1. Censys
  2. Censys Search
  3. Resources for Learning Before You Search

Other Articles In This Section

In this article:

Introduction to Hosts

  • Updated

How does Censys represent an Internet-facing host?

The Censys Host dataset provides accurate, up-to-date records that reflect the reality of public IPv4 and IPv6 hosts and virtual hosts (i.e., host services reached by name).

Host Records

Hosts are identified by an IP address.

A host record can include top-level information about the host such as its physical location, network routing information, DNS names, operating system, and labels, followed by an array of services.

Example Host Record (JSON)

{
  "ip": "198.108.0.1",
  "last_updated_at": "2022-01-24T16:29:00.614Z",
  "location": {
    "city": "Ann Arbor",
    ...
  },
  "location_updated_at": "2022-01-24T16:29:00.605583Z",
  "autonomous_system": {
    "asn": 237,
    "name": "MERIT-AS-14",
    ...
  },
  "autonomous_system_updated_at": "2022-01-22T07:29:48.507740Z",
  "dns": {
    "names": [
      "irbx4.sfdata-qfx1.mich.net"
    ],
    "records": {
      "irbx4.sfdata-qfx1.mich.net": {
        "record_type": "A",
        "resolved_at": "2021-12-29T15:37:59.169926191Z"
      }
    }
  },
  "services": [
    {
      "service_name": "BGP",
      "extended_service_name": "BGP",
      "transport_protocol": "TCP",
      "port": 179,
      "observed_at": "2022-01-24T16:28:59.485091355Z",
      ...
    }
  ]
}

Virtual Host Records

Virtual hosts are identified by a name, IP address tuple.

Virtual hosts do not have the top-level information that hosts do, with the exception of operating system and labels. Virtual host records present an array of services (that responded in scan to the virtual host’s name) with the same fields as those seen on hosts.

Example Virtual Host Record (JSON)

{
  "ip": "86.248.159.109",
  "name": "lfbn-lyo-1-1092-109.w86-248.abo.wanadoo.fr",
  "last_updated_at": "2021-12-21T20:36:58.578Z",
  "operating_system": {
    "vendor": "Microsoft",
    "product": "Windows Server 2008 R2",
    ...
    }
  "services": [
    {
      "service_name": "HTTP",
      "extended_service_name": "HTTPS",
      "transport_protocol": "TCP",
      "port": 443,
      "http": {...},
      "tls": {...},
      ...
    }
  ]
}

If this host had an Elasticsearch service, the service_name would be ELASTICSEARCH and there would be an elasticsearch subrecord instead of an http one.

Host Fields

The Data Definitions page lists every field that could appear in a host or virtual host record.

Top-Level Host Fields

Quick links to the top-level fields in a host record:

Service Fields

Service records contain identification and metadata fields, labels, a protocol-specific subrecord with information parsed from scan, TLS fields, and software fields.

Quick links to service-level fields:

Note
 Visit this article if you’d like to read more about of all of the service names and port numbers that Censys scans.

TLS Fields

TLS is a service-agnostic cryptographic protocol, so the Censys schema reflects that. TLS data for any service that is utilizing it is located at the root of the service record.

Quick link to service-level TLS fields:

Note
 Service names do not reflect the use of TLS (e.g., HTTPS). Use the extended service name (services.extended_service_name) to search for service names with the TLS indicator.

Software Fields

Within each service object, a software array presents software information in the Common Platform Enumeration (CPE) version 2.3 format. Learn more about CPE here.

Quick link to service-level software fields:

Start Searching!

Now that you understand how Censys models Internet hosts, you’re ready to start searching them.

To get started with Censys Search 2.0, go to search.censys.io. Or, learn how to write queries to search hosts using the Censys Search Language.

Diàtaxis: tutorial

Related articles

Comments

0 comments

Article is closed for comments.