What does Censys scan?
This article applies to our legacy scanner, which provides data to our legacy Search product. Censys Search 2.0 is in beta and can be found at search.censys.io.
See an updated version of this article here.
Censys regularly scans the following protocols:
- HTTP. We scan TCP ports 80, 8080, and 8000 for HTTP hosts. On responsive hosts, we collect the root page and headers by issuing an HTTP 1.1
GET /request. We follow HTTP redirects.
- HTTPS. We scan TCP/443 and TCP/4443 and complete a full TLS handshake with responsive hosts. We offer the cipher suites advertised by Google Chrome.
- POP3, IMAP, SMTP, SMTPS. We scan IANA assigned ports for common mail protocols (e.g., SMTP on TCP/25). We collect banner data and complete a STARTTLS handshake when the server indicates support for TLS.
- SSH. We complete an SSH handshake and collect host key and banner data for hosts on TCP/22. We don't attempt to authenticate over SSH.
- Telnet. We perform a typical telnet handshake with hosts on TCP/23 and TCP/2323 and collect banner and capability data. We never attempt to login to Telnet hosts.
- Modbus, S7, BACNET, DNP3, Tridium Fox. We scan commonly used industrial control systems and collect device data when available.
- DNS. We scan for open recursive resolvers on UDP/53 and check whether DNS servers provide the correct records.
- FTP. We collect FTP banners on TCP/21.
- CWMP. We scan for customer premise devices on CWMP (CPE WAN Management Protocol a.k.a. TR-069).
- AMQP. We scan for message broker systems on TCP/5672.
- MQTT. We scan for message broker systems on 1883/TCP and 8883/TCP (MQTT with TLS).
- Remote Desktop Protocol, VNC, PCAnywhere. We scan for 5632/TCP, 3389/TCP and 5900/TCP and 5901/TCP.
- Oracle, MySQL, Postgres, MSSQL. We scan for 1521/TCP, 3306/TCP, 5432/TCP, and 1433/TCP.
- MongoDB. We scan for 27017/TCP.
- IPP. We scan for printers on 631/TCP.
- IPMI. We scan for 631/TCP.
How often does Censys scan the Internet?
Censys is continually scanning the Internet. We currently cover 2000+ ports on every host on the Internet with a weekly refresh cadence.
How does Censys scan the Internet?
The Censys Team uses several tools from the ZMap Project to perform scans including ZMap, ZGrab, ZTag, and ZDNS.
Do you plan on scanning other protocols?
Yes! We're constantly adding new ports, new protocols, and new functionality to Censys. In addition to the list above, you can find information about our Universal Internet Dataset here. The Univeral Internet Dataset provides scan information on more than 2,000 ports
How do I request a new protocol?
If there's a protocol you're looking for, please feel free to reach out to the team at firstname.lastname@example.org!