STEALSEEK

USER GUIDE

Welcome to the StealSeek User Guide. This comprehensive guide will walk you through how to effectively use our powerful search functionality.

1. Basic Search Process

Follow these steps to perform a basic search:

StealSeek search interface overview
Overview of StealSeek's search interface
Click to zoom
1 Select a Search Table

Choose the appropriate table from the dropdown menu in the top-left of the search box (ULP is the default)

Search table selection
Table selection dropdown menu
Click to zoom
2 Enter Your Search Query

Type your search term in the main input field. You can search for domains, email addresses, usernames, passwords, etc.

Search input field
Main search input field
Click to zoom
3 Select Search Column

In the Search Options modal that appears, select the specific column you want to search in:

  • You must specify exactly what type of data you're searching for (Password, Domain, Email, TLD, etc.)
  • Look for the "i" icons next to each column name
  • Hover over any "i" icon to see examples of that data type
  • Click "Apply" to proceed with your search
Search column selection
Column selection modal with examples
Click to zoom
Example: If you want to find "example.com", choose the "Domain" column rather than "Domain Name" for better results. Hover over the "i" icon next to "Domain" to confirm this is the right choice.

2. Advanced Search Features

Access advanced search options by clicking the settings (gear) icon next to the search box:

1 Advanced Settings

Configure your search with powerful options:

  • Display Columns: Control which columns appear in your results
  • Partial Match: Find results containing your search term (not just exact matches)
  • Just Stealer: Limit results to only stealer logs
  • Enable Total Count: Shows exact total number of matching records
  • Enable Small Count: Shows counts up to 5000 results
  • Date Range: Filter results to a specific time period
  • Results Control: Adjust limit (10-30000) and offset for pagination
Advanced search settings
Advanced search settings panel with all options
Click to zoom
Performance Note: For faster searches, avoid using "Partial Match" and "Enable Total Count" unless necessary. The "Enable Small Count" option provides a good balance between performance and information.

3. Using Search Results

Learn how to effectively work with your search results:

1 Context Menu

Right-click on any cell in the results table to access these options:

  • Inspect Log: View detailed information about the entire log file
  • Download Log: Save the original log file to your computer
  • Copy: Copy cell content to clipboard
  • Copy All Row: Copy entire row data
  • Search: Start a new search using the selected value
Context menu options
Right-click context menu with options
Click to zoom
2 Refining Results

Use the filter panel to narrow down your search results:

  • Click the "Filters" button in the results toolbar
  • Create filter rules to match specific criteria
  • Choose between "ALL rules" or "ANY rule" matching
  • Apply filters to see refined results
Filter panel interface
Filter panel with rule creation
Click to zoom
3 Log Inspection and Download

For entries with "stealer" leak type, you can inspect and download the complete log file:

Inspect Log

View detailed information about the entire log file:

  • Right-click on any cell in a stealer log entry
  • Select "Inspect Log" from the context menu
  • A modal window will open showing all data from the log
  • Browse through different sections of the log (ULP, Autofills, Cookies, etc.)
  • Use the search function within the log to find specific information
Log inspection interface
Log inspection modal with detailed information
Click to zoom

Download Log

Save the complete log file to your computer:

  • Right-click on any cell in a stealer log entry
  • Select "Download Log" from the context menu
  • The log file will be downloaded in zip format
  • You can then analyze the complete log data offline
Zip log contents
Contents of the downloaded zip log file
Click to zoom
Note: Both Inspect Log and Download Log features are only available for entries with "stealer" leak type. These features allow you to access the complete dataset from the original log file.

4. Setting Up Alarms

StealSeek's Alarms module allows you to monitor specific assets for new leaks automatically. When a new leak is detected, you'll receive both an in-app notification and an email alert.

Alarms module interface
Alarms module with available asset types
Click to zoom
1 Adding a New Asset

To add a new asset for monitoring:

  • Click the "Add Asset" button
  • Select the appropriate asset type from the dropdown
  • Enter the asset value in the input field
  • Click "Add Asset" to save
2 Available Asset Types with Examples

You can set up alarms for the following asset types:

  • ULP Domain: Monitor specific domains for leaks
    • Example: example.com
  • ULP Full Domain: Track complete domain information
    • Example: subdomain.example.com
  • ULP Email: Monitor specific email addresses
  • ULP Email Domain: Track email domains
    • Example: example.com
    • Example: company.com
  • ULP IP: Monitor specific IP addresses
    • Example: 192.168.1.1
  • Computer HWID: Track hardware IDs
    • Example: 12345678-1234-1234-1234-123456789012
    • Example: ABCD1234-5678-90EF-1234-567890ABCDEF
  • Computer Name: Monitor computer names
    • Example: DESKTOP-ABC123
    • Example: LAPTOP-XYZ789
  • Client IP: Track client IP addresses
    • Example: 10.0.0.1
    • Example: 172.16.0.1
  • Computer User: Monitor computer usernames
    • Example: john.doe
    • Example: admin
3 Alert History

The Alert History page allows you to manage and review your alarm notifications:

  • View all triggered alarms in chronological order
  • Mark alerts as "Seen" to track which ones you've reviewed
  • Use the "View Details" button to examine the specific leak data
Alert History page
Alert History page showing triggered alarms and management options
Click to zoom
4 Email Notifications

When a new leak is detected, you'll receive an email notification containing:

  • The type of asset that was compromised
  • The specific value that was found in the leak
  • Timestamp of when the leak was detected
Alert email notification
Example of an alert email notification
Click to zoom
Note: Email notifications are sent to the email address associated with your account. Make sure your email address is up to date in your account settings.
Important: Alarms will only detect new leaks that occur after the alarm is created. They will not retroactively scan for past leaks.
Need Help? If you encounter any issues or have questions, please contact our support team at [email protected] or visit our FAQ page.