def module_run(self, hosts): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for host in hosts: host = host.strip('"') self.heading(host, level=0) try: query = c.search(f"name:{host}", virtual_hosts="ONLY") except CensysException: self.print_exception() continue for hit in query(): common_kwargs = { "ip_address": hit["ip"], "host": hit.get("name"), } location = hit.get("location", {}) coords = location.get("coordinates", {}) self.insert_hosts( region=location.get("continent"), country=location.get("country"), latitude=coords.get("latitude"), longitude=coords.get("longitude"), **common_kwargs, ) for service in hit.get("services", []): self.insert_ports( port=service["port"], protocol=service["transport_protocol"], notes=service["service_name"], **common_kwargs, )
def __init__(self, api_id: Optional[str] = None, api_secret: Optional[str] = None): """Inits CensysHNRI. Args: api_id (str): Optional; The API ID provided by Censys. api_secret (str): Optional; The API secret provided by Censys. """ self.index = CensysHosts(api_id, api_secret)
def intel(self, type, query, data, conf): if type == "ip": print("[+] Checking Censys...") api = CensysHosts(conf['Censys']['id'], conf['Censys']['secret']) ip = api.view(query) for service in ip["services"]: data["ports"].append({ "port": service["port"], "info": service["service_name"], "source": "Censys" })
def get_hosts(cert_fingerprints, api_id, api_secret): try: censys_hosts = CensysHosts(api_id=api_id, api_secret=api_secret, user_agent=USER_AGENT) hosts_query = f"services.tls.certificates.leaf_data.fingerprint: {{{','.join(cert_fingerprints)}}}" hosts_search_results = censys_hosts.search(hosts_query).view_all() return set([r["ip"] for r in hosts_search_results.values()]) except CensysUnauthorizedException: sys.stderr.write(INVALID_CREDS) exit(1) except CensysRateLimitExceededException: sys.stderr.write(RATE_LIMIT) exit(1)
def port_scan(hostx, censys_id, censys_secret, counter): c = CensysHosts(censys_id, censys_secret) for ip in hostx.resolved_ips: try: response = c.view(ip.address) ports = response.get("ports", []) if ip.ports: ip.ports.update(ports) else: ip.ports = ports counter.ports = counter.ports + len(hostx.ports) except: time.sleep(1) continue
def module_run(self, netblocks): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for netblock in netblocks: self.heading(netblock, level=0) try: # we only need one per netblock since they'll all have the same by ASN report = c.aggregate( f"ip:{netblock}", fields="autonomous_system.name", num_buckets=int(self.options.get("NUM_BUCKETS", "100")), ) except CensysException: self.print_exception() continue for bucket in report.get("buckets", []): company = bucket.get("key") self.insert_companies(company=company)
def module_run(self, emails): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for email in emails: email = email.strip('"') self.heading(email, level=0) try: report = c.aggregate( f'services.tls.certificates.leaf_data.subject.email_address:"{email}"', field="services.tls.certificates.leaf_data.names", num_buckets=self.options.get("num_buckets", 100), ) except CensysException: self.print_exception() continue for bucket in report.get("buckets", []): domain = bucket.get("key") self.insert_domains(domain=domain, notes=f"Email: {email}")
def module_run(self, companies): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for company in companies: company = company.strip('"') self.heading(company, level=0) try: query = c.search( f'autonomous_system.name:"{company}"', per_page=int(self.options.get("PER_PAGE", "100")), pages=int(self.options.get("PAGES", "1")), virtual_hosts=self.options.get("VIRTUAL_HOSTS", "EXCLUDE"), ) except CensysException: self.print_exception() continue for hit in query(): ip = hit["ip"] name = hit.get("name") if name: self.insert_domains(domain=name, notes="+".join((ip, name))) common_kwargs = { "ip_address": ip, "host": name, } location = hit.get("location", {}) coords = location.get("coordinates", {}) self.insert_hosts( region=location.get("continent"), country=location.get("country"), latitude=coords.get("latitude"), longitude=coords.get("longitude"), **common_kwargs, ) for service in hit.get("services", []): self.insert_ports( port=service["port"], protocol=service["transport_protocol"], notes=service["service_name"], **common_kwargs, )
def module_run(self, hosts): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for ip in hosts: ip = ip.strip('"') self.heading(ip, level=0) try: host = c.view(ip) except CensysException: self.print_exception() continue for service in host.get("services", []): self.insert_ports( ip_address=ip, port=service["port"], protocol=service["transport_protocol"], banner=service.get("banner"), notes=service["service_name"], )
def module_run(self, companies): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for company in companies: company = company.strip('"') self.heading(company, level=0) try: query = c.search( f'services.tls.certificates.leaf_data.subject.organization:"{company}"', virtual_hosts="INCLUDE", ) except CensysException: self.print_exception() continue for hit in query(): ip = hit["ip"] name = hit.get("name") if name: self.insert_domains(domain=name, notes="+".join((ip, name))) common_kwargs = { "ip_address": ip, "host": name, } location = hit.get("location", {}) coords = location.get("coordinates", {}) self.insert_hosts( region=location.get("continent"), country=location.get("country"), latitude=coords.get("latitude"), longitude=coords.get("longitude"), **common_kwargs, ) for service in hit.get("services", []): self.insert_ports( port=service["port"], protocol=service["transport_protocol"], notes=service["service_name"], **common_kwargs, )
def module_run(self, companies): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for company in companies: company = company.strip('"') self.heading(company, level=0) try: report = c.aggregate( "same_service(services.tls.certificates.leaf_data.subject.email_address:*" " and " f'services.tls.certificates.leaf_data.subject.organization:"{company}")', field="services.tls.certificates.leaf_data.subject.email_address", num_buckets=int(self.options.get("NUM_BUCKETS", "100")), ) except CensysException: self.print_exception() continue for bucket in report.get("buckets", []): email = bucket.get("key") self.insert_contacts(email=email)
def module_run(self, domains): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for domain in domains: domain = domain.strip('"') self.heading(domain, level=0) try: query = c.search( f"{domain}", per_page=int(self.options.get("PER_PAGE", "100")), pages=int(self.options.get("PAGES", "1")), virtual_hosts=self.options.get("VIRTUAL_HOSTS", "ONLY"), ) except CensysException: self.print_exception() continue for hit in query(): common_kwargs = { "ip_address": hit["ip"], "host": hit.get("name"), } location = hit.get("location", {}) coords = location.get("coordinates", {}) self.insert_hosts( region=location.get("continent"), country=location.get("country"), latitude=coords.get("latitude"), longitude=coords.get("longitude"), **common_kwargs, ) for service in hit.get("services", []): self.insert_ports( port=service["port"], protocol=service["transport_protocol"], notes=service["service_name"], **common_kwargs, )
def module_run(self, domains): api_id = self.get_key("censysio_id") api_secret = self.get_key("censysio_secret") c = CensysHosts(api_id, api_secret) for domain in domains: domain = domain.strip('"') self.heading(domain, level=0) try: report = c.aggregate( "same_service(services.tls.certificates.leaf_data.names:" f" {domain} and" " services.tls.certificates.leaf_data.subject.organization: *)", field= "services.tls.certificates.leaf_data.subject.organization", num_buckets=int(self.options.get("NUM_BUCKETS", "100")), ) except CensysException: self.print_exception() continue for bucket in report.get("buckets", []): company = bucket.get("key") self.insert_companies(company=company, description=f"Domain: {domain}")
def run(self, conf, args, plugins): if 'subcommand' in args: if args.subcommand == 'ip': api = CensysHosts(conf['Censys']['id'], conf['Censys']['secret']) if args.events: res = api.view_host_events(args.IP) print( json.dumps(res, sort_keys=True, indent=4, separators=(',', ': '))) else: try: ip = api.view(args.IP) print( json.dumps(ip, sort_keys=True, indent=4, separators=(',', ': '))) except censys.base.CensysNotFoundException: print('IP not found') elif args.subcommand == 'cert': try: print( "Viewing certs is not implemented yet, seeing hosts for this cert:" ) c = CensysCerts(conf['Censys']['id'], conf['Censys']['secret']) res = c.get_hosts_by_cert(args.ID) except censys.base.CensysNotFoundException: print("Certificate not found") else: print( json.dumps(res, sort_keys=True, indent=4, separators=(',', ': '))) elif args.subcommand == 'subdomains': subdomains = self.get_subdomains(conf, args.DOMAIN, args.verbose) for d in subdomains: print(d) elif args.subcommand == 'search': api = CensysHosts(conf['Censys']['id'], conf['Censys']['secret']) if args.file: with open(args.QUERY) as f: query = f.read().strip() else: query = args.QUERY print("Searching for {}".format(query)) if args.output: fout = open(args.output, "w+") total = 0 for page in api.search(query, per_page=100, pages=args.pages): if args.output: for host in page: if args.verbose: fout.write("{},{},{},{}\n".format( host["ip"], host["location"]["country"], host["autonomous_system"]["asn"], host["autonomous_system"]["name"])) else: fout.write("{}\n".format(host["ip"])) total += len(page) print("{} ips written in {}".format( total, args.output)) else: for host in page: if args.verbose: try: print("{} - [{}] - [{}]".format( host["ip"], ", ".join([ str(a["port"]) + "/" + a["service_name"] for a in host["services"] ]), host["autonomous_system"]["asn"] + " / " + host["autonomous_system"]["name"])) except KeyError: print(host["ip"]) else: print(host["ip"]) # To avoid rate limiting time.sleep(0.5) else: self.parser.print_help() else: self.parser.print_help()
class CensysHNRI: """Searches the Censys API for the user's current IP to scan for risks.""" HIGH_RISK_DEFINITION: List[str] = ["TELNET", "REDIS", "POSTGRES", "VNC"] MEDIUM_RISK_DEFINITION: List[str] = ["SSH", "HTTP", "HTTPS"] def __init__(self, api_id: Optional[str] = None, api_secret: Optional[str] = None): """Inits CensysHNRI. Args: api_id (str): Optional; The API ID provided by Censys. api_secret (str): Optional; The API secret provided by Censys. """ self.index = CensysHosts(api_id, api_secret) @staticmethod def get_current_ip() -> str: """Uses ipify.org to get the current IP address. Returns: str: IP address. """ response = requests.get("https://api.ipify.org?format=json") current_ip = str(response.json().get("ip")) return current_ip def translate_risk(self, services: List[dict]) -> Tuple[List[dict], List[dict]]: """Interpret protocols to risks. Args: services (list): List of services. Returns: Tuple[list, list]: Lists of high and medium risks. """ high_risk = [] medium_risk = [] for service in services: service_name = service.get("service_name") if service_name in self.HIGH_RISK_DEFINITION: high_risk.append(service) elif service_name in self.MEDIUM_RISK_DEFINITION: medium_risk.append(service) else: medium_risk.append(service) return high_risk, medium_risk def make_risks_into_table(self, title: str, risks: List[dict]) -> Table: """Creates a table of risks. Args: title (str): Title of the table. risks (list): List of risks. Returns: Table: Table of risks. """ table = Table("Port", "Service Name", title=title, box=box.SQUARE) for risk in risks: table.add_row(str(risk.get("port")), risk.get("service_name")) return table def risks_to_string(self, high_risks: list, medium_risks: list) -> List[Any]: """Risks to printable string. Args: high_risks (list): Lists of high risks. medium_risks (list): Lists of medium risks. Raises: CensysCLIException: No information/risks found. Returns: list: Printable objects for CLI. """ len_high_risk = len(high_risks) len_medium_risk = len(medium_risks) if len_high_risk + len_medium_risk == 0: raise CensysCLIException response: List[Any] = [] if len_high_risk > 0: response.append( self.make_risks_into_table( ":exclamation: High Risks Found", high_risks, )) else: response.append("You don't have any High Risks in your network\n") if len_medium_risk > 0: response.append( self.make_risks_into_table( ":grey_exclamation: Medium Risks Found", medium_risks, )) else: response.append( "You don't have any Medium Risks in your network\n") return response def view_current_ip_risks(self): """Gets protocol information for the current IP and returns any risks.""" current_ip = self.get_current_ip() try: console.print(f"Searching for information on {current_ip}...") results = self.index.view(current_ip) services = results.get("services", []) high_risk, medium_risk = self.translate_risk(services) for res in self.risks_to_string(high_risk, medium_risk): console.print(res) console.print( f"\nFor more information, please visit: https://search.censys.io/hosts/{current_ip}" ) except (CensysNotFoundException, CensysCLIException): console.print( "[green]:white_check_mark: No Risks were found on your network[/green]" )