Censys regularly scans the following protocols:
HTTP. We scan TCP ports 80, 8080, and 8000 for HTTP hosts. On responsive hosts, we collect the root page and headers by issuing an HTTP 1.1
GET /request. We follow HTTP redirects.
- HTTPS. We scan TCP/443 and TCP/4443 and complete a full TLS handshake with responsive hosts. We offer the cipher suites advertised by Google Chrome.
- POP3, IMAP, SMTP, SMTPS. We scan IANA assigned ports for common mail protocols (e.g., SMTP on TCP/25). We collect banner data and complete a STARTTLS handshake when the server indicates support for TLS.
- SSH. We complete an SSH handshake and collect host key and banner data for hosts on TCP/22. We don't attempt to authenticate over SSH.
- Telnet. We perform a typical telnet handshake with hosts on TCP/23 and TCP/2323 and collect banner and capability data. We never attempt to login to Telnet hosts.
- Modbus, S7, BACNET, DNP3, Tridium Fox. We scan commonly used industrial control systems and collect device data when available.
- DNS. We scan for open recursive resolvers on UDP/53 and check whether DNS servers provide the correct records.
- FTP. We collect FTP banners on TCP/21.
- CWMP. We scan for customer premise devices on CWMP (CPE WAN Management Protocol a.k.a. TR-069).
- UPnP. We perform UPnP device discovery scans on UDP/9100.
How often does Censys scan the Internet?
Censys performs weekly scans of all protocols for IPv4 hosts and daily scans for popular websites.
How does Censys scan the Internet?
The Censys Team uses several tools from the ZMap Project to perform scans including ZMap, ZGrab, ZTag, and ZDNS.
Do you plan on scanning other protocols?
Yes! We are actively working on scanning additional protocols. Common databases (e.g., Postgres and DB2), SAP systems, DDoS amplifiers (e.g., NTP, SIP, and CHARGEN), RDP, VNC, IPMI, SNMP, NetBIOS, IPP, and LDAP are lon the slate for upcoming release.
How do I request a new protocol?
If there's protocol you're looking for, please feel free to reach out to the team at email@example.com!