A brief history of Censys Search
Censys continually scans the entire public IPv4 address space using automatic protocol detection to present the most accurate representation of the internet’s current state. This means that we see the internet for what it is: the good, the bad, and the ugly. Just this year we launched a report summarizing the state of the internet, which you can access for free here.
Our dataset is used by both individuals and companies around the world as the source of truth for what is exposed on the world wide web. It can be easily queried for information using our search engine, our API, or using an easy-to-consume Python wrapper.
For example, you could search for hosts that have an RDP service that is presenting a certificate:
same_service(services.service_name: RDP and services.certificate: *)
Or you could search for hosts running a Raspberry Pi product:
service.software.product: “Raspberry Pi”
Or maybe you want to find hosts running MySQL that are based out of Russia:
service.software.product: “MySQL” and location.country: Russia
Basically, the answer to a question you have about anything running on the internet is right at your fingertips with Censys. These queries can use logical operators to get you the exact information you’re looking for and they are an important part of understanding the search language syntax.
So what is ASM Inventory Search?
We found that a large portion of our customer organizations were using the search data to get a better sense of their own asset exposure on the internet. Because we have the best-in-class scanning engine, it was right up our alley to create the best-in-class attribution engine next. This attribution engine automated the discovery, inventory, and risk fingerprinting of internet-exposed assets belonging to an organization, and it’s the backbone of our Attack Surface Management product.
This means all internet-exposed assets tied to an organization can be shown in a single pane of glass and with a lot more context. We can also use the same search syntax to ask questions as with Search; only now, we’re working with the assets that belong to our organization, not the entire internet.
Asking questions about our organization
Now that we have more contextual information at our disposal, let’s look into what kinds of questions we can start asking. (The following queries require a Censys ASM account. Don’t have one? Set up a demo.)
Do we have any unencrypted login pages visible to the public?
risks.type: “Unencrypted Login Page”
Do we have any assets in Russia that have a high risk severity score?
host.location.country: Russia and risks.severity: “high”
Do we have any HTTP running on nonstandard ports?
host.services: (service_name:http and not port:{80, 443})
Is our organization using any self-signed certificates? What are they and what hosts are they presenting on?
certificate.parsed.signature.self_signed: true
As with Censys Search, searching our attack surface is very intuitive and becomes very powerful with logical operators. You can find more examples here. Additionally, all of this is available to use via the API or the Python wrapper, so it can be easily integrated into your existing workflow.
Explore your own organization’s attack surface
If you’d like to discover your organization’s exposure and answer your own questions about its external attack surface, please set up a demo and we’ll be happy to show you what we see from our point of view.
Interested in Censys Attack Surface Management? Request a demo!
Demo Today
