Table: urlscan_document_type - Query Urlscan Document Types using SQL
Urlscan is a service that scans and analyzes websites to identify malicious content and provide detailed information about the behavior and composition of the scanned web page. It provides insights into the structure, behavior, and content of websites, which can be used to detect and mitigate security threats. Document Types in Urlscan represent the various types of documents that a web page can contain, such as HTML, XML, JSON, etc.
Table Usage Guide
The urlscan_document_type table provides insights into the different types of documents that are part of the web pages scanned by Urlscan. As a cybersecurity analyst, explore document-specific details through this table, including the type, associated web page, and other pertinent information. Utilize it to uncover insights about the various types of documents present on a web page, aiding in the detection and mitigation of potential security threats.
Important Notes
- You must specify the
scanin thewhereclause to query this table.
Examples
List document types
Explore which document types are most prevalent in a specific scan, allowing you to identify potential threats or anomalies based on frequency. This can aid in strengthening your security measures by focusing on the most common document types.
select *from urlscan_document_typewhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;select *from urlscan_document_typewhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;Schema for urlscan_document_type
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| compression | double precision | Compression ratio for the document type. | |
| count | bigint | Number of requests for the document type. | |
| countries | jsonb | Countries where the document type was found. | |
| encoded_size | bigint | Total encoded size of all requests for the document type. | |
| ips | jsonb | IP addresses for the document type. | |
| percentage | bigint | Percentage of requests returning this document type. | |
| scan | text | = | ID of the scan result. |
| size | bigint | Total size of all requests for document type. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| type | text | The document type, e.g. Script, Image. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscanYou can pass the configuration to the command with the --config argument:
steampipe_export_urlscan --config '<your_config>' urlscan_document_type