1. Censys
  2. Censys Search
  3. Getting Started with Censys Search 2.0

Other Articles In This Section

See more

In this article:

Search 2.0 Quick Start Guide

  • Updated

Censys Search makes Internet-facing hosts and certificates searchable, just like Google makes websites searchable.

The best way to get started with Censys Search is to prepare a list of questions you want to answer. Each question you’re asking will be expressed as one or more search queries written in the Censys Search Language.

When you write a query, Censys evaluates every host or cert in the dataset you’re searching for matches and returns that list to you.

Host Queries: Questions About Hosts

Here’s an example query of hosts.

This query (expressed as a field, value pair):

services.tls.certificates.leaf_data.subject.common_name: censys.io

asks the question:

"Which hosts (and virtual hosts) are presenting a certificate during a TLS handshake that has a common name containing censys.io?"

Here’s what that question and answer looks like on the the Search web UI.

Annotated Censys search results page for hosts

See the 169 answers in the web UI.

Host Search Result Settings

Censys Search offers several settings for search results.

search settings

Sort Order Options

Choose from several options for the order of results from your search query:

  • Relevance — Orders results from most closely matching your search query to least closely matching.

  • Ascending — Orders results from lowest numerical IP address to highest.

  • Descending — Orders results from highest numerical IP address to lowest.

  • Random — Randomizes results matching your search query.

Number Hits Per Page

Choose how many hits to display on each page of search results:

  • 25

  • 50

  • 100

Virtual Hosts

Choose whether to include or restrict results to virtual hosts, which model hosts identified by both an IP address and name.

Learn more about virtual hosts

Certificate Queries: Questions About Certificates

Here’s an example for certs. This query:

parsed.validity.end: [2022-08-03 TO *} and
parsed.signature.self_signed: true and
not parsed.subject.common_name: * and
metadata.source: scan and
parsed.extensions.basic_constraints.is_ca: false

asks the question:

"Which unexpired, self-signed, nameless certificates that are not used for signing other certificates were found while Censys was scanning hosts?"

Here’s what that looks like in the web UI:

Annotated Censys search results page for certificates

See the 1,312,887 answers in the web UI.

Note about searching certificates: There are some small differences in the Search Language used to write queries against certificates vs. hosts.

Generate Reports

Use the Reports feature to understand the distribution of values for a field across a set of hosts or certificates.

To create a report, first provide criteria for hosts or certificates to evaluate in the search bar using the Censys Search Language.

report page

Then click the Report tab on the right side of the results page.

On the report page, type the name of the field whose values you want to see a breakdown for, and select the number of buckets to aggregate values into.

Learn More

Dig in with an introduction to the Censys Search Language, the Host data model, or Certificates.

Related articles

Comments

0 comments

Article is closed for comments.