Censys IoT / ICS Search Cheat Sheet (DRAFT) by lindner.brett

The other modality of search querying, text entry, is bound by a dotted­-ke­yword format, modifiable by boolean operators, some examples follow:

"­loc­ati­on.c­ou­ntr­y_code: US and protocols: ("23­/te­lne­t" or "­80/­htt­p")"
This will identify any intern­et-­facing US host exposing TELNET or HTTP.

"­loc­ati­on.c­ity: Chicago and tags: ("sc­ada­")
This will identify any intern­et-­facing host in Chicago with a banner tag of 'scada'.

Use a '*' to represent zero or more charac­ters.

Example:
ip: [50.45.128.0 to 50.47.2­55.255] and servic­es.tls: *
This will return any host in the stated IP range which has completed a TLS handshake.

Note:
The '?' is used to represent a single character.

Free account sign-up is required to utilize the basic search engine;
Host & Certif­icate search is supported under this config­ura­tion.

Regex support in search queries is a paid feature, email sales@­cen­sys.io for pricing inform­ation.

API support is available, access & manage keys here:
https:­//s­ear­ch.c­en­sys.io­/ac­cou­nt/api

Broad searches are possible, as per the following examples:

autono­mou­s_s­yst­em.d­es­cri­ption: "­Uni­ver­sit­y"

servic­es.s­of­twa­re.p­ro­duct: "­Ras­pberry Pi"

not servic­es.s­er­vic­e_name: HTTPS

The full list of available fields is located here:

https:­//s­ear­ch.c­en­sys.io­/se­arc­h/d­efi­nit­ion­s?r­eso­urc­e=hosts

NOTE: This is an EXTENSIVE list.