Domain ASM Assets
The Domains page shows all of the DNS domains associated with your organization. These domains come from seed data you provided, observations made during Censys Internet scans, DNS analysis, and certificate transparency logs. You see domains unique to your business, as well as shared domains, such as cloud services, where you have services running.
You can use this page to explore your online presence, search for assets you don’t recognize, and identify vulnerabilities in your network.
In the table, you see a catalog of all your domains.
Other columns in the view of the table include:
-
Names Count: The number of distinct DNS hostnames and subdomains associated with the domain name.
-
Registrar: The registrar or reseller with which the domain name was registered.
-
Expiration Date: The date when the domain name registration expires and is released into the available domain pool.
-
Cloud Provider: The name of the Cloud Service Provider whose name servers are authoritative for this domain, if applicable.
You can view additional columns with more information about your hosts by clicking Columns in the table header. Select or clear the columns to create your view.
Additional column options include:
-
Names: The hostnames and subdomains associated with the domain name.
-
Source: An enumeration indicating how the domain was added to your attack surface: as a seed, from a cloud connector, or via Censys discovery scans.
-
Association Date: The date that the domain was added to your attack surface.
-
Tags: Any tags applied to this asset.
You can export the domain inventory as a comma separated value (CSV) file for use in other products and workflows. Click Download CSV in the right corner. The default filename is {timestamp}_{customerName}_DomainsExport.csv
. The columns in the CSV file reflect the columns shown in the table when exported.
Navigate the domain listing page by paginating, or by applying filters. You can select or exclude domains from the list based on the following properties:
-
Domain Name: The DNS name.
-
Registrar: The registrar or reseller with which the domain name was registered.
-
Name Server: The name of the server responsible for answering DNS lookups, as obtained from the DNS record for the domain name. Usually there are 2 or more for redundancy.
-
Mail Server: The name of the server which receives mail for mailboxes in the domain, as obtained from MX records for the domain name. This section is empty if there are no mail servers set up for the domain.
-
Expiration Date: A date on which the domain name registration expires. Choose between a range or a date to reference before or after.
-
Tags: Any tags you applied to the asset.
-
Association Date: The date the domain was added to your organization’s collection of domains.
Each domain in the table on the list page links to a domain detail page with additional information about the hostnames, subdomains, and certificates.
From here, you can also view the Censys Search app’s page for this domain to see even more information.
In the header of the page, general information about the domain includes:
-
Company Name: The name of the company that registered the domain.
-
Abuse Email: The email address to contact if you suspect abuse of this domain.
-
Registrar: The name of the registrar or reseller with whom the domain was registered.
-
Creation Date: The date that the domain was registered.
-
Expiration Date: The date when the domain name registration expires, at which time it becomes available for others to purchase. If you plan to continue using this domain beyond the duration shown, renew before the expiration date.
-
Name Servers: The service responsible for doing the DNS lookup, as obtained from the DNS record for the domain name. Usually there are 2 or more for redundancy.
-
Mail Servers: The servers which receive mail for mailboxes in the domain, as obtained from the MX records for the domain name. This section is not present if no mail servers are set up for the domain.
The first card on the page shows recent activity related to this domain, taken from the logbook. Activity includes events such as new subdomains, registrar and expiration date changes, and name server and mail server changes.
Clicking View All at the bottom expands the card so you can see all events related to this host after Censys added it to your organization.
If you want to filter the events further, excluding or including only certain types, you can click Filter in the upper right corner of the card, and go to the Logbook page, where those refinement options are available.
The Logbook page shows the domain filter already set for the selected domain.
The next card shows a list of assets whose connections to this domain were used to determine with confidence that it belongs to your organization.
If you decide after investigating that you do not want Censys to track this domain for you, you can click Remove on the right side of the page.
This action removes the asset and puts in on an excluded asset list so it does not reappear in subsequent Censys attributions.
The paginated table at the bottom of the page shows all of the subdomains of the parent whose page you’re on.
Columns in this table include:
-
Subdomain: The subdomain of the domain name at the top of the page.
-
IP Addresses: All of the hosts that this subdomain resolves to via DNS records.
-
Ports: All of the unique port numbers open across all of the hosts that the name resolves to.
Note that if the domain name whose page you’re on is also a name that resolves to a host, it is represented as a subdomain.
-
To see more information about a subdomain, click the linked name in the first column of the table.
-
To see more information about one of the hosts connected to a subdomain, click the linked IP address.
The subdomain details page is similar in layout to its parent domain page, with an overview card about its parent domain, a trail card showing the asset path that led to the inclusion of the subdomain in your attack surface, and recent logbook activity pertaining to the subdomain.
The Subdomain information card has 2 tabs that provide connections to other assets in your attack surface related to this subdomain: hosts and certificates.
The table on the Hosts tab contains a row for each of the services running on each of the hosts that this subdomain resolves to via DNS records.
Columns in this table include:
-
IP Addresses: All of the hosts that this subdomain resolves to via DNS records.
-
Port: The port number open on this host, represented with the underlying transport protocol (TCP or UDP) used to interact with the service running there.
-
Protocol: The application-layer protocol detected on the open port.
-
Software: Any software packages and versions detected during scan.
-
Banner Data: Content returned by the service during scan.
The table on the Certificates tab contains a row for each of the X.509 certificates containing the subdomain in a names section.
Columns in this table include:
-
Common Name: The common name (if applicable) of the certificate. The SHA-256 fingerprint is shown below.
-
Safety Assessment: A Censys assessment of any risks with the certificate.
-
Ownership: The ownership of the certificate, whether it is yours, or a suspected third party’s (read as Unknown).
-
In Use: Whether or not the certificate is being used to verify a service’s identity.
Comments
0 comments
Article is closed for comments.