Skip to content

Example Neo4j Queries

Jump to bottom
Chris Maddalena edited this page Sep 4, 2018 · 1 revision

Example Queries

Here are some example queries showing how this database might be used to visualize the perimter or collect lists of potentially interesting information:

1. Return a List of Network Providers

This will return providers like Google, Amazon.com, CloudFlare, etc.

MATCH (p:Port) RETURN DISTINCT p.Organization

2. Return a List of IP Addresses with Known Open Ports

This will return only IP address that have open ports.

MATCH (n)-[:HAS_PORT]->(p:Port) RETURN DISTINCT n.Address

3. Return a List of all Unique Subdomains

This returns all unique subdomains found the various domain names.

MATCH (sub:Subdomain) RETURN DISTINCT sub.Name

4. Map the External Perimeter

This query first matches the Organization, Domain, and IP nodes that have :OWNS and :RESOLVES_TO relationships. It then matches the Subdomains that have :SUBDOMAIN_OF or :RESOLVES_TO relationships with any node. Finally, it matches any Port nodes with a :HAS_PORT relationship with one of the matches IP nodes.

MATCH (org:Organization)-[r1:OWNS]->(dom:Domain)-[:RESOLVES_TO]->(add:IP)
MATCH (sub:Subdomain)-[r2:SUBDOMAIN_OF|:RESOLVES_TO]->(n)
MATCH (add)-[r3:HAS_PORT]->(p:Port)
RETURN org,dom,sub,add,p,n,r1,r2,r3
Clone this wiki locally