An Internet scanning search engine geared to expose security vulnerabilities

This article was 1st published on our sister Site, The Internet Of All Things

new search engine


A recent article in the MIT Technology Review talks of this new public search engine Censys that is helping unearth Online security mishaps and flaws in hardware by companies.

Censys allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, Websites, and certificates are configured and deployed.

The open-source Censys’ data processing facility is backed by data collected from ongoing Internet-wide scans. Designed to help researchers answer security-related questions, Censys supports full-text searches on protocol banners and querying a wide range of derived fields.

For example, as explained in the MIT Tech Review article, it was Censys that helped unearth a “security screwup”. Early this week the Austrian security company SEC Consult had found that over three million routers, modems, and other devices were vulnerable to being hijacked over the Internet. Instead of giving each device a unique encryption key to secure its communications, manufacturers including Cisco and General Electric had lazily used a much smaller number of security keys over and over again.

Censys was launched this October by researchers at the University of Michigan

Censys is maintained by a core team of computer scientists at the University of Michigan and University of Illinois Champaign Urbana, and includes:

Zakir Durumeric
David Adrian
Ariana Mirian
Michael Bailey
J. Alex Halderman

Incidentally, Google is providing infrastructure to power this search engine, which is free to use.

Censys searches data harvested by softwares called ZMap and ZGrab scans of the IPv4 address space, in turn maintaining a database of how hosts and Websites are configured. Researchers can interact with this data through a search interface, report builder, and SQL engine. Every day, Censys is updated with a fresh set of data collected after ZMap “pings” more than four billion of the numerical IP addresses allocated to devices connected to the Internet. Grabbing a fresh set of that data takes only hours.

The data that comes back can identify what kind of device responded, as well as details about its software, such as whether it uses encryption and how it is configured. Searching on Censys for software or configuration details associated with a new security flaw can reveal how widespread it is, what devices suffer from it, who they are operated by, and even their approximate location.

Censys was born after Zakir and his team members found themselves deluged with requests to run scans to help measure new problems.

So how does one use Censys? Here’s a tutorial.

Image Credit: Censys




•Share This•