Censys Search

censys search provides visibility into internet exposed devices and services, aiding in security assessments and asset management censys search is a powerful platform for discovering and analyzing internet connected devices and services this connector allows swimlane turbine users to seamlessly integrate censys search capabilities into their security automation workflows by leveraging this integration, users can enhance asset management, automate host and service discovery, and streamline tagging and commenting processes, ultimately improving threat detection and response efficiency censys search empowers users with the most comprehensive, accurate, and up to date map of the internet for proactive and reactive security analysis at scale prerequisites before you can use the censys search connector for turbine, you'll need access to the censys api this requires the following http bearer authentication using the following parameters url the endpoint url for accessing censys api token a bearer token such as a jwt for authentication http basic authentication using the following parameters url the endpoint url for accessing censys api api id your unique api identifier for authentication api secret the secret key associated with your api id for secure access capabilities the censys search connector provides the following capabilities add comments about a given host create a new tag create a tag v3 get a host get metadata from host retrieve tags for a host returns comments about a given host run a search query search host search host by ip update a tag update a tag v3 limitations only search and metadata actions are available for free users to access tags and comments actions, a commercial account is required api documentation for more information on censys search censys search api https //search censys io/api#/ configurations censys platform http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api id string required password api secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional censys platform http bearer authentication censys platform authenticates using bearer token such as a jwt configuration parameters parameter description type required url a url to the target host string required token bearer token for censys platform string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add comments about a given host add a user defined comment to a host in censys using the ip address and specified content endpoint url /api/v2/hosts/{{ip}}/comments method post input argument name type required description path parameters ip string required the ip address of the requested host contents string optional response content input example {"json body" {"contents" " this is a comment "},"path parameters" {"ip" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result ip string result of the operation result author id string unique identifier result contents string response content result created at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si create a new tag create a new tag in censys with the specified name to enhance asset management endpoint url /api/v2/tags method post input argument name type required description name string optional name of the resource metadata object optional response data metadata color string optional response data input example {"json body" {"name" "tag name","metadata" {"color" "ff6113"}}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result name string name of the resource result metadata object response data result metadata color string response data result created at string result of the operation result updated at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si create a tag v3 create a new tag in your censys search organization to label and organize assets requires organization id, name, and privacy settings endpoint url v3/tags method post input argument name type required description parameters organization id string required the id of a censys organization to associate the request with headers object optional http headers for the request headers x organization id string optional the id of a censys organization to associate the request with headers accept string optional generated from available response content types description string optional a human readable description of the tag name string optional the display name of the tag must be unique within the organization privacy string optional tag visibility and management settings private tags are only visible to and editable by organization admins shared tags are visible to and editable by all organization members input example {"parameters" {"organization id" "11111111 2222 3333 4444 555555555555"},"json body" {"description" "this is a test tag","name" "test tag","privacy" "private"},"headers" {"x organization id" "11111111 2222 3333 4444 555555555555","accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase result object result of the operation result created at string result of the operation result created by string result of the operation result description string result of the operation result id string unique identifier result name string name of the resource result privacy string result of the operation result updated at string result of the operation output example {"status code" 201,"response headers" {},"reason" "created","json body" {"result" {"created at" "2026 05 12t16 51 58 609z","created by" "3fa85f64 5717 4562 b3fc 2c963f66afa6","description" "string","id" "3fa85f64 5717 4562 b3fc 2c963f66afa6","name" "string","privacy" "private","updated at" "2026 05 12t16 51 58 609z"}}} get a host retrieve detailed information about a single host using its ip address as the host id in censys search endpoint url v3/global/asset/host/{{host id}} method get input argument name type required description parameters organization id string optional the id of a censys organization to associate the request with parameters at time string optional rfc3339 timestamp to view a host at a specific point in time must be a valid rfc3339 string ensure that you suffix the date with "t00 00 00z " or a specific time path parameters host id string required the ip address of the host to retrieve headers object optional http headers for the request headers x organization id string optional the id of a censys organization to associate the request with headers accept string optional generated from available response content types input example {"parameters" {"organization id" "test 123456","at time" "2026 05 12t00 00 00z"},"path parameters" {"host id" "8 8 8 8"},"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase result object result of the operation result resource object result of the operation result resource ip string result of the operation result resource location object result of the operation result resource location continent string result of the operation result resource location country string result of the operation result resource location country code string result of the operation result resource location city string result of the operation result resource location postal code string result of the operation result resource location timezone string result of the operation result resource location province string result of the operation result resource location coordinates object result of the operation result resource location coordinates latitude number result of the operation result resource location coordinates longitude number result of the operation result resource autonomous system object result of the operation result resource autonomous system asn number result of the operation result resource autonomous system description string result of the operation result resource autonomous system bgp prefix string result of the operation result resource autonomous system name string name of the resource result resource autonomous system country code string result of the operation result resource whois object result of the operation result resource whois network object result of the operation result resource whois network handle string result of the operation output example {"status code" 200,"response headers" {"date" "tue, 12 may 2026 07 27 56 gmt","content type" "application/vnd censys api v3 host v1+json","transfer encoding" "chunked","connection" "keep alive","x request id" "159eb614 e35d 88ce 6083 445b30b47bfd","strict transport security" "max age=2592000; includesubdomains; preload","x content type options" "nosniff","x frame options" "deny","cf cache status" "dynamic","set cookie" " cf bm=qknf3 ajaxvgqvzyap1wufxcthtk7h7kmbqg6hbrymk 1778570875 5542178 1 0 1 get metadata from host retrieve a list of services scanned by censys, usable as 'services service name' values in search queries endpoint url /api/v2/metadata/hosts method get output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result services array result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si retrieve tags for host retrieve a list of tags for a specified host in censys using the unique host identifier endpoint url /api/v2/tags/{{id}}/hosts method get input argument name type required description path parameters id string required the unique id of the tag input example {"path parameters" {"id" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result hosts array result of the operation result hosts ip string result of the operation result hosts tagged at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si returns comments about a given host retrieve user generated comments for a specified host ip address in censys search using the required path parameter 'ip' endpoint url /api/v2/hosts/{{ip}}/comments method get input argument name type required description path parameters ip string required the ip address of the requested host input example {"path parameters" {"ip" ""}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result ip string result of the operation result comments array result of the operation result comments id string unique identifier result comments ip string result of the operation result comments author id string unique identifier result comments contents string response content result comments created at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si run a search query run a search query across censys data using the specified json body with the required 'query' parameter endpoint url v3/global/search/query method post input argument name type required description parameters organization id string optional the id of a censys organization to associate the request with headers object optional http headers for the request headers x organization id string optional the id of a censys organization to associate the request with headers accept string optional generated from available response content types fields array optional specify fields to only return in the response if you provide fields and omit host services port, host services transport protocol, and host services protocol, then matched services will not be returned in the response page size number optional number of results to return to per page the default and maximum is 100 page token string optional page token for the requested page of search results query string optional cenql query string to search upon input example {"parameters" {"organization id" "11111111 2222 3333 4444 555555555555"},"json body" {"fields" \["host ip"],"page size" 10,"page token" "nextpagetoken","query" "host services (protocol=ssh and not port 22)"},"headers" {"x organization id" "11111111 2222 3333 4444 555555555555","accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase result object result of the operation result hits array result of the operation result hits certificate v1 object result of the operation result hits certificate v1 extensions object result of the operation result hits certificate v1 resource object result of the operation result hits certificate v1 resource added at string result of the operation result hits certificate v1 resource ct object result of the operation result hits certificate v1 resource ever seen in scan boolean result of the operation result hits certificate v1 resource fingerprint md5 string result of the operation result hits certificate v1 resource fingerprint sha1 string result of the operation result hits certificate v1 resource fingerprint sha256 string result of the operation result hits certificate v1 resource modified at string result of the operation result hits certificate v1 resource names array name of the resource result hits certificate v1 resource parent spki fingerprint sha256 string result of the operation result hits certificate v1 resource parent spki subject fingerprint sha256 string result of the operation result hits certificate v1 resource parse status string status value result hits certificate v1 resource parsed object result of the operation result hits certificate v1 resource precert boolean result of the operation result hits certificate v1 resource revocation object result of the operation result hits certificate v1 resource revoked boolean result of the operation result hits certificate v1 resource spki fingerprint sha256 string result of the operation result hits certificate v1 resource spki subject fingerprint sha256 string result of the operation result hits certificate v1 resource tbs fingerprint sha256 string result of the operation output example {"status code" 200,"response headers" {"date" "tue, 12 may 2026 07 27 56 gmt","content type" "application/vnd censys api v3 host v1+json","transfer encoding" "chunked","connection" "keep alive","x request id" "159eb614 e35d 88ce 6083 445b30b47bfd","strict transport security" "max age=2592000; includesubdomains; preload","x content type options" "nosniff","x frame options" "deny","cf cache status" "dynamic","set cookie" " cf bm=qknf3 ajaxvgqvzyap1wufxcthtk7h7kmbqg6hbrymk 1778570875 5542178 1 0 1 search host execute a search in censys for specific host or service attributes, returning a summary list of matching hosts endpoint url /api/v2/hosts/search method get input argument name type required description parameters q string optional query used to search for hosts with matching attributes uses the censys search language parameters per page number optional the maximum number of hits to return in each response (minimum of 1, maximum of 100) parameters virtual hosts string optional determine how to query virtual hosts the default is exclude which will ignore any virtual hosts entries when set to include or only virtual hosts will be present in the returned list of hits, with the later returning only virtual hosts parameters sort string optional sort the results parameters cursor string optional cursor token from the api response, which fetches the next or previous page of hits when added to the endpoint url parameters fields string optional comma separated list of up to 25 fields to be returned for each result (this parameter is only available to paid users) input example {"parameters" {"q" "services service name http","per page" 50,"virtual hosts" "exclude","sort" "relevance","cursor" "nextcursortoken","fields" "ip,services"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result query string result of the operation result total number result of the operation result duration number result of the operation result hits array result of the operation result hits ip string result of the operation result hits location object result of the operation result hits location city string result of the operation result hits location province string result of the operation result hits location timezone string result of the operation result hits location country string result of the operation result hits location continent string result of the operation result hits location postal code string result of the operation result hits location country code string result of the operation result hits location coordinates object result of the operation result hits location coordinates latitude number result of the operation result hits location coordinates longitude number result of the operation result hits last updated at string result of the operation result hits autonomous system object result of the operation result hits autonomous system description string result of the operation result hits autonomous system bgp prefix string result of the operation output example {"code" 123,"status" "active","result" {"query" "string","total" 123,"duration" 123,"hits" \[{}],"links" {"next" "string","prev" "string"}}} search host by ip retrieve a detailed view of a host's services from censys using the specified ip address endpoint url api/v2/hosts/{{ip}} method get input argument name type required description path parameters ip string required the ip address of the requested host parameters at time string optional fetches the censys view of a host and its services at the specified point in time requires historical api access nanosecond precision is allowed uses rfc3339 timestamp input example {"parameters" {"at time" "2023 10 01t00 00 00z"},"path parameters" {"ip" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result ip string result of the operation result services array result of the operation result services port number result of the operation result services service name string name of the resource result services transport protocol string result of the operation result services extended service name string name of the resource result services dns object result of the operation result services dns server type string type of the resource result services http object result of the operation result services http request object result of the operation result services http request method string http method to use result services http request uri string result of the operation result services http request headers object http headers for the request result services http response object result of the operation result services http response body string request body data result services http response protocol string result of the operation result services http response body size number request body data result services http response status code number status value result services http response status reason string status value result services http response headers object http headers for the request output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si update a tag update a specific tag for a team in censys using the tag's unique identifier and a new name requires 'id' as path parameter and 'name' in json body endpoint url /api/v2/tags/{{id}} method put input argument name type required description path parameters id string required the unique id of the tag name string optional name of the resource metadata object optional response data metadata color string optional response data input example {"json body" {"name" "tag name","metadata" {"color" "ff6113"}},"path parameters" {"id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result name string name of the resource result metadata object response data result metadata color string response data result created at string result of the operation result updated at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si update a tag v3 update an existing tag in your censys search organization using the tag id and organization id only specified fields will be updated, while omitted fields remain unchanged endpoint url v3/tags/{{tag id}} method put input argument name type required description path parameters tag id string required the unique id of the tag to update parameters organization id string required the id of a censys organization to associate the request with headers object optional http headers for the request headers x organization id string optional the id of a censys organization to associate the request with headers accept string optional generated from available response content types description string optional a human readable description of the tag name string optional the display name of the tag must be unique within the organization privacy string optional tag visibility and management settings private tags are only visible to and editable by organization admins shared tags are visible to and editable by all organization members input example {"parameters" {"organization id" "11111111 2222 3333 4444 555555555555"},"json body" {"description" "this is a test tag","name" "test tag","privacy" "private"},"path parameters" {"tag id" "string"},"headers" {"x organization id" "11111111 2222 3333 4444 555555555555","accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase result object result of the operation result created at string result of the operation result created by string result of the operation result description string result of the operation result id string unique identifier result name string name of the resource result privacy string result of the operation result updated at string result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"result" {"created at" "2026 05 12t16 59 08 185z","created by" "3fa85f64 5717 4562 b3fc 2c963f66afa6","description" "string","id" "3fa85f64 5717 4562 b3fc 2c963f66afa6","name" "string","privacy" "private","updated at" "2026 05 12t16 59 08 185z"}}} response headers header description example access control allow credentials http response header access control allow credentials true access control allow headers http response header access control allow headers dnt,keep alive,user agent,x requested with,if modified since,cache control,content type,range,authorization access control allow methods http response header access control allow methods put, get, post, options access control allow origin http response header access control allow origin access control max age http response header access control max age 1728000 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8b706e2cee0579e0 hyd connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json date the date and time at which the message was originated tue, 12 may 2026 07 27 56 gmt server information about the software used by the origin server cloudflare set cookie http response header set cookie cf bm=qknf3 ajaxvgqvzyap1wufxcthtk7h7kmbqg6hbrymk 1778570875 5542178 1 0 1 1 uommtu1m5wbeat902jirvfqogtwsjrkpfhu 7hk2nluzt8f4wyuvokllq1vioofmndpvajl2v78byt9temcb94cuuolhmnm9 3kr0qbb0cmbsiw6qrcb h45nvxixx5i; httponly; samesite=none; secure; path=/; domain=censys io; expires=tue, 12 may 2026 07 57 56 gmt strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options deny x request id a unique identifier for the request 159eb614 e35d 88ce 6083 445b30b47bfd