ASM Query Hub
Convert form inputs to hunt queries for multiple Attack Surface Management platforms
Conversion Results
Ready to Convert
Select fields and click "Convert to Queries" to see results for all your selected ASM platforms
Build Your Query
Select ASM Engines
Choose which ASM platforms to generate queries for:
Presets
Built-in Presets
Exposed Web Servers
Inventory all internet-facing HTTP/HTTPS assets to establish baseline visibility.
Known CVE Exposure
Identify assets with banners or fingerprints matching known vulnerabilities (e.g., Log4Shell, Exchange).
Exposed Admin Panels
Find publicly accessible admin consoles (phpMyAdmin, Jenkins, Webmin, etc.) that could enable direct takeover.
Expired Certificates
Detect expired SSL/TLS certificates that reduce trust or allow interception.
ICS / IoT Presets
Identify exposed Industrial Control Systems and IoT devices (Modbus, DNP3, BACnet, MQTT) vulnerable to disruption or tampering.
Docker API Exposed
Detect exposed Docker API endpoints that could allow unauthorized container access or deployment.
Exposed Remote Services (RDP, SSH, Telnet, FTP)
Find exposed remote administration and file transfer services: RDP (3389), SSH (22), Telnet (23), and FTP (21).
Exposed Database Services
Detect unprotected or internet-exposed database services: MongoDB, MySQL, PostgreSQL, Redis, Elasticsearch, Memcached, Cassandra, MSSQL, Oracle, CouchDB.
Find hosts by SSL/TLS certificate subject
Search for hosts using SSL/TLS certificate subject (CN - Common Name). Useful for finding all hosts using a specific certificate or domain.
Saved Presets
No saved presets yet.
Click "Save Preset" in the query results above to save your current query as a preset.
Quick Recommendations by Category
| Category | Description | Lead Platform | Secondary Platform |
|---|---|---|---|
| Exposure Discovery | Ports, banners | Shodan / FOFA | Censys |
| Certificate & TLS | TLS Telemetry | Censys | Shodan |
| DNS / WHOIS | Enrichment | Censys | Shodan |
| Vulnerability Triage | CVE detection | Shodan | Censys |
| Historical Context | Trends & analytics | Censys | Shodan |
| Brand Monitoring | Domain attribution | FOFA | Censys |
| Research & Analytics | Custom analytics | Censys / FOFA | Shodan |
Secure & Private
No external API calls or data storage
Lightning Fast
Local processing for instant results
3 ASM Platforms
Support for all major platforms
Built with ❤️ for the security community • No API keys required • Open source