Introduction to Hosts
How does Censys represent an Internet-facing host?
The Censys Host dataset provides accurate, up-to-date records that reflect the reality of public IPv4 and IPv6 hosts and virtual hosts (i.e., host services reached by name).
Host Records
Hosts are identified by an IP address.
A host record can include top-level information about the host such as its physical location, network routing information, DNS names, operating system, and labels, followed by an array of services.
Example Host Record (JSON)
{ "ip": "198.108.0.1", "last_updated_at": "2022-01-24T16:29:00.614Z", "location": { "city": "Ann Arbor", ... }, "location_updated_at": "2022-01-24T16:29:00.605583Z", "autonomous_system": { "asn": 237, "name": "MERIT-AS-14", ... }, "autonomous_system_updated_at": "2022-01-22T07:29:48.507740Z", "dns": { "names": [ "irbx4.sfdata-qfx1.mich.net" ], "records": { "irbx4.sfdata-qfx1.mich.net": { "record_type": "A", "resolved_at": "2021-12-29T15:37:59.169926191Z" } } }, "services": [ { "service_name": "BGP", "extended_service_name": "BGP", "transport_protocol": "TCP", "port": 179, "observed_at": "2022-01-24T16:28:59.485091355Z", ... } ] }
Virtual Host Records
Virtual hosts are identified by a name, IP address tuple.
Virtual hosts do not have the top-level information that hosts do, with the exception of operating system and labels. Virtual host records present an array of services (that responded in scan to the virtual host’s name) with the same fields as those seen on hosts.
Example Virtual Host Record (JSON)
{ "ip": "86.248.159.109", "name": "lfbn-lyo-1-1092-109.w86-248.abo.wanadoo.fr", "last_updated_at": "2021-12-21T20:36:58.578Z", "operating_system": { "vendor": "Microsoft", "product": "Windows Server 2008 R2", ... } "services": [ { "service_name": "HTTP", "extended_service_name": "HTTPS", "transport_protocol": "TCP", "port": 443, "http": {...}, "tls": {...}, ... } ] }
If this host had an Elasticsearch service, the service_name
would be ELASTICSEARCH
and there would be an elasticsearch
subrecord instead of an http
one.
Host Fields
The Data Definitions page lists every field that could appear in a host or virtual host record.
Top-Level Host Fields
Quick links to the top-level fields in a host record:
Service Fields
Service records contain identification and metadata fields, labels, a protocol-specific subrecord with information parsed from scan, TLS fields, and software fields.
Quick links to service-level fields:
Note
|
Visit this article if you’d like to read more about of all of the service names and port numbers that Censys scans. |
TLS Fields
TLS is a service-agnostic cryptographic protocol, so the Censys schema reflects that. TLS data for any service that is utilizing it is located at the root of the service record.
Quick link to service-level TLS fields:
Note
|
Service names do not reflect the use of TLS (e.g., HTTPS ). Use the extended service name (services.extended_service_name ) to search for service names with the TLS indicator.
|
Software Fields
Within each service object, a software array presents software information in the Common Platform Enumeration (CPE) version 2.3 format. Learn more about CPE here.
Quick link to service-level software fields:
Start Searching!
Now that you understand how Censys models Internet hosts, you’re ready to start searching them.
To get started with Censys Search 2.0, go to search.censys.io. Or, learn how to write queries to search hosts using the Censys Search Language.
Diàtaxis: tutorial
Comments
0 comments
Article is closed for comments.