Hosts
What is a Host?
A host is a foundational concept in Internet security, and in the Censys platform.
Formal definition - A network host is a computer or other device connected to a computer network. A host may work as a server offering information resources, services, and applications to users or other hosts on the network. Hosts are assigned at least one network address.
Informal Censys definition - A computer or device that’s connected to the Internet, located at and identified by an IP address.
How do I use the Hosts list page?
The Hosts list page displays all of your organization’s hosts. There are two views of hosts that you can use to explore your online presence: IP address and name. For some investigations, searching for assets you don’t recognize and identify vulnerabilities in your network is easier to do when hosts are indexed by one or the other property, so you can toggle between these views as it suits your workflow.
Hosts Viewed By IP Address
When the IP view is selected, you’ll see a table of all your hosts indexed by their IP address. Other columns in the default view of this table include:
-
Name(s) - Domain and subdomain names obtained via DNS lookups.
-
Ports - The numerical identifiers of the open ports on the host.
-
Protocols - The application-layer protocols that the host is using.
-
Software - Application names and versions running on the host as reported by services on the host.
Column Selection
You can display additional columns with more information about your hosts by clicking the Columns button above the table.
Select or deselect the columns to create your desired view.
Additional column options include:
-
Cloud - The name of the hosting provider or the name of the cloud or data center in which the IP address is hosted.
-
Risks - A count of any risks found on the host by their severity.
-
Risk Categories - The types of attacks or vulnerabilities that identified risks make your host susceptible to.
-
Continent - The continent where the IP address is located.
-
Country - The country where the IP address is located.
-
Country Code - The two-letter country code where the IP address is located.
-
Province - The state or province where the IP address is located.
-
Source - An enumeration indicating how the host was added to your attack surface: as part of a netblock seed, from a cloud connector, or via Censys discovery scans.
-
ASN - The autonomous system number that the IP address is part of.
-
Online - Whether the host has at least one port open, based on the latest scan.
-
Discover Date - The date this host was first attributed to your organization.
-
CVE - Any vulnerabilities, identified by their unique CVE ID, associated with the host, based on the host’s reported software.
-
Tags - Any tags you have applied to this asset.
Hosts Viewed by Name
When the Name view is selected, you’ll see a table of all your hosts indexed by name. Other columns in the default view of this table include:
-
IP Addresses - The number of IP addresses a name is associated with. Parent domain rows display the total IP addresses of all subdomains.
-
Ports - The numerical identifiers of the open ports on the hosts associated with a name.
-
Protocols - The application-layer protocols that the hosts are using.
-
Software - Application names and versions running on the hosts as reported by services on the host.
-
Tags - Any tags you have applied to this asset.
Column Selection
Select or deselect the columns to create your desired view.
Additional column options include:
-
CDN - The name of the Content Delivery Network that this host is part of, if applicable.
-
On Shared Web Host - Whether or not one or more of the hosts that the name resolves to is a shared web host.
Filters
Filters allow for very high granularity in selecting hosts to display or exclude from display.
Saved filters are stored in a dropdown on top of the table, and you can save new filters by clicking the Save Filter buttons located in the Filters builder or above invoked filters.
Provide a name for the filter combination and click Save Filter.
The applied name will appear around the group of filters at the top of the list, and the saved filter can be invoked at any time by selecting it from the Saved Filter dropdown.
Download Host Data
Export the host list as a comma separated value (CSV) sheet for use in other products and workflows. Click the Download CSV button in the right-hand corner of the IP view of the host list.
The default filename is {timestamp}_{customerName}_HostByIpExport.csv, and the columns in the CSV file reflect the columns displayed in the table when exported.
Host Details
Click on the linked IP address in the table to see a host detail page with additional information.
The title of the page is the host’s IP address. Any tags applied to the host are shown underneath, with an X option to remove them. Add a new tag by clicking the Add Tag button. In the modal that appears, type the name of a new tag and select the color, or choose from existing tags that appear in the dropdown menu.
Host Risk Tab
If there are risks on the host, a red warning icon next to the Risks tab near the top of the page announces them. Click the tab to see the list of identified risks, details, and remediation recommendations.
Default ordering of the list is by detection date, with the newest on top. Sort by severity instead by using the dropdown menu above the list on the right.
Recent Host Activity
The first card on the page displays recent activity related to this host, taken from the logbook. Activity includes events such as new open ports, certificates the host has presented during any TLS handshakes with Censys, and software and vulnerabilities events.
Clicking the blue View All button at the bottom will expand the card so you can see all events related to this host since Censys added it to your organization.
If you want to filter the events further, excluding or including only certain types, you can click the Go to Logbook button that appears in the top-right corner of the card, and go to the Logbook page, where those refinement options are available.
The Logbook page will show the IP address filter already set for the chosen host.
For more information on the events that can appear in the recent activity card, see the logbook article.
Trail
The next card displays a list of assets whose connections to this host were used to determine with confidence that this host belongs to your organization.
If you decide, after investigating, that you do not want Censys to track this host for you, you can click the blue Remove button on the upper right-hand side of the page.
This action will remove the asset and put in on an excluded asset list so it will not reappear in subsequent Censys attributions.
General Info
The card on the far right of the page enriches the host information gained from scan with other contextual data.
-
Location - The country, and state or province shown on a map at the top.
-
Fully Qualified Domain Names - Name obtained by reverse and forward DNS.
-
Network WHOIS Org Name - The organization name associated with the net block.
-
Autonomous System - The ASN that the host is a member of.
-
Cloud - The cloud provider where the IP is hosted.
|
Note
|
This general information may not be available if the IP is hosted privately. |
Protocols and Ports
This card breaks down every protocol the host is using on its open ports and additional detail to help you identify and secure the services there.
The default view of the table is keyed by protocol, but you can choose to view the chart by port by clicking the Ports tab at the top of the card.
All ports and protocols are shown by default. Clicking a port or protocol will hide others in the table. To return to an all ports/protocol view, select the "Show All" checkbox.
The columns in the table provide detailed information about the service that Censys detected running on a particular port, and include:
-
Protocol - The application-layer protocol that the service uses to communicate with clients.
-
Port - The port number used to receive and send application-related communications.
-
Software - The name and version of the software running on the port, if known.
-
Scan Data - Structured data for the port, protocol pair obtained during scan.
Click the button on the right side of the row to view structured data in a table or as JSON.
TLS Certificates
The next section of the card displays TLS certificates presented by this host when scanned.
The default view of the table is keyed by certificate fingerprint with the common name displayed above. Other columns in the table provide high-level certificate information such as:
-
Port/Protocol _ The port or protocol that the host presented the certificate on. This column changes with the selection above.
-
Ownership - A category indicating whether the certificate is considered by Censys to be yours or a third party’s.
-
Expiration Date - The date on which the certificate expires and can no longer be trusted by browsers if it is live on a site.
-
Valid - A Censys indicator of trustworthiness, based on the certificate’s features, including trust anchors, formatting, signatures, validity dates, and more.
-
Self-Signed - Whether or not the certificate is self-signed. Self-signed certificates can be an indication of an internal or development certificate not intended to be exposed to the public Internet.
-
Tags - Any tags assigned to this cert.
|
Important
|
Not seeing a certificate you expected? Check for redirects to domains serving as authentication systems, which prevent Censys from seeing the cert. |
To see more about a certificate, click the blue arrow button on the far right of the table row, which will take you to the Certificate details page.
Comments
0 comments
Article is closed for comments.