SPQL data sources

Updated
  • Updated on Aug 21, 2025
  • Published on Mar 22, 2024
  • 1 minute(s) read
Prev Next

SPQL queries target six data repositories, known as data sources, containing scanned web data. This article explains each data source and how to query it. See Understand field names for field details.

Available data sources

Field name

Contents

webscan

Web data on the public IPv4 and IPv6 ranges

torscan

Data from .onion sites

services

Non-HTTP services, e.g., SSH/DNS, include TLS/SSL certificate data

opendirectory

Data gathered from open directories

webscanhistory

Log of successful scanning attempts

webscanfailure

Log of failed scanning attempts

Query data sources

  • Use the datasource field to target a specific repository.

Example 1: Search torscan for .onion domains containing crypto.

domain = crypto* AND datasource = torscan

Example 2: Find expired SSL certificates in services on public IPv4.

ssl.expire = true AND datasource = services

Multiple Data Sources: Use square brackets to query multiple sources (acts as OR).

domain = payments* AND datasource = [webscan, torscan]

Notes: See SPQL Query Examples for more query patterns.
Use SPQL API functionality or SPQL Command Line Utility to execute queries.