SPQL (Silent Push Query Language) is a simple, free-form query language designed for exploring Silent Push scan data via an intuitive syntax. It enables users to search web data repositories, construct Web Scanner queries, and integrate with the Silent Push API for advanced automation.
Key Features
Intuitive Syntax: Combines field names, operators, and values with
ANDconnectors and list-basedORconditions for flexible querying.
See SPQL Syntax Rules.Data Exploration: Queries six data sources, including web data (webscan), .onion sites (torscan), and non-HTTP services (services).
See SPQL Data Sources.API Integration: Execute queries via the Silent Push API for programmatic access.
See SPQL API Functionality.Command-Line Support: Use the
spql_cli.pyutility to run queries or generate JSON for API calls.
See SPQL Command Line Utility.Field Flexibility: Supports a wide range of field names tailored to each data source.
See Understand Field Names.
Use Cases
Search for specific web server configurations (e.g., non-Apache servers with specific content types).
Identify domains or SSL certificates matching patterns (e.g., expired certificates or .onion domains).
Filter scan data by time, IP ranges, or other criteria for threat intelligence or research.
Get Started
Learn the syntax and see examples in SPQL Syntax Rules and SPQL Query Examples.
Explore available data sources in SPQL Data Sources.
Use the API or command-line client for execution, as detailed in SPQL API Functionality and SPQL Command Line Utility.
Current Limitations
Not supported in the Silent Push UI Query Builder; API or command-line access required.
Only RE2 regular expressions are supported.
Next Steps
Begin by learning SPQL Syntax Rules to construct queries, and then explore SPQL Query Examples for practical applications.
For programmatic use, refer to SPQL API Functionality or SPQL Command Line Utility.