Hacker-friendly search engine ‘Censys’ lets you find internet connected device



I am sure you have not heard about ‘Censys‘. If you know, you are a true geek. Censys is a search engine for hackers who want to search for every single Internet connected devices. Censys search engine daily scans the whole Internet and index the internet connected devices. It can also identify the vulnerability in device and help us in locating vulnerable devices.

Before you judge the search engine and blame it to be a risk for privacy, I want you to know how it helped for a good cause. Security researchers from SEC Consult found that many manufacturers of home routers and Internet of Things (IoT) devices have been keeping the IoT devices at risk by re-using the same set of hard-coded cryptographic keys. As a result of this blunder mistake, around 3 millions of IoT devices are now open to mass hijacking. And this number was confirmed with the help of Censys.

How Does Censys Work?

Censys search engine has set of crawlers which daily scans the IPv4 address space and collects information on hosts and websites. Basically it uses two tools:

  • ZMap – an open-source network scanner
  • ZGrab – an application layer scanner

Censys also supports various search operators to refine search and use this search engine effectively to find what you are exactly looking for. It is worth to mention that “Censys only allows five queries per day without registration to prevent abuse.” This kind of limitation will prevent the bad hackers. For accessing more data, a person will create an account which could be trackable.

Censys is an open source project, so anyone can contribute in improving this project. It aims to maintain “complete database of everything on the Internet”. This is why, this is useful but dangerous as well.

You can read the whole research paper to know more about Censys in details

Interesting thing is that they also offer API. SO, developers can also create applications using the data of Censys.