Searching Credentials

You can create advanced search queries to find exact credential matches on the Credential Management, Bruteforce, and Credentials Reuse pages. This capability can help you narrow the search results down to a subset of data, such as a specific public and private.

Creating a Search Query

To search for credentials, click on the Search field located on the Credential Management, Bruteforce, or Credentials Reuse page. A dropdown displays and shows you the search operators that are available. You will need to select a search operator from the list to continue. The search field displays the possible keywords that are available for the selected operator. You can choose a keyword from the list or you can start typing to refine the list.

To create a search query for credentials, you need to specify at least one search operator and keyword. A search operator indicates the type of data you want to query and a keyword refers to the term that the search uses to find matching records. You can use as many search operators as you need. As you add search operators to the query, the table automatically updates the credentials that are listed.

By default, the search query uses the AND connector between each search operator. For example, the query PUBLIC.USERNAME: John, PRIVATE.DATA: abc123 returns any username that contains "John" that has a password of "abc123". However, if a query contains multiple operators of the same type, the query uses the OR connector between those operators instead. For example, the query PUBLIC.USERNAME: John, PUBLIC.USERNAME: Mike, PRIVATE.DATA: abc123 returns any username that contains "John" or "Mike" that has a password of "abc123".

The search query automatically adds an AND connector between each search operator. However, if the search query uses more than one search operator of the same type, the query uses the OR connector between those operators instead.

Search Operators

The following search operators are available for credentials:

  • public.username - This search operator matches a username.
  • private.data - This search operator matches a private.
  • private.type - This search operator matches a private type.
  • realm.key - This search operator matches a realm type.
  • realm.value - This search operator matches a realm name.
  • tags.name - This search operator matches a a tag.

Credential Search Syntax

You must use the following syntax when searching for credentials: <search operator>:<keyword>. For example, if you want to find all publics that have a value of 'admin', you need to create the following query: public.username:admin. This query ensures that the search only looks in the 'Public' column in the credentials table for the 'administrator' keyword and only returns credentials that have 'administrator' as its public value.

Searching for a Public

To search for a public, your query must use 'public.username' operator. For example, the public.username:admin query searches for any credential that has a public of 'admin'.

Searching for a Private

To search for a private, your query must use the 'private.data' operator. For example, the private.data:abc123 query searches for any credential that has a private of 'abc123'.

Searching for a Private Type

To search for a private type, your query must use the 'private.type' operator. For example, the private.type:hash query searches for any credential that has a private type of 'hash'.

Searching for a Realm Type

To search for a realm type, your query must use the 'realm.key' operator. For example, the realm.key:DB2 Database query searches for any credential that has a realm type of 'DB2 Database'.

Searching for a Realm Name

To search for a realm, your query must use the 'realm.value' operator. For example, the realm.value:DC query searches for any credential that has a realm name of 'DC'.

Searching for Credentials with a Specific Tag

To search for a credential with a specific tag, your query must use the 'tags.name' operator. For example, the tags.name:window query searches for any credential that has the 'windows' tag.

Filtering by Credential Metadata

The single credential page shows you details for a particular credential, such as its metadata and related logins. To access the single credential page, click on the private link on the Manage Credentials page, as shown below:

When you click on the private, the single credential page slides into view. Note that the public, private, and private type values display as links. You can click on these links to query other credentials in the project that share the same public, private, or private type.

The Manage Credentials page appears and shows the results of the query. The filters will be preselected based on the type of data you queried. For example, if you are viewing the data for a public, such as administrator, you may want to see other credentials in the project that share the same public. To do this, you can simply click on the public. When the Manage Credentials page appears, you can choose additional filters to further narrow down the credentials list.