By default, Censys performs full-text searches. For example, searching for
Dell will find any hosts where the word Dell appears in the
record—it won't limit the search to Dell manufactured devices. However, this is possible
by querying specific fields using the follow syntax:
Censys records are structured and allow
querying specific fields. For example, you can search for all hosts with a
specific HTTP status code with the following query:
200. You can view a list of defined fields under the Data
Definitions tab or by looking at the details of a host.
For example, here are the fields for the Censys web server.
You can compose multiple statements using the terms
not, and parentheses. For example,
("Schneider Electric" or Dell) and 22.214.171.124/14. By
default, all included terms are optional (i.e., executed as an
Networks, Host Names, and Protocols
You can search for IP
addresses using CIDR notation (e.g.,
ip:126.96.36.199/14) or by specifying a range of addresses:
ip:[188.8.131.52 TO 184.108.40.206]. You can search for
hosts that serve a particular protocol by searching the protocols field, e.g.,
You can search for ranges of numbers using
for inclusive ranges and
} for exclusive
ranges. For example,
80.http.get.status_code:[200 TO 300].
Dates should be formatted using the following syntax:
TO 2012-12-31]. One sided limits can also be specified:
[2012-01-01 TO *]. Warning!
TO operator must be capitalized.
Wildcards and Regular Expressions
By default, Censys searches for complete words. In other words, the search
Del will not return records that contain the word
Wildcard searches can be run on individual terms, using
replace a single character, and
* to replace zero or more
characters. For example, if you want to search for words that start with
Del, you would search for
You can also search using regular expressions, e.g.,
metadata.manufacturer.raw:/De[l]+/. The full regex syntax is available
note Censys treats data as lowercase when executing regular expressions.
The exception is
.raw fields, which retain their original casing.
metadata.manufacturer:/de[l]+/ will produce similar results;
metadata.manufacturer:/De[l]+/ will produce no results. Since Censys treats this field as lowercase,
D will never match a word.
The boost operator (
^) can be used to
make one term more relevant than another. For example,
metadata.manufacturer: Dell^2 OR "Schneider Electric" places more
preference on the Dell keyword.
The following characters must be escaped with a backslash: