Example Queries

Use these example queries to explore your ASM inventory. Build your own queries using Censys Search Language (CSL) syntax.

General queries

Query description	Query syntax	Run query in ASM
Find assets with risk	`risks: *`	Try it
List assets with a tag	`tags: {example, example2}`	Try it
Find all assets with a useful keyword in their name	`web_entity.name: /.dev./ OR certificate.names: /.dev./ OR domain.name: /.dev./ OR storage_bucket.name: /.dev./`	Try it

Host queries

Query description	Query syntax	Run query in ASM
Find hosts whose IP address is within a range, written using CIDR notation or using initial and terminal values in brackets	`host.ip: 2.255.190.0/24` OR `host.ip: [2.0.0.0 to 3.0.0.0}`	Try it Try it
Find SSH services running on non-standard ports	`host.services: (service_name:ssh and not port:{22, 2222})}`	Try it
Find hosts that support SSLv3, TLSv1.0, and TLSv1.1	`host.services.tls.versions.tls_version: {SSLv3, TLSv1_0, TLSv1_1}`	Try it
Find web entities that support SSLv3, TLSv1.0, and TLSv1.1	`web_entity.instances.tls.versions.tls_version= {SSLv3, TLSv1_0, TLSv1_1}`	Try it

Web entity queries

Query description	Query syntax	Run query in ASM
Find web entities that are serving one of the following HTTP applications	`web_entity.instances.service_name: {Elasticsearch, Kubernetes, Prometheus}`	Try it
Find web entities that are redirecting to another location	`web_entity.instances: (not port: 80 and http.response.status_code: [301 to 308])`	Try it
Find web entities that are using a plain HTTP connection	`web_entity.instances: (not port: 80 and extended_service_name: HTTP)`	Try it

Vulnerability and risk queries

Query description	Query syntax	Run query in ASM
Web entities with high-severity risks	`type: WEB_ENTITY and risks.severity: 'High'`	Try it
Identify services with executables presenting in the HTTP body	`host.services.http.response.body: .exe or web_entity.instances.http.response.body: .exe`	Try it
List assets with a recently detected risk	`risks.discovered_at: [2023-08-20 to *]`	Try it
Find potentially unknown assets with severe risks	`risks.severity:{critical, high} and source:"censys scan"`	Try it
Find newly discovered assets with a risk	`association_date: {2023-08-20 to } and risks: `	Try it
Find hosts presenting a self-signed certificate	`host.services.tls.certificate.parsed.signature.self_signed: true or web_entity.instances.tls.certificate.parsed.signature.self_signed: true`	Try it
Find hosts presenting a certificate whose trust status is revoked	`host.services.tls.certificate.revoked: true or web_entity.instances.tls.certificate.revoked: true`	Try it

Potential shadow cloud

Query description	Query syntax	Run query in ASM
Search for hosts located in data centers outside of your sanctioned clouds	`host.ip: * and not host.cloud:{aws, ovh}`	Try it
Search for potentially unknown hosts in major Cloud Providers	`source:"censys scan" and host.cloud: {"Amazon Aws", "Google Cloud", "Microsoft Azure", "Alibaba Cloud", "Soft Layer Technologies Inc.", "Tencent Cloud", "Digital Ocean Inc.", "Hetzner Online", "Verizon Communications Inc.", "Oracle Cloud", "Huawei Cloud Service", "US Signal", "Switch Communications Group LLC", "Internap Corporation", "Tier Point LLC", "American Internet Services", "Arvixe", "Cologix Inc.", "Confluence Networks Inc."}`	Try it

Updated 20 days ago