This topic describes the fields and examples for querying data sources on the Attack Surfaces page of the Cloud Security Scanner console. These examples help you quickly query the attack surface information of different data sources.

Note For more information about how to query details of attack surfaces, see Query details of attack surfaces.

Domain query

On the Attack Surfaces page, click the Domains tab. In the search box, enter aliyun to search for domain names that contain aliyun.Domain name

Subdomain query

The following table describes the fields for subdomain query.

Field Description Example
domain The root domain that you want to query. domain:aliyun.com
subdomain The subdomain that you want to query. subdomain:aliyun.com or subdomain:"1.aliyun.com"

For example, on the Attack Surfaces page, click the Subdomains tab. In the search box, enter domain:aliyun.com (for querying a root domain) or subdomain:aliyun.com (for querying a subdomain) to search for the domain or subdomain information about aliyun.

Host query

The following table describes the fields for host query.

Field Description Example
ip The IP address of the host that you want to query. ip:1.2.3.4: queries the information of the host whose IP address is 1.2.3.4.
cidr The CIDR block of the host that you want to query. cidr:1.2.3.4/24: queries the information about the host whose IP address falls into the CIDR block of 1.2.3.4/24.
hostname The name of the host that you want to query. hostname:guest: queries hosts whose names contain the guest field.
state The status of the host that you want to query.
  • state:up: queries hosts that are in the Up state.
  • state:down: queries hosts that are in the Down state.
os The operating system of the host that you want to query. os:windows: queries hosts that run Windows OS.

For example, on the Attack Surfaces page, click the Hosts tab. In the search box, enter cidr:192.168.1.1/24 os:linux state:up to search for the host that runs Linux OS, falls into the CIDR block of 192.168.1.1/24, and is in the up state.

DNS record query

The following table describes the fields for DNS record query.

Field Description Example
domain The root domain of the DNS record that you want to query. domain:aliyun.com: queries the DNS record whose domain is aliyun.com.
subdomain The subdomain that you want to query. subdomain:1.aliyun.com: queries the DNS record whose subdomain is 1.aliyun.com.
record The DNS record that you want to query. record:"1.2.3.4": queries DNS records that contain 1.2.3.4.
type The type of DNS records that you want to query.
  • type:a: queries DNS records whose types are a.
  • type:cname: queries DNS records whose types are cname.

For example, on the Attack Surfaces page, click the DNS Records tab. In the search box, enter domain:aliyun.com type:a to search for the DNS records whose domain names are aliyun.com and types are a.

Port query

The following table describes the fields for port query.

Field Description Example
ip The IP address of the host that you want to query. ip:1.2.3.4: queries the host whose IP address is 1.2.3.4.
cidr The CIDR block of the host that you want to query. cidr:1.2.3.4/24: queries hosts whose IP addresses fall into the CIDR block of 1.2.3.4/24.
port The port that has been enabled for a host. port:80: queries hosts that have port 80 enabled.
protocol The protocol used at the port that you want to query. Valid values: TCP and UDP. protocol:tcp: queries TCP ports.
service The port service that you want to query. Valid values: HTTP, HTTPS, HTTP-PROXY, MS-WBT-Server, and SSH. service:http: queries HTTP services.
product The product of the port that you want to query. Products (applications or devices providing port services) such as Apache and Nginx are supported. You can check all supported products on the Port Service page. product:apache: queries hosts that have the Apache service deployed.
version The version number of the product that you want to query. version:1.0.2: queries products whose versions number are 1.0.2.

For example, on the Attack Surfaces page, click the Ports tab. In the search box, enter port:80 product:nginx to search for Nginx hosts that have port 80 enabled, or enter cidr:1.2.3.4/24 service:http to search for HTTP services of hosts whose IP addresses fall into the CIDR block of 1.2.3.4/24.

Web application query

The following table describes the fields for web application query.

Field Description Example
domain The domain name of the web application that you want to query. domain:aliyun.com: queries web applications whose domain names are aliyun.com.
name The name of the web application that you want to query. name:wordpress: queries websites that use WordPress.
title The title of the web application that you want to query. title:console: queries websites whose names contain console.
server The server type of the web application that you want to query. server:apache: queries websites that use the Apache server.
version The version number of the web application that you want to query. version:1.2.0: queries websites whose application versions are 1.2.0.

For example, on the Attack Surfaces page, click the Web Applications tab. In the search box, enter domain:aliyun.com name:wordpress to search for websites whose domain names are aliyun.com and that use WordPress.

Web path query

The following table describes the fields for web path query.

Field Description Example
hostname The domain name of the web path that you want to query. hostname:aliyun.com: queries web paths in the aliyun.com domain.
netloc The name of the web path that you want to query. netloc:"aliyun.com": queries path information.

For example, on the Attack Surfaces page, click the Web Paths tab. In the search box, enter hostname:abc.com to search for web paths in the abc.com domain.