v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/urlscan
Overview
16Tables
Versions
GitHub
steampipe plugin install urlscan

Table: urlscan_server - Query URLscan Servers using SQL

URLscan is a service that allows users to analyze and monitor the security of their web servers. It provides detailed information about the server, including IP addresses, locations, and security vulnerabilities. With URLscan, users can easily identify potential security threats and take appropriate actions to mitigate them.

Table Usage Guide

The urlscan_server table provides detailed insights into the servers scanned by URLscan. As a security analyst, explore server-specific details through this table, including IP addresses, locations, and security vulnerabilities. Utilize this table to uncover potential security threats and take appropriate actions to mitigate them.

Important Notes

  • You must specify the scan in the where clause to query this table.

Examples

List servers

Gain insights into the servers associated with a particular scan to understand its activity and usage. This can be useful for monitoring server performance, identifying potential issues, or tracking the impact of specific scans.

select
  *
from
  urlscan_server
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;
select
  *
from
  urlscan_server
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  count desc;

Servers by country

Explore which servers are associated with different countries. This is particularly useful for understanding the geographical distribution of your servers and identifying potential regional issues.

select
  countries ->> 0 as country,
  server
from
  urlscan_server
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  server;
select
  json_extract(countries, '$[0]') as country,
  server
from
  urlscan_server
where
  scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
  country,
  server;

Schema for urlscan_server

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
countbigintNumber of requests to the server.
countriesjsonbCountries where the server resides.
encoded_sizebigintTotal encoded size of all requests sent to this server.
ipsjsonbIP addresses for the server.
scantext=ID of the scan result.
servertextThe server.
sizebigintTotal size of all requests sent to this server.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan

You can pass the configuration to the command with the --config argument:

steampipe_export_urlscan --config '<your_config>' urlscan_server