Grab is a python tool designed to simplify the process of collecting target IP addresses from Censys, a powerful search engine for discovering internet-connected devices.
Collect candidate IPs for your security tests, then feed these hosts to tools like Jaeles, Nuclei, other CVE check tools, or open-source POC scripts.
- Installation:
pip install censys
- Censys API Credentials: Obtain your API ID and API Secret from the Censys website: https://censys-python.readthedocs.io/en/stable/quick-start.html and add them to your configuration.
-
services.http.response.headers: (key: server and value: e*mail)
-
Target systems located in specific countries:
location.country: {Canada, Chile, Honduras, Mexico, "United States", Uruguay} -
h.search( query=query, fields=["ip", "services.port", "services.service_name"] )
-
services.service_name: HTTP
-
Discover HTTP servers with a specific ETag value:
services.http.response.headers: (key:Etagand value.headers:"6001043d.16d") -
services.http.response.html_title: "your dashboard"
To generate queries, use this GPT tool created by Censys:
To add features to Grab, consult the Censys documentation:
https://censys-python.readthedocs.io/en/stable/usage-v2.html
Use this script to obtain a list of successful responses.