Search 2.0 Example Host Queries
The table below provides working queries you can use to learn the Censys Search Language for querying hosts.
The first column indicates the Censys Search Language feature being showcased, the second column provides a description of the query, and the third column presents the query syntax, which is linked to the results page on search.censys.io.
|
Search Feature |
Query Description |
Query |
|
Searching Field:Value pairs |
Search for the presence of powershell.exe within the HTTP body |
|
|
Searching Field:Value pairs |
Search for the exact SNMP location value of "Sitting on the Dock of the Bay" |
service.snmp.oid_system.location= "Sitting on the Dock of the Bay" |
|
Boolean Logic |
A search for the phrase "Schneider Electric" or Dell anywhere in IPs in the range 23.20.0.0/14 |
|
|
Boolean Logic |
A search for hosts that have any of the following ports open: 22, 23, 24, 25 |
|
|
Boolean Logic |
A search for hosts that do not have an HTTP service running |
|
|
Wildcards and Regular Expressions |
A search for hosts presenting any certificate. The * indicates the field is populated for the hosts |
|
|
Wildcards and Regular Expressions |
A regular expression search for the string hello succeeded by any value |
|
|
Wildcards and Regular Expressions |
A search for hosts presenting certificates with a name foo1, foo2, foo3...foo100 succeeded by any value |
|
|
Ranges |
A search for online hosts within the specified range |
|
|
Automatic Protocol Detection |
A search for hosts running the SSH protocol on ports other than port 22 and 2222 |
same_service(services.service_name: "SSH" AND NOT (service.port: {22, 2222})) |
|
Automatic Protocol Detection |
A search for hosts running elasticsearch on port 443 |
same_service(service.service_name: "ELASTICSEARCH" AND service.port: 443) |
|
Multi-Perspective Scanning |
A search for hosts that were last scanned by Censys Scanners within NTT ISP |
|
|
Multi-Perspective Scanning |
A search for hosts that have services that were last scanned by Censys Scanners within NTT and TELIA ISPs |
service.perspective_id: "PERSPECTIVE_NTT" AND service.perspective_id: "PERSPECTIVE_TELIA" |
|
Searching Web Servers |
A search for hosts with a page title on the HTTP service containing the word "dashboard" |
|
|
Searching Web Servers |
A search for hosts that have an HTTP service that responded with a 500 status code |
|
|
Searching Web Servers |
A search for hosts that have specific HTTP header value pairs |
|
|
Searching TLS |
A search for hosts that have RDP running and that RDP service is presenting a certificate |
same_service(service.service_name: RDP AND service.certificate: *) |
|
Searching TLS |
A search for hosts running SSLv3 |
|
|
Searching TLS |
A search for hosts presenting a TLS certificate with the string "localhost" present in the subject_dn |
|
|
Searching CPE Software, OS, Product, Manufacturer |
A search for hosts running Microsoft IIS 7.5 |
|
|
Searching CPE Software, OS, Product, Manufacturer |
A search for hosts running Microsoft Exchange |
service.software.uniform_resource_identifier: `cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*` |
|
Searching CPE Software, OS, Product, Manufacturer |
A search for hosts presenting a specific operating system and application hardware on the same service |
|
|
Searching CPE Software, OS, Product, Manufacturer |
A search for hosts running a Raspberry Pi product |
|
|
Location Searches |
A search for hosts in Russia |
|
|
Location Searches |
A search for hosts in the Bahamas, excluding Nassau |
Diàtaxis: reference
Comments
0 comments
Article is closed for comments.