Searching Software in Search 2.0
How to Search for Software
If you have a CPE-formatted URI:
Paste it as the value for
services.software.uniform_resource_identifier in the Search bar.
|Don’t forget to wrap your identifier string in back ticks (`) to escape all of the reserved characters!|
If you don’t have a CPE-formatted URI:
Search other software fields with more friendly (but still CPE-informed) names and values, like:
services.software.vendor— Search for things like
services.software.product— Search for things like
services.software.version— Search for things like
8.0(You’ll probably want to combine this with a value for the
productfield inside the
Or look up the CPE URI in the dictionary (an XML file) provided by the National Vulnerabilities Database.
If you have a Hershel+ Fingerprint
Paste the ID as a value for
services.transport_fingerprint.id in the Search bar.
Software Fields in Censys Host Records
Software information is kept in three places in a host record:
"Host Operating System" (
operating_system)— Censys' best estimate of the host’s operating system.
"Service Software" (
services.software)— The software reported at OSI Layer 7 when connecting to a service on a host.
"Transport Fingerprint" (
services.transport_fingerprint) — The software detected at OSI Layer 4 when connecting to a service on a host.
Host Operating System Fields
Censys' best estimate of a host’s operating system is stored at the root level of the host entity in a record called
Each field in the record is defined in the Host Operating System table with its value type.
This record can be populated from a few software identification methods that Censys employs at different networking layers.
An operating system detected at OSI Layer 7 is preferred over an OSI Layer 4 detection, and the most specific version information will be preferred.
Service Software (L7)
Censys considers software and OS reporting on OSI Layer 7 to be the most reliable. Multiple software products, hardware, and operating systems can be detected, so this information is stored in an array called
software with other general service information.
Each field in a software record is defined in Service Software table with its value type.
Transport Fingerprint (L4)
Censys uses the Hershel+ algorithm for fingerprinting operating systems at the transport layer (OSI Layer 4). This information, if obtained, is found in service records under the name
Each field in the record is defined in the Miscellaneous Service Info table with its value type.
Censys retains raw observations with no matching fingerprint in the
services.transport_fingerprint.raw for searching. The
services.transport_fingerprint.id field for an unknown fingerprint will not be present in this case.
|Currently, Censys only attempts to obtain transport fingerprints when the transport protocol is TCP, not UDP.|
About Censys' Choice of the CPE Format
As a widely adopted, standardized format for representing software, the Common Platform Enumeration promotes interoperability between security tools, so Censys has adopted this format in its host and service schemas.
Please sign in to leave a comment.