Web Search is a key feature of Silent Push, designed to scan the clearnet and dark web for historical infrastructure matching granular parameters. This article will walk you through how to use Web Search, its detailed functionalities, and how it connects to broader security practices like threat hunting, brand protection, and attack surface intelligence.
Web Search leverages our DNS intelligence to analyze content hosted on infrastructure, offering a historical dataset from all scan points. This differs from Live Scan, which provides real-time, single-point results. This enables you to track the movement of threat infrastructure over time and understand how attackers adapt their tactics, techniques, and procedures (TTPs) to evade detection. It’s ideal for revealing and pivoting across attacker infrastructure from a single origin or identifying vulnerable assets in an attack surface or supply chain.
If a domain, IP, or URL is part of a redirect chain, Web Search doesn’t stop at one page. It provides all observable data, including paths through multiple hops like Cloudflare holding pages or deferred login pages, giving you a complete picture.
Choose your interface
Web Search offers:
Query Constructor: A building-block style interface to visually build searches.
Command Line Interface (CLI): Ideal for typing queries directly.
Select based on your preference!
Construct your query
Use over 100 proprietary field names and six data sources (e.g., on-page content, WHOIS, Torscan) to craft precise queries. Examples include:
Favicon Murmur3: Unique hash values for favicons.
HTML Titles: Text in page titles.
Certificates: SSL details like expiration dates.
Geo Location: Server locations.
Hashes: Proprietary server, certificate, and script hashes.
Body SSDeep Data: Fuzzy hashing for content similarity.
JavaScript: Script-level details.Combine field names, operators, and values with AND separators.
Examples:
Example 1: favicon_murmer3 - 309020573 AND domain != “PayPal.com” - hunt for domains using PayPal’s favicon, but not PayPal’s infrastructure (brand spoofing)
Example 2: header.server = "AkamaiGHost"- locate IPs using AkamaiGhost CDN
Example 3: htmltitle = "DDoS* not configured" AND response > 200 AND header.server = "ddos*" - find vulnerable DDoS servers
Example 4: Use WHOIS datasource with htmltitle = "DDoS* not configured" AND response > 200 AND header.server = "ddos*" for historical WHOIS records
Example 5: ssl.not_after > now AND ssl.not_after < now+1d- IPs with SSL certificates expiring within a day
View and customize results
Results appear in a customizable table. Choose specific fields (e.g., IPs, domains, content details) and adjust the view to focus on your needs.
Explore enrichment data
Expand a result to see key-value pairs, then click a domain or IP to pivot to Silent Push intelligence like risk scoring, reputation, or DNS lookups (forward and reverse). This saves time during analysis.
Use cases
Threat hunting
As a Threat Analyst, use Web Search to hunt adversary infrastructure by matching content parameters (e.g., domains, IPs, TTPs). Start with a malicious observable, scan for matching content, and pivot to map hidden threat clusters. For example, find domains mimicking PayPal’s favicon (excluding paypal.com) to spot phishing sites.
Brand protection
For SOC Analysts, Web Search instantly enriches unknown observables with historical data, mapping threat landscapes without extra pivots. Search for spoofed HTML titles or favicons to detect brand impersonation, improving alert evaluation and blocking mechanisms.
Attack Surface Intelligence
Incident Responders can map active or pre-weaponized infrastructure during events. Starting with an intrusion point (e.g., a domain), Web Search returns linked datasets, revealing hosting infrastructure and webpages to aid remediation. It also uncovers unknown assets and misconfigurations, reducing your attack surface.
Web Search is a technical yet user-friendly tool for analyzing web content and infrastructure historically. Start with the query constructor or CLI, craft detailed queries with 100+ parameters, customize results, and pivot to enrichment data to tackle threats or protect your brand.