NSE script which leverages the Censys Search API for passive data collection
NSE script using the Censys Search API, allowing you to passively gather information about hosts.
Simple place the censys-api.nse script into your nmap scripts folder. e.g:
cp censys-api.nse /usr/share/nmap/scripts/
If nmap
is installed on macOS via Homebrew, the scripts folder might instead be located at /usr/local/share/nmap/scripts/
.
cp censys-api.nse /usr/local/share/nmap/scripts/
Invoke the script like you would any other NSE script:
nmap -sn -Pn -n --script censys-api scanme.nmap.org
The Censys API ID and secret can be set with the apiid
and apisecret
script arguments, CENSYS_API_ID
and CENSYS_API_SECRET
environment variables, or hardcoded in the .nse file itself. You can get free API credentials from https://search.censys.io/account/api.
The results can be written to file with the outfile script argument censys-api.outfile
.
nmap will still scan the target host normally. If you only want to look up the target in Censys you need to include the -sn -Pn -n
flags.
$ nmap -sn -Pn -n --script censys-api scanme.nmap.org
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-03 12:02 EST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up.
Host script results:
| censys-api: Report for 45.33.32.156 ()
| PORT PROTO SERVICE PRODUCT VERSION
| 22 TCP SSH OpenSSH 6.6.1p1
| 80 TCP HTTP HTTPD 2.4.7
| 123 UDP NTP
|_9929 TCP UNKNOWN
Post-scan script results:
|_censys-api: Censys done: 1 hosts up.
Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds
nmap --script-help censys-api.nse