Test command line utility

  • Updated on Jan 28, 2024
  • Published on Oct 4, 2023
  • 1 minute(s) read
Prev Next

SPQL features a simple command line client that allows users to write plain SPQL queries.

Queries can either be executed directly or run to only display the JSON encoded query to be used in conjunction with curl or Postman.

Installation: pip install -r requirements.txt

Command line options

Syntax: spql_cli.py [OPTION]

Option Description
-q, --query 'TEXT' (Required) SPQL query as a string.
-f, --fields TEXT A list of field names to return, comma-separated, surrounded by square brackets, with no spaces. This may be set as environment variable `SPQL_FIELDS.
-s, --sort TEXT A list of field names and order to sort by, comma-separated for nested sort, surrounded by square brackets, no spaces [scan_date/desc,domain/asc]. This may be set as the environment variable SPQL_SORT.
--api-key TEXT (Required) Silent Push API key - may be set as environment variable SPQL_API_KEY.
--limit INTEGER Maximum number of results to return.
--skip INTEGER Number of results to skip.
--with_metadata INTEGER <0 1> Include metadata with results.
-e, --echo-query Show a JSON encoded query without executing it.
-h, --help Show this message and exit

Environment variables

API key

For convenience the API key can be stored as an environment variable (the --api-key parameter, if given, overrides the environment variable).

Example: export SPQL_API_KEY=<api_key>

Fixed fields

If a fixed set of fields are often used, it can be set as an environment variable.

Example: export SPQL_FIELDS=[domain,hostname,ip,url,htmltitle]

The --fields parameter, if given, overrides the environment variable. Users can also use --fields [] to return all available fields for each record in the results.

Sort order

If a fixed sort order is often used, it can be set as an environment variable.

Example: export SPQL_SORT=[domain/asc,scan_date/desc]

The –-sort parameter, if given, overrides the environment variable.

Example command line query

The below query searches for:

  1. A content-type string
  2. On servers that are not Apache or nginx
  3. With an opendirectory and cpanel in the SSL certificate name
  4. Scanned less than 30d ago
Syntax

spql_cli.py -q 'header.content-type = "text/html; charset=iso- 8859-1" AND header.server != Apache AND header.server != nginx AND opendirectory = true AND ssl.sans = cpanel* and scan_date > now-30d and domain ~= /na[^0-9].*/ and tld = [co.uk,tk]' -f ‘[domain,hostname,ip,url,htmltitle,datahash,tld,header.server]- -s ‘[domain/asc,hostname/asc,scan_date/desc]’ –-with_metadata 1 --limit 50 --skip 0