censys
$
npx mdskill add taracodlabs/aiden/censysLooks up internet-exposed assets using Censys data
- Finds hosts, certificates, and services visible on the public internet
- Uses Censys API for real-time asset discovery and TLS certificate analysis
- Queries based on IP, domain, certificate details, or network ranges
- Returns structured results with port data, TLS info, and host metadata
SKILL.md
.github/skills/censysView on GitHub ↗
---
name: censys
description: "Censys lookups: hosts, certificates, services on the public internet"
category: security
version: 1.0.0
license: Apache-2.0
origin: aiden
tags: security, censys, osint, recon, ports, certificates, tls, asset-discovery, internet-scan
env_required:
- CENSYS_API_ID
- CENSYS_API_SECRET
---
# Censys — Internet Asset Discovery
Censys continuously scans the public internet and indexes detailed metadata about every reachable host: open ports, running services, TLS certificates, and BGP routing information. Complementary to Shodan with different scanner vantage points and richer certificate data.
**Requires:** `CENSYS_API_ID` and `CENSYS_API_SECRET` — free tier at https://search.censys.io/register (0.4 req/sec, 250 queries/month).
## When to Use
- Look up what Censys sees on a specific IP address
- Discover internet-exposed assets for a given organisation or ASN
- Investigate TLS certificates — find all hosts sharing a certificate or subject
- Security audit: verify which services are visible from the public internet
- User asks "what does Censys show for IP X", "find hosts with this certificate", "look up ASN exposure"
## How to Use
### Look up a specific host by IP
```powershell
$ip = "8.8.8.8"
$id = $env:CENSYS_API_ID
$secret = $env:CENSYS_API_SECRET
$b64 = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${id}:${secret}"))
$headers = @{ Authorization = "Basic $b64" }
$result = Invoke-RestMethod -Uri "https://search.censys.io/api/v2/hosts/$ip" -Headers $headers
$r = $result.result
Write-Host "IP: $($r.ip)"
Write-Host "AS: $($r.autonomous_system.name) (ASN $($r.autonomous_system.asn))"
Write-Host "Country: $($r.location.country)"
Write-Host "Open ports:"
$r.services | ForEach-Object {
Write-Host " $($_.port)/$($_.transport_protocol) — $($_.service_name)"
}
```
### Search with a query string
```powershell
$query = "services.service_name: HTTP and location.country_code: IN"
$b64 = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("$($env:CENSYS_API_ID):$($env:CENSYS_API_SECRET)"))
$headers = @{ Authorization = "Basic $b64" }
$encoded = [Uri]::EscapeDataString($query)
$result = Invoke-RestMethod -Uri "https://search.censys.io/api/v2/hosts/search?q=$encoded" -Headers $headers
Write-Host "Total matches: $($result.result.total)"
$result.result.hits | Select-Object -First 10 | ForEach-Object {
Write-Host " $($_.ip) — $($_.autonomous_system.name) ($($_.location.country_name))"
}
```
### Look up a TLS certificate by SHA-256 fingerprint
```powershell
$sha256 = "YOUR_CERT_SHA256_HERE"
$b64 = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("$($env:CENSYS_API_ID):$($env:CENSYS_API_SECRET)"))
$headers = @{ Authorization = "Basic $b64" }
$result = Invoke-RestMethod -Uri "https://search.censys.io/api/v2/certificates/$sha256" -Headers $headers
$parsed = $result.result.parsed
Write-Host "Subject: $($parsed.subject_dn)"
Write-Host "Issuer: $($parsed.issuer_dn)"
Write-Host "Valid: $($parsed.validity.start) → $($parsed.validity.end)"
Write-Host "SANs: $($parsed.names_from_san -join ', ')"
```
## Examples
**"What is exposed on IP 1.2.3.4?"**
→ Host lookup: returns open ports, service names, ASN, and location.
**"Find all exposed Redis servers in Germany"**
→ Query: `services.service_name: REDIS and location.country_code: DE`
**"Who else uses this TLS certificate?"**
→ Certificate lookup by SHA-256 fingerprint — shows SAN names and validity.
**"Show me all hosts in ASN 15169"**
→ Query: `autonomous_system.asn: 15169`
## Cautions
- Free tier: 250 queries/month, 0.4 req/sec — pace bulk operations with `Start-Sleep -Milliseconds 2500`
- Censys data reflects last scan date — real-time state may differ
- Host lookup counts against your monthly quota
- Certificate search may return expired or revoked certs — check validity dates
- Never use Censys results to attempt unauthorised access; recon and awareness only
## Requirements
- `CENSYS_API_ID` and `CENSYS_API_SECRET` — free account at https://search.censys.io/register
More from taracodlabs/aiden
- ade-footerInstalled skill — add instructions here
- archon-bridgeUnified portfolio + order routing across Zerodha, Upstox, Angel One
- clipboard-historyRead/write Windows clipboard text, HTML, images, history (PowerShell)
- code_executionRunning scripts and code on Windows
- create_txt_fileCreates a text file with specified content at a given path
- crt.shEnumerate subdomains and TLS certs via CT logs (no API key needed)
- currently_running_processesShow me my currently running processes.
- cveapiCVE lookup via MITRE + NVD: severity, CVSS, affected products, refs
- decrease_volume_littleDecreases the system volume by a small amount.
- defender-quickscanWindows Defender: scans, threat history, signatures (PowerShell)