How to View Software in Exposure Management
In Exposure Management, you can search for software that needs to be updated or contains a vulnerability in your organization’s Internet-accessible hosts.
Three sources for software are pulled from scan results:
- A fingerprint (i.e., a Censys mapping to CPE-formatted software names)
- The HTTP x-powered-by field in an HTTP header
- The HTTP server header field in an HTTP field. This information is provided in a
sourcefield in our APIs and in the Source column on the Software list page.
|Censys only identifies end-of-life (EOL) versions for fingerprinted software.
How to view the software in your organization
Open Exposure Management. Click Inventory and then click Software. The Software Inventory screen appears. You see a catalog of all your hosts' software, listed by name.
- You can sort the columns to find what you want to focus on.
- Name: The name of the software.
Version: The version of the software reported by 1 or more of your hosts. The software name + version is tied to a vulnerability (known as a CVE-ID) from the Common Vulnerabilities and Exposures (CVE) dictionary. In accordance with the CPE format, an asterisk (
*) appears in the column when the version is unknown.Note
The same name can appear in the list more than 1 time because the versions are different.
- Host Count: The number of your hosts that are reporting this software version.
- CVE Count: The number of CVE-IDs associated with this software version.
Highest Severity Score: The severity score of the most critical CVE ID tied to the software. Severity scores range from 0-10. A higher score is more critical.
When Censys uses the term severity score in relation to CVEs, it is referring to the National Vulnerabilities Database’s Common Vulnerabilities Scoring System (CVSS) Version 2, an industry standard.
- Tags: Any tags applied to the software version.
- Sort the columns to focus on what's important to you. For example, to view items with the highest CVE score, click the Highest Severity Score. You see the most critical CVE ID assigned to the software. Severity scores range from 0-10. A higher score is more critical. You should probably address these issues first.
- To see all the hosts with a specific software severity issue, click the link in the Hosts Count column. The Asset Inventory page opens, showing you the hosts with that risk. Click the Asset ID to see specific details about this asset. This information can help you know more about this host, such as where this host is and what the issues are.
How to Add or Remove Columns in your View
You can view additional columns with more information about your software by clicking the Columns button above the table.
Part: A type enumeration. Values include:
Vendor: The name of the organization providing the software.
Product: The name of the system, package, or component. Product and vendor are sometimes identical.
Source: A Censys-specific field indicating the identification of the software. Values include:
Fingerprint: A Censys mapping of software indicated during protocol-specific scans to CPE-formatted software URIs.
Server: A string pulled from the HTTP server header that had no fingerprint match.
X-Powered-by: A string pulled from the HTTP x-powered-by header that had no fingerprint match.
All Hosts: A list of the IP addresses of the hosts running the software version.
All CVEs: A list of all of the CVE IDs associated with the software version.
Association Date: The date that the software version was first seen on one of your hosts.
How to Download Software Data
After you create a view, you can export the software catalog as a comma separated value (CSV) file for use in other products and workflows.
- Set up the view with the information you want to download.
- Click Download CSV in the right corner. The file downloads. The filename is
- Now you can open it in any tool that opens CSV files.