SPQL

Prev Next

SPQL (Silent Push Query Language) is a simple, free-form query language designed for exploring Silent Push scan data via an intuitive syntax. It enables users to search web data repositories, construct Web Scanner queries, and integrate with the Silent Push API for advanced automation.

Key Features

  • Intuitive Syntax: Combines field names, operators, and values with AND connectors and list-based OR conditions for flexible querying.
    See SPQL Syntax Rules.

  • Data Exploration: Queries six data sources, including web data (webscan), .onion sites (torscan), and non-HTTP services (services).
    See SPQL Data Sources.

  • API Integration: Execute queries via the Silent Push API for programmatic access.
    See SPQL API Functionality.

  • Command-Line Support: Use the spql_cli.py utility to run queries or generate JSON for API calls.
    See SPQL Command Line Utility.

  • Field Flexibility: Supports a wide range of field names tailored to each data source.
    See Understand Field Names.

Use Cases

  • Search for specific web server configurations (e.g., non-Apache servers with specific content types).

  • Identify domains or SSL certificates matching patterns (e.g., expired certificates or .onion domains).

  • Filter scan data by time, IP ranges, or other criteria for threat intelligence or research.

Get Started

Current Limitations

  • Not supported in the Silent Push UI Query Builder; API or command-line access required.

  • Only RE2 regular expressions are supported.

Next Steps