def module_run(self, hosts):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for host in hosts:
host = host.strip('"')
self.heading(host, level=0)
try:
query = c.search(f"name:{host}", virtual_hosts="ONLY")
except CensysException:
self.print_exception()
continue
for hit in query():
common_kwargs = {
"ip_address": hit["ip"],
"host": hit.get("name"),
}
location = hit.get("location", {})
coords = location.get("coordinates", {})
self.insert_hosts(
region=location.get("continent"),
country=location.get("country"),
latitude=coords.get("latitude"),
longitude=coords.get("longitude"),
**common_kwargs,
)
for service in hit.get("services", []):
self.insert_ports(
port=service["port"],
protocol=service["transport_protocol"],
notes=service["service_name"],
**common_kwargs,
)
def __init__(self,
api_id: Optional[str] = None,
api_secret: Optional[str] = None):
"""Inits CensysHNRI.
Args:
api_id (str): Optional; The API ID provided by Censys.
api_secret (str): Optional; The API secret provided by Censys.
"""
self.index = CensysHosts(api_id, api_secret)
def intel(self, type, query, data, conf):
if type == "ip":
print("[+] Checking Censys...")
api = CensysHosts(conf['Censys']['id'], conf['Censys']['secret'])
ip = api.view(query)
for service in ip["services"]:
data["ports"].append({
"port": service["port"],
"info": service["service_name"],
"source": "Censys"
})
def get_hosts(cert_fingerprints, api_id, api_secret):
try:
censys_hosts = CensysHosts(api_id=api_id,
api_secret=api_secret,
user_agent=USER_AGENT)
hosts_query = f"services.tls.certificates.leaf_data.fingerprint: {{{','.join(cert_fingerprints)}}}"
hosts_search_results = censys_hosts.search(hosts_query).view_all()
return set([r["ip"] for r in hosts_search_results.values()])
except CensysUnauthorizedException:
sys.stderr.write(INVALID_CREDS)
exit(1)
except CensysRateLimitExceededException:
sys.stderr.write(RATE_LIMIT)
exit(1)
def port_scan(hostx, censys_id, censys_secret, counter):
c = CensysHosts(censys_id, censys_secret)
for ip in hostx.resolved_ips:
try:
response = c.view(ip.address)
ports = response.get("ports", [])
if ip.ports:
ip.ports.update(ports)
else:
ip.ports = ports
counter.ports = counter.ports + len(hostx.ports)
except:
time.sleep(1)
continue
def module_run(self, netblocks):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for netblock in netblocks:
self.heading(netblock, level=0)
try:
# we only need one per netblock since they'll all have the same by ASN
report = c.aggregate(
f"ip:{netblock}",
fields="autonomous_system.name",
num_buckets=int(self.options.get("NUM_BUCKETS", "100")),
)
except CensysException:
self.print_exception()
continue
for bucket in report.get("buckets", []):
company = bucket.get("key")
self.insert_companies(company=company)
def module_run(self, emails):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for email in emails:
email = email.strip('"')
self.heading(email, level=0)
try:
report = c.aggregate(
f'services.tls.certificates.leaf_data.subject.email_address:"{email}"',
field="services.tls.certificates.leaf_data.names",
num_buckets=self.options.get("num_buckets", 100),
)
except CensysException:
self.print_exception()
continue
for bucket in report.get("buckets", []):
domain = bucket.get("key")
self.insert_domains(domain=domain, notes=f"Email: {email}")
def module_run(self, companies):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for company in companies:
company = company.strip('"')
self.heading(company, level=0)
try:
query = c.search(
f'autonomous_system.name:"{company}"',
per_page=int(self.options.get("PER_PAGE", "100")),
pages=int(self.options.get("PAGES", "1")),
virtual_hosts=self.options.get("VIRTUAL_HOSTS", "EXCLUDE"),
)
except CensysException:
self.print_exception()
continue
for hit in query():
ip = hit["ip"]
name = hit.get("name")
if name:
self.insert_domains(domain=name,
notes="+".join((ip, name)))
common_kwargs = {
"ip_address": ip,
"host": name,
}
location = hit.get("location", {})
coords = location.get("coordinates", {})
self.insert_hosts(
region=location.get("continent"),
country=location.get("country"),
latitude=coords.get("latitude"),
longitude=coords.get("longitude"),
**common_kwargs,
)
for service in hit.get("services", []):
self.insert_ports(
port=service["port"],
protocol=service["transport_protocol"],
notes=service["service_name"],
**common_kwargs,
)
def module_run(self, hosts):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for ip in hosts:
ip = ip.strip('"')
self.heading(ip, level=0)
try:
host = c.view(ip)
except CensysException:
self.print_exception()
continue
for service in host.get("services", []):
self.insert_ports(
ip_address=ip,
port=service["port"],
protocol=service["transport_protocol"],
banner=service.get("banner"),
notes=service["service_name"],
)
def module_run(self, companies):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for company in companies:
company = company.strip('"')
self.heading(company, level=0)
try:
query = c.search(
f'services.tls.certificates.leaf_data.subject.organization:"{company}"',
virtual_hosts="INCLUDE",
)
except CensysException:
self.print_exception()
continue
for hit in query():
ip = hit["ip"]
name = hit.get("name")
if name:
self.insert_domains(domain=name,
notes="+".join((ip, name)))
common_kwargs = {
"ip_address": ip,
"host": name,
}
location = hit.get("location", {})
coords = location.get("coordinates", {})
self.insert_hosts(
region=location.get("continent"),
country=location.get("country"),
latitude=coords.get("latitude"),
longitude=coords.get("longitude"),
**common_kwargs,
)
for service in hit.get("services", []):
self.insert_ports(
port=service["port"],
protocol=service["transport_protocol"],
notes=service["service_name"],
**common_kwargs,
)
def module_run(self, companies):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for company in companies:
company = company.strip('"')
self.heading(company, level=0)
try:
report = c.aggregate(
"same_service(services.tls.certificates.leaf_data.subject.email_address:*"
" and "
f'services.tls.certificates.leaf_data.subject.organization:"{company}")',
field="services.tls.certificates.leaf_data.subject.email_address",
num_buckets=int(self.options.get("NUM_BUCKETS", "100")),
)
except CensysException:
self.print_exception()
continue
for bucket in report.get("buckets", []):
email = bucket.get("key")
self.insert_contacts(email=email)
def module_run(self, domains):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for domain in domains:
domain = domain.strip('"')
self.heading(domain, level=0)
try:
query = c.search(
f"{domain}",
per_page=int(self.options.get("PER_PAGE", "100")),
pages=int(self.options.get("PAGES", "1")),
virtual_hosts=self.options.get("VIRTUAL_HOSTS", "ONLY"),
)
except CensysException:
self.print_exception()
continue
for hit in query():
common_kwargs = {
"ip_address": hit["ip"],
"host": hit.get("name"),
}
location = hit.get("location", {})
coords = location.get("coordinates", {})
self.insert_hosts(
region=location.get("continent"),
country=location.get("country"),
latitude=coords.get("latitude"),
longitude=coords.get("longitude"),
**common_kwargs,
)
for service in hit.get("services", []):
self.insert_ports(
port=service["port"],
protocol=service["transport_protocol"],
notes=service["service_name"],
**common_kwargs,
)
def module_run(self, domains):
api_id = self.get_key("censysio_id")
api_secret = self.get_key("censysio_secret")
c = CensysHosts(api_id, api_secret)
for domain in domains:
domain = domain.strip('"')
self.heading(domain, level=0)
try:
report = c.aggregate(
"same_service(services.tls.certificates.leaf_data.names:"
f" {domain} and"
" services.tls.certificates.leaf_data.subject.organization: *)",
field=
"services.tls.certificates.leaf_data.subject.organization",
num_buckets=int(self.options.get("NUM_BUCKETS", "100")),
)
except CensysException:
self.print_exception()
continue
for bucket in report.get("buckets", []):
company = bucket.get("key")
self.insert_companies(company=company,
description=f"Domain: {domain}")
def run(self, conf, args, plugins):
if 'subcommand' in args:
if args.subcommand == 'ip':
api = CensysHosts(conf['Censys']['id'],
conf['Censys']['secret'])
if args.events:
res = api.view_host_events(args.IP)
print(
json.dumps(res,
sort_keys=True,
indent=4,
separators=(',', ': ')))
else:
try:
ip = api.view(args.IP)
print(
json.dumps(ip,
sort_keys=True,
indent=4,
separators=(',', ': ')))
except censys.base.CensysNotFoundException:
print('IP not found')
elif args.subcommand == 'cert':
try:
print(
"Viewing certs is not implemented yet, seeing hosts for this cert:"
)
c = CensysCerts(conf['Censys']['id'],
conf['Censys']['secret'])
res = c.get_hosts_by_cert(args.ID)
except censys.base.CensysNotFoundException:
print("Certificate not found")
else:
print(
json.dumps(res,
sort_keys=True,
indent=4,
separators=(',', ': ')))
elif args.subcommand == 'subdomains':
subdomains = self.get_subdomains(conf, args.DOMAIN,
args.verbose)
for d in subdomains:
print(d)
elif args.subcommand == 'search':
api = CensysHosts(conf['Censys']['id'],
conf['Censys']['secret'])
if args.file:
with open(args.QUERY) as f:
query = f.read().strip()
else:
query = args.QUERY
print("Searching for {}".format(query))
if args.output:
fout = open(args.output, "w+")
total = 0
for page in api.search(query, per_page=100, pages=args.pages):
if args.output:
for host in page:
if args.verbose:
fout.write("{},{},{},{}\n".format(
host["ip"], host["location"]["country"],
host["autonomous_system"]["asn"],
host["autonomous_system"]["name"]))
else:
fout.write("{}\n".format(host["ip"]))
total += len(page)
print("{} ips written in {}".format(
total, args.output))
else:
for host in page:
if args.verbose:
try:
print("{} - [{}] - [{}]".format(
host["ip"], ", ".join([
str(a["port"]) + "/" +
a["service_name"]
for a in host["services"]
]), host["autonomous_system"]["asn"] +
" / " +
host["autonomous_system"]["name"]))
except KeyError:
print(host["ip"])
else:
print(host["ip"])
# To avoid rate limiting
time.sleep(0.5)
else:
self.parser.print_help()
else:
self.parser.print_help()
class CensysHNRI:
"""Searches the Censys API for the user's current IP to scan for risks."""
HIGH_RISK_DEFINITION: List[str] = ["TELNET", "REDIS", "POSTGRES", "VNC"]
MEDIUM_RISK_DEFINITION: List[str] = ["SSH", "HTTP", "HTTPS"]
def __init__(self,
api_id: Optional[str] = None,
api_secret: Optional[str] = None):
"""Inits CensysHNRI.
Args:
api_id (str): Optional; The API ID provided by Censys.
api_secret (str): Optional; The API secret provided by Censys.
"""
self.index = CensysHosts(api_id, api_secret)
@staticmethod
def get_current_ip() -> str:
"""Uses ipify.org to get the current IP address.
Returns:
str: IP address.
"""
response = requests.get("https://api.ipify.org?format=json")
current_ip = str(response.json().get("ip"))
return current_ip
def translate_risk(self,
services: List[dict]) -> Tuple[List[dict], List[dict]]:
"""Interpret protocols to risks.
Args:
services (list): List of services.
Returns:
Tuple[list, list]: Lists of high and medium risks.
"""
high_risk = []
medium_risk = []
for service in services:
service_name = service.get("service_name")
if service_name in self.HIGH_RISK_DEFINITION:
high_risk.append(service)
elif service_name in self.MEDIUM_RISK_DEFINITION:
medium_risk.append(service)
else:
medium_risk.append(service)
return high_risk, medium_risk
def make_risks_into_table(self, title: str, risks: List[dict]) -> Table:
"""Creates a table of risks.
Args:
title (str): Title of the table.
risks (list): List of risks.
Returns:
Table: Table of risks.
"""
table = Table("Port", "Service Name", title=title, box=box.SQUARE)
for risk in risks:
table.add_row(str(risk.get("port")), risk.get("service_name"))
return table
def risks_to_string(self, high_risks: list,
medium_risks: list) -> List[Any]:
"""Risks to printable string.
Args:
high_risks (list): Lists of high risks.
medium_risks (list): Lists of medium risks.
Raises:
CensysCLIException: No information/risks found.
Returns:
list: Printable objects for CLI.
"""
len_high_risk = len(high_risks)
len_medium_risk = len(medium_risks)
if len_high_risk + len_medium_risk == 0:
raise CensysCLIException
response: List[Any] = []
if len_high_risk > 0:
response.append(
self.make_risks_into_table(
":exclamation: High Risks Found",
high_risks,
))
else:
response.append("You don't have any High Risks in your network\n")
if len_medium_risk > 0:
response.append(
self.make_risks_into_table(
":grey_exclamation: Medium Risks Found",
medium_risks,
))
else:
response.append(
"You don't have any Medium Risks in your network\n")
return response
def view_current_ip_risks(self):
"""Gets protocol information for the current IP and returns any risks."""
current_ip = self.get_current_ip()
try:
console.print(f"Searching for information on {current_ip}...")
results = self.index.view(current_ip)
services = results.get("services", [])
high_risk, medium_risk = self.translate_risk(services)
for res in self.risks_to_string(high_risk, medium_risk):
console.print(res)
console.print(
f"\nFor more information, please visit: https://search.censys.io/hosts/{current_ip}"
)
except (CensysNotFoundException, CensysCLIException):
console.print(
"[green]:white_check_mark: No Risks were found on your network[/green]"
)
