Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/urlscan
Overview
16Tables
Versions
GitHub
steampipe plugin install urlscan

Table: urlscan_domain - Query Urlscan Domains using SQL

Urlscan Domains is a resource within that provides detailed information about domains, including the domain name, IP address, server, and other associated details. It is part of the Urlscan service that offers insights into the behavior and configuration of websites, helping in identifying potential security issues. Urlscan Domains allows you to monitor and analyze the domain-related information effectively.

Table Usage Guide

The urlscan_domain table provides insights into the domains within Urlscan. As a Security Analyst or a DevOps engineer, explore domain-specific details through this table, including the domain name, IP address, and the associated server information. Utilize it to uncover information about domains, such as their server details, the IP address, and other associated metadata.

Important Notes

  • You must specify the scan in the where clause to query this table.

Examples

List domains

Explore which domains are associated with a specific scan in order to understand its reach and impact. This can be useful in identifying potential security threats or analyzing web traffic.

select
  *
from
  urlscan_domain
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;
select
  *
from
  urlscan_domain
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;

Domains by country

Discover the segments that categorize website domains by their respective countries, useful for understanding geographical distribution and focus of web content.

select
  countries ->> 0 as country,
  domain
from
  urlscan_domain
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  domain;
select
  json_extract(countries, '$[0]') as country,
  domain
from
  urlscan_domain
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  domain;

Schema for urlscan_domain

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
countbigintNumber of requests to the domain.
countriesjsonbCountries where the domain resides.
domaintextThe domain.
encoded_sizebigintTotal encoded size of all requests sent to this domain.
initiatorsjsonbInitiators of requests to this domain.
ipsjsonbIP addresses for the domain.
redirectsbigintNumber of redirect responses received from this domain.
scantext=ID of the scan result.
sizebigintTotal size of all requests sent to this domain.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan

You can pass the configuration to the command with the --config argument:

steampipe_export_urlscan --config '<your_config>' urlscan_domain