Censys
https://github.com/censys/censys-python
Install
pip install censys
Configure
censys config
Search
censys search {TARGET_DOMAIN} --pages -1
censys search {TARGET_DOMAIN} --pages -1 -o output.json
censys search {TARGET_DOMAIN} --index-type=hosts --pages -1 -o output.json
censys search {TARGET_DOMAIN} --index-type=certs --pages -1 -o output.json
JQ - get ips (--index-type=hosts)
cat output.json | jq -c '[.[] | .ip]'
cat output.json | jq -c '[.[] | .ip]' > ips.json
Get Details for ips
import json
import time
import requests
AUTH_BASIC = 'xxxxxxxxxxxxxxxxxxxxxx'
def get_ips_from_file():
f = open('input.json')
data = json.load(f)
f.close()
return data
def get_details_info_for_ip(target_ip):
response = requests.get('https://search.censys.io/api/v2/hosts/%s' % target_ip,
timeout=2,
headers={'Authorization': ('Basic %s' % AUTH_BASIC)})
if response.status_code == 200:
ip = json.loads(response.text)['result']['ip']
domains = get_domains(response)
ports = get_ports(response)
print("| {} | {} | {} |".format(ip, ports, domains))
else:
print("| {} | {} | {} |".format(target_ip, ' - ', ' - '))
def get_domains(response):
domains = []
result_ = json.loads(response.text)['result']
dns_ = result_['dns'] if 'dns' in result_ else []
records_ = dns_['records'] if 'records' in dns_ else ()
if len(records_) == 0:
return '-'
for item in records_.items():
if item[1]['record_type'] == 'A':
domains.append(item[0])
return ", ".join(domains)
def get_ports(response):
ports = []
result_ = json.loads(response.text)['result']
services_ = result_['services'] if 'services' in result_ else []
if len(services_) == 0:
return '-'
for service in services_:
ports.append(service['port'])
return " ".join([str(i) for i in ports])
# init
for item in get_ips_from_file():
get_details_info_for_ip(item)
time.sleep(1)
input.json
["111.222.333.444", "222.333.444.555"]