A new search engine, similar to Shodan.io but more hacker-friendly


Censys is a search engine that was released in October by researchers from the University of Michigan as part of an open source project that aims at maintaining a “complete database of everything on the Internet” helping researchers and companies unearth Online security mishaps and vulnerabilities in products and services.

Censys allows to search both in text mode or with SQL syntax, allowing researchers to run queries against the raw datasets and historical snapshots.

How do it work?

Censys maintains three datasets through daily ZMap scans of the Internet and by synchronizing with public certificate transparency logs:

You can search for records that meet certain criteria (e.g., IPv4 hosts in Germany manufactured by Siemens, or browser trusted certificates for github.com), generate reports on how websites are configured (e.g., what cipher suites are chosen by popular websites?), and track how networks have patched over time.

We also post all of our raw data, provide programmatic access through a REST API, and publish reports on protocol deployment and the supporting PKI.

Research Paper

The research paper on Censys — A Search Engine Backed by Internet-Wide Scanning — appeared at the 22nd ACM Conference on Computer and Communications Security (CCS) in October 2015.

The paper contains a full description of Censys’s architecture and several use cases.

https://www.censys.io/static/censys.pdf

If you would like to give Censys a try, you can follow the step-by-step tutorial!