Silent Push Query Language (SPQL) is a simple, free-form query language designed for exploring Silent Push scan data via an intuitive syntax. It enables users to search web data repositories, construct Web Search queries, and integrate with the Silent Push API for advanced automation.
Key features
Intuitive syntax: Combines field names, operators, and values with
AND
connectors and list-basedOR
conditions for flexible querying.Data exploration: Queries six data sources, including web data (webscan), .onion sites (torscan), and non-HTTP services (services).
API integration: Execute queries via the Silent Push API for programmatic access.
Command-Line support: Use the
spql_cli.py
utility to run queries or generate JSON for API calls.Field flexibility: Supports a wide range of field names tailored to each data source.
Use cases
Search for specific web server configurations (e.g., non-Apache servers with specific content types).
Identify domains or SSL certificates matching patterns (e.g., expired certificates or .onion domains).
Filter scan data by time, IP ranges, or other criteria for threat intelligence or research.
Get started
Learn the syntax and see examples in SPQL syntax rules and SPQL query examples.
Explore available data sources in SPQL Data Sources.
Use the API or command-line client for execution, as detailed in SPQL API functionality and SPQL command line utility.
Note: Currently, only RE2 regular expressions are supported.
Next steps
Use SPQL syntax rules to construct queries, and then explore SPQL query examples for practical applications.
For programmatic use, refer to SPQL API functionality or SPQL command line utility.