steampipe plugin install urlscan

Table: urlscan_tls - Query urlscan TLS using SQL

The Transport Layer Security (TLS) in urlscan provides details about the TLS certificates of a scanned target. It includes information about the certificate's issuer, subject, validity, and other related details. TLS is a security protocol designed to facilitate privacy and data security for communications over the Internet.

Table Usage Guide

The urlscan_tls table provides insights into the TLS certificates of a scanned target within urlscan. As a security analyst, explore detailed information about the certificates through this table, including the certificate's issuer, subject, validity, and more. Utilize it to uncover information about the security of the target, such as the validity of the certificates, the issuer's details, and the associated metadata.

Important Notes

  • You must specify the scan in the where clause to query this table.

Examples

List TLS protocols by count

Determine the frequency of different TLS protocols for a specific scan to analyze security measures. This can be crucial in identifying potential vulnerabilities and ensuring robust security protocols are in place.

select
p.key as protocol,
p.value as count
from
urlscan_tls as t,
jsonb_each(t.protocols) as p
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
count desc;
select
p.key as protocol,
p.value as count
from
urlscan_tls as t,
json_each(t.protocols) as p
where
scan = '54c78f69-5294-4a17-8ae0-a71943954e09'
order by
count desc;

Schema for urlscan_tls

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
countbigintNumber of requests using this security.
countriesjsonbCountries where the tls resides.
encoded_sizebigintTotal encoded size of all requests sent to this tls.
ipsjsonbIP addresses for the tls.
protocolsjsonbTLS protocols used by requests, including the count.
scantext=ID of the scan result.
security_statetextSecurity state for these requests.
sizebigintTotal size of all requests sent to this tls.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan

You can pass the configuration to the command with the --config argument:

steampipe_export_urlscan --config '<your_config>' urlscan_tls