Silent Push Query Language (SPQL) queries target six data repositories, known as data sources, containing scanned web data. This article explains each data source and how to query it. See Field names for field details.
Overview of data sources
Web Search organizes scanned data into six data sources, each representing a specific type of web data. The table below summarizes each data source and its primary use case:
Data source | Description |
|---|---|
Web Scan | Web data from public IPv4 and IPv6 ranges, including HTML, favicons, and SSL data. |
Dark Web Scan | Data from .onion sites on the Tor network, similar to Web Scan but Tor-specific. |
Web Resource Scan | Resources from web searches, including logs of successful and failed attempts, tracking domains, and IPs. |
Open Directory Scan | Data from open directories, including file and directory metadata. |
Banner Scan | Non-HTTP services (e.g., SSH, DNS), including TLS/SSL certificate data and service banners. |
WHOIS Scan | WHOIS data for domain registration details and ownership information. |
Query data sources
Use the
datasourcefield to target a specific repository.
Example 1
Search torscan for .onion domains containing crypto.
domain = crypto* AND datasource = torscanExample 2
Find expired SSL certificates in services on public IPv4.
ssl.expire = true AND datasource = servicesMultiple data sources
Use square brackets to query multiple sources (acts as OR).
domain = payments* AND datasource = [webscan, torscan]Notes: See SPQL Query Examples for more query patterns. Use SPQL API functionality or SPQL Command Line Utility to execute queries.