steampipe plugin install urlscan

Table: urlscan_server - Query URLscan Servers using SQL

URLscan is a service that allows users to analyze and monitor the security of their web servers. It provides detailed information about the server, including IP addresses, locations, and security vulnerabilities. With URLscan, users can easily identify potential security threats and take appropriate actions to mitigate them.

Table Usage Guide

The urlscan_server table provides detailed insights into the servers scanned by URLscan. As a security analyst, explore server-specific details through this table, including IP addresses, locations, and security vulnerabilities. Utilize this table to uncover potential security threats and take appropriate actions to mitigate them.

Important Notes

  • You must specify the scan in the where clause to query this table.

Examples

List servers

Gain insights into the servers associated with a particular scan to understand its activity and usage. This can be useful for monitoring server performance, identifying potential issues, or tracking the impact of specific scans.

select
*
from
urlscan_server
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
count desc;
select
*
from
urlscan_server
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
count desc;

Servers by country

Explore which servers are associated with different countries. This is particularly useful for understanding the geographical distribution of your servers and identifying potential regional issues.

select
countries ->> 0 as country,
server
from
urlscan_server
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
country,
server;
select
json_extract(countries, '$[0]') as country,
server
from
urlscan_server
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
country,
server;

Schema for urlscan_server

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
countbigintNumber of requests to the server.
countriesjsonbCountries where the server resides.
encoded_sizebigintTotal encoded size of all requests sent to this server.
ipsjsonbIP addresses for the server.
scantext=ID of the scan result.
servertextThe server.
sizebigintTotal size of all requests sent to this server.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan

You can pass the configuration to the command with the --config argument:

steampipe_export_urlscan --config '<your_config>' urlscan_server