Censys.io

Updated

This article describes the Intelligence Card Extension for Censys.

 

Image result for censys.io logo

About Censys:

Censys is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet. Censys data is trusted by just over half of the Fortune 500, several large government agencies and by customers in over fourteen countries. Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Censys maintains three datasets through daily ZMap scans of the Internet and by synchronizing with public certificate transparency logs:

More information about Censys scanning methodology is available at the Censys website.

Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

You can enrich any IP Address, Websites (domains), and Certificates (file hash) intelligence card with a live lookup of recent Censys information.

You must have commercial access to Censys to use this extension and we will need your API ID and Secret Token.  These are different from your username/password for the Censys login page and can be obtained from your “My Account” option on the top right corner once you have logged in. We do not have an OEM agreement in place with Censys and client/ user will be expected to have their own credentials to enable the extension. 

Extending IP Address Cards

Censys provides rich technical information and enriches IP Address Cards with the following threat intelligence:

  • Basic Information like Name, IP, Description, Routed Prefix, ASN etc.
  • Location like City, Province, State, Country, Country Code, Continent, Latitude, Longitude, Time Zone and Postal Code.
  • Port Information like server, TLS handshakes, certificates attached, banners, version, SSHv2 Handshake,Cipher Suite etcs.

Example of an IP Address: 91.207.39.156

ip.png

Extending Websites (Domain) Cards

Censys provides rich technical information and enriches Domain Cards with the following threat intelligence:

  • Basic Information like Domain Name, Alexa Ranking and a list of all the protocols.
  • Port Information like server, TLS handshakes, certificates attached, banners, version, SSHv2 Handshake,Cipher Suite etcs.

Example of a Website: google.com

domain.png 

Extending Certificate (File Hash) Cards

Censys provides rich technical information and enriches Domain Cards with the following threat intelligence:

  • Basic Information like Name, Validity, Subject DN, Issuer DN, and Serial Number
  • Fingerprint information like SHA-256, SHA1 and MD5
  • Public Key like Key type, Modulus, and SPKI SHA256
  • Signature information like Algorithm and Signatures
  • Extension information like Authentication and Subject key Ids, Crl Paths, Constraints etc.

Example of a Certificate: 99f89686e6cdb4700b5a228d2ff6015cab56ca562aa55378698816330ff4c744

cert.png

--

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more