Search & Data Featured

Search Types and Syntax

Master all search types: email, domain, IP, hash, URL, and username searches with proper syntax.

RX
ReconX Team··3 min read

Supported Search Types

ReconX automatically detects what type of data you're searching for based on your input. However, understanding the different search types helps you get more precise results.

Email Searches

Search for specific email addresses or email patterns:

  • [email protected] - Exact email match
  • @company.com - All emails from this domain
  • john.*@company.com - Wildcard pattern matching

Email searches look through both the email fields and the full content of indexed files, so you'll find credentials even in unstructured data.

Domain Searches

Find all records related to a specific domain:

  • company.com - Search for the base domain
  • *.company.com - Include all subdomains
  • mail.company.com - Specific subdomain only

Domain searches are useful for organizations wanting to assess their overall exposure across all employee emails and company-owned domains.

IP Address Searches

Look up records associated with specific IP addresses:

  • 192.168.1.100 - Exact IP match
  • 192.168.1.* - Wildcard for IP ranges
  • 192.168.0.0/24 - CIDR notation (where supported)

IP searches find references in stealer logs, server configurations, and other breach data where IP addresses were recorded.

Hash Searches

Search for password hashes or file hashes:

  • 5f4dcc3b5aa765d61d8327deb882cf99 - MD5 hash
  • 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 - SHA1 hash

Hash searches are valuable for checking if specific passwords have been exposed without revealing the actual password text.

URL Searches

Find records containing specific URLs:

  • https://login.company.com - Exact URL
  • login.company.com/* - URL pattern with path wildcard

URL searches often reveal credentials captured during login attempts or browser history from stealer infections.

Username Searches

Look for specific usernames across breaches:

  • johndoe123 - Search for a username

Username searches scan all text fields and file contents. Since usernames aren't as structured as emails, you may get broader results.

Using Wildcards

The asterisk (*) character acts as a wildcard matching any characters:

  • *@company.com - Any email at this domain
  • john* - Anything starting with "john"
  • *admin* - Anything containing "admin"

Important: Wildcards at the beginning of a query (like *admin) may be slower and return more results. Be as specific as possible.

Field-Specific Searches

For advanced users, you can target specific fields:

  • email:[email protected] - Search only in email fields
  • domain:company.com - Search only in domain fields
  • source_type:"Stealer Logs" - Filter by data source type

Field-specific searches are more precise but require knowing the field names in our index.

Boolean Operators

Combine search terms with boolean logic:

  • company.com AND password - Both terms must appear
  • company.com OR company.org - Either term can appear
  • company.com NOT test - Exclude results containing "test"

Boolean operators must be in uppercase to be recognized as operators rather than search terms.

Share this article
RX

ReconX Team

Expert in cyber intelligence, threat analysis, and security research. Contributing insights and analysis to help security professionals stay ahead of emerging threats.

Was this article helpful?

Related Articles

Search & Data

Using Advanced Filters

2 min read

Search & Data

Understanding Search Results

2 min read

Search & Data

Data Sources Explained

2 min read

Back to Help Center