urlscan.io dorks

[blacky]

I have created some dorks that are useful for me to spot phishing pages on url scan.io. Like if you like it Also, keep posting your dorks for urlscan[:]io,censys, shodan etc.and continue this thread

abc denotes the domain name

http://https[:]//urlscan.io/search/#abc*

page.domain[:]/.*abc.*/ AND NOT abc.com AND NOT www.abc.com AND NOT *.abc.com)
page.domain[:]/.*xyzbank.*/ AND NOT xyzbank.in AND NOT www.xyzbank.in AND NOT *.xyzbank.in)
page.domain[:]/.*pqrbank.*/ AND NOT pqrbank.com AND NOT www.pqrbank.com AND NOT *.pqrbank.com AND NOT *.pqrprivatebanking.com)
page.domain[:]/.*lmnopfin.*/ AND NOT lmnopfin.in AND NOT www.lmnopfin.in AND NOT *.lmnopfin.in AND NOT *.lmnopfinmarkets.in)
page.domain[:]/.*qrst.*/ AND NOT qrst.com AND NOT www.qrst.com AND NOT *.qrst.com AND NOT *.qrst.net AND NOT *.qrs.com AND NOT *.qrst.io)
domain:qrst.com AND NOT page.domain:qrst.com
qrst*.web.app
page.domain[:]/qrstinsurance.*/ AND NOT qrst.com)
page.domain[:]/.*postservice.*/ AND NOT postservice.com AND NOT www.postservice.com AND NOT *.postservice.com )

Cheers

 

[IceGiant7]

Thanks for the list.
Here's the some of the ones I use for Shodan:

• Search using favicon hash: http.favicon.hash:12345678
• Search using website's title: http.title:"Website"
• Search for specific port: port:3389
• Search services vulnerable to specific CVE: vuln:CVE-1234-5678
• Search for OS: os:"windows 7"
• Search by city and country: country:US city:Columbia
• Search for the particular IP or /x CIDR: net:"IP address/x"

There are plenty more, of course, but these are a good start.

 

[animal]

i can not leave my tox in your chat , tell me i spam .know i add tox and xmpp in my contact , add me.

 

[r_as]

Cool, thanks for sharing.
Urlscan use elastic syntax, more here - https://www. elastic. co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html

 

[bablodalo]

nice, this is quite useful! Thanks for the share!