Basics
Websites that require HTTPS connections
HTTP Strict-Transport-Security
Services that have the word "Apache" in their headings
Apache
Services with a hostname containing either "google.com" OR "facebook.com"
hostname:google.com,facebook.com
HTTP filters
Websites that have the word "Apache" in their HTML
http.html:Apache
Websites that are using the Bootstrap CSS framework
http.component:bootstrap
SSL filters
Websites that support TLS 1.3
ssl.version:tlsv1.3 HTTP
Services that support SSLv2 and don't support TLS
ssl.version:sslv2 -ssl.version:tlsv1,tlsv1.2,tlsv1.3
Non-HTTPS SSL services that were issued a certificate for *.google.com
ssl.cert.subject.cn:google.com -HTTP
Websites that support HTTP/2
ssl.alpn:h2
SSL services (HTTPS, SMTPS, POP3S etc.) that were issued a certificate for *.google.com
ssl.cert.subject.cn:google.com
SSH filters
SSH on non-standard ports
ssh -port:22
Screenshot filters
Public VNC services hiding behind common web ports
has_screenshot:true rfb disabled port:80,443
Industrial control systems identified using machine learning
screenshot.label:ics
Search the OCR in Remote desktops for compromised by ransomware
has_screenshot:true encrypted attention
Restricted filters
Industrial control systems running an industrial protocol (i.e. no web servers)
tag:ics
Services that are vulnerable to Heartbleed
vuln:CVE-2014-0160
Citrix devices in Germany, Switzerland or France that are vulnerable to CVE-2019-19781
vuln:CVE-2019-19781 country:DE,CH,FR