field uses the ElasticSearch Query String to search for results. All queries are run in filter mode, sorted by date descending.
• Refer to the documentation for advanced queries such as wildcard, regex, boolean operators, fuzzy searches, etc.
• You can group and concatenate search-terms with brackets
  ( )
  ,
  AND
  ,
  OR
  , and
  NOT
  . The default operator is
  AND
  .
• Always use the field names of the fields you want to search. Wildcards for the field-name are not supported!
• Always escape reserved characters with backslash:
  + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /
• Always limit the time-range if possible using
  date
  , e.g.
  date:>now-7d
  or
  date:>now-1y
  .
• You can use wildcard (though no leading wildcard) and regex search on almost all fields. Regexes are always anchored to beginning/end of the tokens.
• The
  date
  allows relative queries like
  date:>now-7d
  or range-queries like
  date:[2020-01-01 TO 2020-02-01]
  or both combined.
• Domain fields contain the whole domain and each smaller domain component
  domain
  can be searched by google.com which will include www.google.com
• The
  page.url
  field is analysed as text, if you want to find multiple path components you should use phrase search with
  page.url:"foo/bar/batz"
• The
  user
  and
  team
  field are special, you can search for
  user:me
  or
  team:me
  to get your own scans.
• Searchable fields:
  ip
  ,
  domain
  ,
  page.url
  ,
  hash
  ,
  asn
  ,
  asnname
  ,
  country
  ,
  server
  ,
  filename
  ,
  task.visibility
  ,
  task.method
• The fields
  ip
  ,
  domain
  ,
  url
  ,
  asn
  ,
  asnname
  ,
  country
  and
  server
  contain all requests of the scan.
• To just search for the primary IP/Domain/ASN, prefix it with
  page.
  , e.g.
  page.domain:paypal.com
  .