Table: urlscan_tls - Query urlscan TLS using SQL
The Transport Layer Security (TLS) in urlscan provides details about the TLS certificates of a scanned target. It includes information about the certificate's issuer, subject, validity, and other related details. TLS is a security protocol designed to facilitate privacy and data security for communications over the Internet.
Table Usage Guide
The urlscan_tls
table provides insights into the TLS certificates of a scanned target within urlscan. As a security analyst, explore detailed information about the certificates through this table, including the certificate's issuer, subject, validity, and more. Utilize it to uncover information about the security of the target, such as the validity of the certificates, the issuer's details, and the associated metadata.
Important Notes
- You must specify the
scan
in thewhere
clause to query this table.
Examples
List TLS protocols by count
Determine the frequency of different TLS protocols for a specific scan to analyze security measures. This can be crucial in identifying potential vulnerabilities and ensuring robust security protocols are in place.
select p.key as protocol, p.value as countfrom urlscan_tls as t, jsonb_each(t.protocols) as pwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;
select p.key as protocol, p.value as countfrom urlscan_tls as t, json_each(t.protocols) as pwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;
Schema for urlscan_tls
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
count | bigint | Number of requests using this security. | |
countries | jsonb | Countries where the tls resides. | |
encoded_size | bigint | Total encoded size of all requests sent to this tls. | |
ips | jsonb | IP addresses for the tls. | |
protocols | jsonb | TLS protocols used by requests, including the count. | |
scan | text | = | ID of the scan result. |
security_state | text | Security state for these requests. | |
size | bigint | Total size of all requests sent to this tls. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan
You can pass the configuration to the command with the --config
argument:
steampipe_export_urlscan --config '<your_config>' urlscan_tls