Search Scans
Help & Examples
Attention: Consult the Search API Reference for searchable fields and additional tips.
- Search requests (through the UI or API) are subject to your individual Search API Quotas. Make sure to use your API key.
- The query field uses the ElasticSearch Query String to search for results.
- All queries are run in filter mode, sorted by date with the more recent scans first. There is no scoring of search results.
- You can group and concatenate search-terms with brackets ( ),AND,OR, andNOT. The default operator isAND.
- You can concatenate terms within a group, e.g. page.domain:(foo.com OR bar.com).
- Always use the field names of the fields you want to search. Wildcards for the field-name are not supported! Field names are case sensitive!
- Always escape reserved characters with backslash: + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /
- Limit the time-range if possible using date, e.g.date:>now-7dordate:>now-1y.
- The dateallows relative queries likedate:>now-7dor range-queries likedate:[2020-01-01 TO 2020-02-01]or both combined.
- You can only use leading wildcard searches and regular expression searches on supported fields, and only as a signed-in user.
- Everything is indexed as lowercase, even if the Search API returns values in a case-preserving manner.
- Regular expressions are always anchored to beginning/end of the tokens (implicit ^ and $). Make sure to prefix/suffix with .*to match infix strings.
- Domain fields contain the whole domain and each smaller domain component, i.e. domaincan be searched by google.com which will find hits for www.google.com
Examples - Common searches and multiple query terms combined
- page.ip:* AND date:>now-7d Non-empty scans in the past seven days
- page.url.keyword:https\:\/\/www.paypal.com\/* Page URL Prefix search
- domain:paypal.com AND NOT page.domain:paypal.com Domain was contacted but isn't the page/primary domain
- page.domain:(paypal.com~ AND NOT paypal.com) Fuzzy Search for domain name (excluding the legitimate domain)
- page.domain:(/payp.*/ AND NOT paypal.com) Regex Search for domain name (excluding the legitimate domain)
- page.ip:(148.251.0.0\/16 AND NOT 148.251.45.170) AND date:[2018 TO 2019] IP from subnet excluding one particular IP, seen in 2018
- page.asn:AS24940 OR page.asnname:hetzner Page hosted on this AS, search by ASN or AS Name (Note: Search with 'AS' prefix!)
- page.url:"wp-content/uploads/" OR filename:"wp-content/uploads/" AND date:>now-1M Path wp-content/uploads either in page.url or by subrequest
- hash:d699f303... A resource with this SHA256 was downloaded