Censys

Censys is a search engine for devices connected to the internet. Censys was created in 2015 at the University of Michigan by the security researchers who developed ZMap.

Censys continuously scans and logs devices on the internet:

1. Metasploit also has a built-in auxiliary that allows us to do a Censys scan. We can use the censys keyword in the module search to locate the script:

2. Clicking on the module will take us to the options page, but before we do that, we need to log in to our account on censys.io and get API ID and Secret, which will be used in the module:

3. We enter API ID and Secret in the module options and specify the domain name as the target address. We're using packtpub.com as an example:

4. Clicking on the Run Module will create a new task. The auxiliary will search for different hosts and their ports. The results will be printed as shown in the following screenshot:

Metasploit also has modules to search the Shodan and Zoomeye databases, as shown in the following screenshot:

The following screenshot shows the output from the shodan_search module:

5. To run the Zoomeye module, we can search for the zoomeye keyword and run the module just as we did for Shodan. This is shown in the following screenshot:

Next, we will learn about SSL recon.