1. Censys
  2. Censys Search
  3. Resources for Learning Before You Search

Other Articles In This Section

In this article:

Introduction to Hosts

  • Updated

How does Censys represent an Internet-facing host?

The Censys Host dataset provides accurate, up-to-date records that reflect the reality of public IPv4 and IPv6 hosts and virtual hosts (i.e., host services reached by name).

Host Records

Hosts are identified by an IP address.

The Censys model of Internet hosts contains more than just service data observed in scanning. Censys also enriches hots with quality data from third-parties to provide information such as geographical location, network routing information, DNS names, etc.

(Virtual hosts are identified by a name, IP address tuple. Learn about virtual hosts here.)

Host Fields

The Data Definitions page lists every field that could appear in a host or virtual host record.

Top-Level Host Fields

Top-level host fields include information that applies to the host as a whole such as its geographic location, network routing information, DNS names, operating system, and labels, and a repeated record of services observed in scan.

Quick links to the top-level fields in a host record:

Service Fields

Service records contain identification and metadata fields, labels for easy searching, a protocol-specific subrecord with information parsed from scan, TLS fields, and software fields.

Identification and Observation Fields

Identifying service information includes fields like:

  • Service name - The name of the service. Correlates loosely to OSI Layer 7 protocol names. (Censys can detect more than link:108 services)

  • Port - The port number of the port.

  • Extended service name - The name of the service, including the TLS indicator, if the service negotiated a TLS connection.

  • Transport protocol - The name of the transport protocol. Correlates to OSI Layer 4 protocols (e.g., TCP, UDP, QUIC)

  • Truncated - Whether the service data has been truncated because it is a suspected low-value pseudo-service on a superhost.

Observation information is composed of fields that provide data about Censys' discovery and observation of the service:

  • Perspective ID - The name of the ISP that Censys peered with when it observed the service as represented.

  • Source IP - The IP address of the Censys scanner when it observed the service represented.

  • Discovery method - The name of the method that led to the discovery of the service by a Censys scanner.

See all Service Identification & Observation Fields

Service-Name-Specific Fields

The data Censys observes about an HTTP service is very different from that of an SSH service, so the parsed data from each scan is searchable within a record that matches the service name.

The fields found in each service-name-specific field will reflect the details of that protocol.

Browse all Service-Name-Specific Fields

TLS Fields

TLS is a service-agnostic cryptographic protocol, so the Censys schema reflects that. TLS data for any service that is utilizing it is located at the root of the service record.

See all TLS Fields

Note
 Service names do not reflect the use of TLS (e.g., HTTPS). Search the extended service name (services.extended_service_name) to distinguish between services using or not using TLS.

Software Fields

Within each service object, a software array presents software information in the Common Platform Enumeration (CPE) version 2.3 format. Learn more about CPE here.

See all Service-level Software Fields

Example Host Record (JSON)

{
  "ip": "198.108.0.1",
  "last_updated_at": "2022-01-24T16:29:00.614Z",
  "location": {
    "city": "Ann Arbor",
    ...
  },
  "location_updated_at": "2022-01-24T16:29:00.605583Z",
  "autonomous_system": {
    "asn": 237,
    "name": "MERIT-AS-14",
    ...
  },
  "autonomous_system_updated_at": "2022-01-22T07:29:48.507740Z",
  "dns": {
    "names": [
      "irbx4.sfdata-qfx1.mich.net"
    ],
    "records": {
      "irbx4.sfdata-qfx1.mich.net": {
        "record_type": "A",
        "resolved_at": "2021-12-29T15:37:59.169926191Z"
      }
    }
  },
  "services": [
    {
      "service_name": "BGP",
      "extended_service_name": "BGP",
      "transport_protocol": "TCP",
      "port": 179,
      "observed_at": "2022-01-24T16:28:59.485091355Z",
      ...
    }
  ]
}

Start Searching!

Now that you understand how Censys models Internet hosts, you’re ready to start searching them.

To get started with Censys Search 2.0, go to search.censys.io. Or, learn how to write queries to search hosts using the Censys Search Language.

Diàtaxis: tutorial

Related articles

Comments

0 comments

Article is closed for comments.