Get full access to data about 50% more hosts. Learn More


Ready to Get

Request a Demo or


Playing Defense By Locating Pre-Attacks

by · February 5th, 2019

Defend your organization before phishing campaigns are even launched by finding adversary pre-attack infrastructure. In this post, we provide a few tips for finding fraudulent domains in Censys.

The Most Common Protocol You’ve Never Heard Of

by · January 29th, 2019

As CWMP is one of most common protocol across the Internet, we explored the security of the protocol and what kind of risks it poses. Moreover, are there any real risks for the corporate world or is this just a consumer technology problem?

Track & Monitor IPMI Devices

by · January 23rd, 2019

We recently started scanning for IPMI devices in Censys so that administrators can search for them and prioritize migrating them to a private network.

Magecart - Threat Hunting Edition

by · January 15th, 2019

Magecart was the malware behind the British Airways and Ticketmaster data breaches a few years back and, unfortunately, it’s still alive and well. Here's how to hunt for Magecart using Censys.

Finding and Monitoring RDP and VNC with Censys

by · January 7th, 2019

We added data for remote desktop protocol (RDP) and virtual network computing (VNC) to Censys. Now you can search for any RDP or VNC servers that are online and tied to your organization and ensure that they’re locked down appropriately.

Finding Apache Tomcat Servers in Your Network

by · December 4th, 2018

Today, we’re going to show you how you might look for suspicious-looking Apache Tomcat servers and either secure them or take them offline to prevent exploitation.

Who's Down with IPP?: Finding Internet-Connected Printers with Censys

by · September 24th, 2018

Censys results now include Internet Printing Protocol (IPP), which allows anyone to get a quick read of how many printers are connected to the Internet and locate any printers their organization may have inadvertently exposed to the public

Find Oracle Database Servers with CVE-2018-3110 Vulnerability

by · September 21st, 2018

Oracle recently released a critical patch for their Database Server product. This post explains how to find servers on the Internet that are affected by this vulnerability.

Introducing Relational Database Scanning

by · June 18th, 2018

To help organizations investigate and monitor whether they’ve mistakenly exposed databases, we're adding scanning for four popular relational database servers: MySQL, PostgreSQL, Microsoft SQL Server, and Oracle Database.

The FREAK Attack

by · March 3rd, 2015

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.

The POODLE Attack and Tracking SSLv3 Deployment

by · October 4th, 2014

On Tuesday, October 14, 2014, Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.

Heartbleed Bug Health Report

by · April 7th, 2014

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords. More information and frequently asked questions can be found in the initial disclosure.

HTTPS Ecosystem Scans

by Zakir Durumeric · October 1st, 2013

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem—the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure.

Ready to Get Started?

Get a real-time view of all your organization's assets so you can proactively prevent threats.