We all are living in the age of the Internet of Things. In our daily life, we encounter things connected to the Internet like smartphones, Wi-Fi routers, surveillance cameras, smart TV, SCADA networks, traffic light systems, etc. this all are found in both worlds real and in the Web. Censys is a search engine that scans the whole Internet for all the vulnerable devices. Read this article, To learn more about Censys.
WHAT IS CENSYS?
Censys, Is a powerful search engine quite similar to the most popular Shodan. It maintains a complete database of every device exposed on the internet. In censys you can access and view different information about the domains such as ports, protocols and which certificate is valid. You can also search for IPv4 addresses and find different relevant information, like the approximate location of the IP address. The security experts and ethical hackers use this search engine to assess the security of products and services exposed on the Internet. Censys can easily scan and locate poorly protected devices exposed over the internet and returns overall reports on how resources like websites, devices, and certificates are configured and deployed.
HOW DOES CENSYS WORK?
Censys daily scans IPv4 addresses space and collects information on websites and hosts. Censys use some tools from the ZMap Project to performs scans including ZMap, ZGrab, ZTag, and ZDNS prior once a week and scan domains daily. If it found any change, it updates its database and allows researchers to query the data through a search interface, report builder, and SQL engine.
WHAT DOES CENSYS SCANS?
Censys regularly scans the following protocols:-
- HTTP:- scan TCP ports 80, 8080, and 8000.
- HTTPS:- scan TCP/443 and TCP/4443.
- POP3, IMAP, SMTP, SMTPS. (eg. SMTP on TCP/25).
- SSH. on TCP/22, to collect banner data and host key.
- Commonly Industrial Control Systems:- Modbus, S7, BACNET, DNP3, Tridium Fox.
- Telnet:- perform a typical telnet handshake with hosts on TCP/23 and TCP/2323.
- DNS. it scans for open recursive resolvers on UDP/53 and check whether DNS servers provide the correct records.
- FTP. We collect FTP banners on TCP/21.
- CWMP:- scan for customer premise devices on CPE WAN Management Protocol.
- AMQP. :- scan for message broker systems on TCP/5672.
- MQTT:- scan for message broker systems on 1883/TCP and 8883/TCP (MQTT with TLS).
- Remote Desktop Protocol:- VNC, PCAnywhere (5632/TCP, 3389/TCP, and 5900/TCP and 5901/TCP).
- Oracle, MySQL, Postgres, MSSQL:- (1521/TCP, 3306/TCP, 5432/TCP, and 1433/TCP)
- MongoDB:- (27017/TCP).
- IPP:- (printers on 631/TCP).
- IPMI:- (631/TCP).
CENSYS SEARCH METHOD
First, go to censys.io official site ( CLICK HERE ) and create an account.
Simple Search:- If you simply search for a word or phrase, Censys will return any records that contain the phrase
- Eg:- If you search nginx it will show any records that contain the word nginx.
- Eg:- Searching for 23.0.0.0/8 will return all hosts in that network.
- Eg:- Simply search any website like example.com and get the website related info.
Advanced Search:- Censys data is structured and supports more advanced queries including searching specific fields, specifying ranges of values, and boolean logic.
- Eg:- you can search for hosts with the HTTP Server Header “Apache” in Germany by running the query 80.http.get.headers.server: Apache and location.country_code: DE.
SQL Interface:- To facilitate complex questions that can’t be expressed in a single search, censys also allow researchers to run SQL queries against the raw datasets and historical snapshots.
For more help related to syntax ( CLICK HERE )
TIPS TO PROTECT YOUR DEVICE AGAINST CENSYS GRID
- Don't use default configurations like username, passwords, SSID.
- Disable remote management features on your routers.
- Use https on your devices and multi-factor authentication.
- Connect your devices only that network you really need to be connected.
- Keep your device's software and operating system up to date.
- Disable port forwarding in your router.
CONCLUSION:- This article is all about censys if you have any queries feel free to ask in the comment section.