Contents x
      Query examples
      • 06 Oct 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Query examples

      • Updated on 06 Oct 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article Summary

      Example 1

      Search htmltitle and header.server for a ddos string and http success code.

      Syntax

      htmltitle = "DDoS* not configured" AND response = 200 AND header.server = ddos*

      Example 2

      Description: Search for a domain name not in .com TLD, scanned less than 30 days ago.

      Syntax

      domain = mandiant.* AND domain != mandiant.com AND scan_date > now-30d

      Example 3

      Search for content-type strings on servers that are not Apache or nginx, across 83.143.113.0/16 or 92.205.3.0/16 with opendirectory and cpanel in the SSL certificate names

      Syntax

      header.content-type = "text/html; charset=iso-8859-1"
      AND header.server != Apache
      AND header.server != nginx
      AND ip = [83.143.113.0/16, 92.205.3.0/16]
      AND opendirectory = true
      AND ssl.sans = cpanel*
      AND scan_date > now-10d

      Example 4

      Regular expression search: domain in SSL certificate names, not matching domain name and domain name is not empty, within one of the given network ranges.

      Syntax

      scan_date > now-30d
      AND ssl.sans ~= /^silent[a-z].+\.io$/
      AND domain !~= /silent.*/
      AND domain ~= /.+/
      AND ip = [13.249.0.0/16, 52.84.0.0/16]

      Was this article helpful?
      What's Next