This page lists every field whose value can be searched within the Hosts dataset.

The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.

Hosts Categories List

Host Information

Service Information

Host DNS

Host Location

Host Operating System

Host Autonomous System

LABELS

Software

Misc

TLS

HTTP

SSH

TELNET

FTP

DNS

ACTIVEMQ

AMQP

ANY_CONNECT

BACNET

CHECKPOINT_TOPOLOGY

COAP

COBALT_STRIKE

CWMP

DARKCOMET

DARKGATE

DHCPDISCOVER

DNP3

EIP

ELASTICSEARCH

ELF_FILE

EPMD

ETHEREUM

FORTIGATE

FOX

IKE

IMAP

IPMI

IPP

KRPC

KUBERNETES

L2TP

LDAP

MEMCACHED

MMS

MODBUS

MONERO_P2P

MONGODB

MQTT

MSSQL

MYSQL

NTP

OPC_UA

OPENVPN

ORACLE

PC_ANYWHERE

PENDING_REMOVAL_SINCE

POP3

POSTGRES

PPTP

PROMETHEUS

RDP

REDIS

ROCKETMQ

S7

SIP

SKINNY

SMB

SMTP

SNMP

SOCKS

SSDP

TEAM_VIEWER

TPLINK_KASA

UPNP

VNC

X11

ZEROMQ

Host Information

Path	Type	Docs
ip	ip
last_updated_at	date
name	text
service_count	integer
truncated	boolean

Service Information

Path	Type	Docs
services	nested
services.banner	text
services.banner_hashes	text
services.banner_hex	text
services.discovery_method	text
services.extended_service_name	text
services.parsed	object
services.perspective_id	text
services.port	integer
services.service_name	text
services.source_ip	ip
services.transport_protocol	text
services.truncated	boolean

Host DNS

Path	Type	Docs
dns	object
dns.names	text	Names that resolve to the host
dns.reverse_dns	object
dns.reverse_dns.names	text
dns.reverse_dns.resolved_at	date

Host Location

Path	Type	Docs
location	object
location.city	text	The English name of the detected city.
location.continent	keyword	The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
location.coordinates	object	The estimated coordinates of the detected location.
location.coordinates.latitude	double
location.coordinates.longitude	double
location.country	text	The English name of the detected country.
location.country_code	keyword	The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.postal_code	keyword	The postal code (if applicable) of the detected location.
location.province	text	The state or province name of the detected location.
location.registered_country	text	The English name of the registered country.
location.registered_country_code	keyword	The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.timezone	text	The IANA time zone database name of the detected location.

Host Operating System

Path	Type	Docs
operating_system	object
operating_system.component_uniform_resource_identifiers	text	URIs of software components related to the identified software.
operating_system.cpe	text	CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
operating_system.edition	text	Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
operating_system.language	text	Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
operating_system.other	object	Other attributes describing the identified software
operating_system.other.key	text
operating_system.other.value	text
operating_system.part	keyword	Defines the class of this software, a for application, o for operating system, h for hardware devices.
operating_system.product	text	Identifies the most common and recognizable title or name of the product.
operating_system.source	text	Defines the source that this software information was derived from.
operating_system.sw_edition	text	Characterizes how the product is tailored to a particular market or class of end users.
operating_system.target_hw	text	Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
operating_system.target_sw	text	Characterizes the software computing environment within which the product operates.
operating_system.update	text	Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
operating_system.vendor	text	Identifies the person or organization that manufactured or created the product.
operating_system.version	text	Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

Host Autonomous System

Path	Type	Docs
autonomous_system	object
autonomous_system.asn	unsigned_long	The ASN (autonomous system number) of the host's autonomous system.
autonomous_system.bgp_prefix	ip_range	The autonomous system's CIDR.
autonomous_system.country_code	keyword	The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
autonomous_system.description	text	Brief description of the autonomous system.
autonomous_system.name	text	The friendly name of the autonomous system.
autonomous_system.organization	text	The name of the organization managning the autonomous system.

LABELS

Path	Type	Docs
labels	text
services.labels	text

Software

Path	Type	Docs
services.software	nested
services.software.component_uniform_resource_identifiers	text	URIs of software components related to the identified software.
services.software.cpe	text	CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
services.software.edition	text	Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
services.software.language	text	Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
services.software.other	object	Other attributes describing the identified software
services.software.other.key	text
services.software.other.value	text
services.software.part	keyword	Defines the class of this software, a for application, o for operating system, h for hardware devices.
services.software.product	text	Identifies the most common and recognizable title or name of the product.
services.software.source	text	Defines the source that this software information was derived from.
services.software.sw_edition	text	Characterizes how the product is tailored to a particular market or class of end users.
services.software.target_hw	text	Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
services.software.target_sw	text	Characterizes the software computing environment within which the product operates.
services.software.update	text	Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
services.software.vendor	text	Identifies the person or organization that manufactured or created the product.
services.software.version	text	Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
services.transport_fingerprint	object
services.transport_fingerprint.id	integer
services.transport_fingerprint.os	text
services.transport_fingerprint.quic	object
services.transport_fingerprint.quic.versions	unsigned_long	Raw versions presented in the QUIC version negotiation packet, if any.
services.transport_fingerprint.raw	text

Misc

Path	Type	Docs
whois	object
whois.network	object
whois.network.cidrs	ip_range	A set of CIDRs describing the range.
whois.network.handle	text
whois.network.name	text
whois.organization	object
whois.organization.abuse_contacts	object
whois.organization.abuse_contacts.email	text
whois.organization.abuse_contacts.handle	text
whois.organization.abuse_contacts.name	text
whois.organization.address	text
whois.organization.admin_contacts	object
whois.organization.admin_contacts.email	text
whois.organization.admin_contacts.handle	text
whois.organization.admin_contacts.name	text
whois.organization.city	text
whois.organization.country	text
whois.organization.handle	text
whois.organization.name	text
whois.organization.postal_code	text
whois.organization.state	text
whois.organization.street	text
whois.organization.tech_contacts	object
whois.organization.tech_contacts.email	text
whois.organization.tech_contacts.handle	text
whois.organization.tech_contacts.name	text

TLS

Path	Type	Docs
services.certificate	text
services.jarm	object
services.jarm.cipher_and_version_fingerprint	text	The first 30 byte portion of the Jarm fingerprint.
services.jarm.fingerprint	text	The 62 byte Jarm fingerprint of the service.
services.jarm.observed_at	date	The time the service was fingerprinted
services.jarm.tls_extensions_sha256	text	The second 32 byte portion of the Jarm fingerprint
services.tls	object
services.tls.certificate	object
services.tls.certificate.added_at	date	When the certificate was added to the Censys dataset.
services.tls.certificate.ct	object
services.tls.certificate.ct.entries	nested
services.tls.certificate.ct.entries.key	text
services.tls.certificate.ct.entries.value	object
services.tls.certificate.ct.entries.value.added_to_ct_at	date	An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
services.tls.certificate.ct.entries.value.ct_to_censys_at	date	An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
services.tls.certificate.ct.entries.value.index	long	Numerical marker of the certificate's place in the CT log.
services.tls.certificate.ever_seen_in_scan	boolean
services.tls.certificate.fingerprint_md5	text	The MD-5 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha1	text	The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha256	text	The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
services.tls.certificate.modified_at	date	When the certificate record was last modified.
services.tls.certificate.names	text	All the names contained in the certificate from various fields.
services.tls.certificate.parent_spki_subject_fingerprint_sha256	text	The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.parse_status	text
services.tls.certificate.parsed	object	A record containing all of the data parsed from the certificate.
services.tls.certificate.parsed.extensions	object	A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
services.tls.certificate.parsed.extensions.authority_info_access	object	The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls	text
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls	text
services.tls.certificate.parsed.extensions.authority_key_id	text	A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.extensions.basic_constraints	object	The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
services.tls.certificate.parsed.extensions.basic_constraints.is_ca	boolean	Whether the certificate is permitted to sign other certificates.
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len	integer	When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
services.tls.certificate.parsed.extensions.cabf_organization_id	object	CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
services.tls.certificate.parsed.extensions.cabf_organization_id.country	text
services.tls.certificate.parsed.extensions.cabf_organization_id.reference	text
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme	text
services.tls.certificate.parsed.extensions.cabf_organization_id.state	text
services.tls.certificate.parsed.extensions.certificate_policies	nested	The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
services.tls.certificate.parsed.extensions.certificate_policies.cps	text
services.tls.certificate.parsed.extensions.certificate_policies.id	text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice	nested
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text	text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference	object
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers	integer
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization	text
services.tls.certificate.parsed.extensions.crl_distribution_points	text	The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).
services.tls.certificate.parsed.extensions.ct_poison	boolean	Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
services.tls.certificate.parsed.extensions.extended_key_usage	object	The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
services.tls.certificate.parsed.extensions.extended_key_usage.any	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping	boolean
services.tls.certificate.parsed.extensions.extended_key_usage.unknown	text
services.tls.certificate.parsed.extensions.issuer_alt_name	object	The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names	nested	The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id	text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names	text	The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names	nested	The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses	text	The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses	text	The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names	nested	The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id	text	The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value	text	The raw otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids	text	The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers	text	The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.key_usage	object	The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
services.tls.certificate.parsed.extensions.key_usage.certificate_sign	boolean	Whether the keyCertSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.content_commitment	boolean	Whether the contentCommitment (formerly called nonRepudiation) bit is set.
services.tls.certificate.parsed.extensions.key_usage.crl_sign	boolean	Whether the cRLSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.data_encipherment	boolean	Whether the dataEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.decipher_only	boolean	Whether the decipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.digital_signature	boolean	Whether the digitalSignature bit is set.
services.tls.certificate.parsed.extensions.key_usage.encipher_only	boolean	Whether the encipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_agreement	boolean	Whether the keyAgreement bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_encipherment	boolean	Whether the keyEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.value	unsigned_long	The integer value of the bitmask in the extension.
services.tls.certificate.parsed.extensions.name_constraints	object	The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
services.tls.certificate.parsed.extensions.name_constraints.critical	boolean
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names	nested	A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names	nested	A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses	text	A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses	nested	A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin	text	The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr	text	The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end	text	The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask	text	The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.excluded_names	text	A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids	text	A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris	text	A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names	nested	A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names	nested	A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses	text	A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses	nested	A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin	text	The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr	text	The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end	text	The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask	text	The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.permitted_names	text	A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids	text	A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris	text	A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.qc_statements	object
services.tls.certificate.parsed.extensions.qc_statements.ids	text
services.tls.certificate.parsed.extensions.qc_statements.parsed	object
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance	boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url	text
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period	long
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd	boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.types	nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps	nested
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature	object
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm	text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp	date
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version	integer
services.tls.certificate.parsed.extensions.subject_alt_name	object	The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names	nested	The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id	text
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names	text	The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names	nested	The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner	text
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name	text
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses	text	The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses	text	The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names	nested	The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id	text	The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value	text	The raw otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids	text	The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers	text	The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_key_id	text	A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
services.tls.certificate.parsed.extensions.tor_service_descriptors	nested
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name	text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash	text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits	integer
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion	text
services.tls.certificate.parsed.issuer	object	A record containing the parsed contents of the issuer_dn.
services.tls.certificate.parsed.issuer.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.issuer.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.issuer.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.issuer.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.issuer.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.issuer.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.issuer.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.issuer.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.issuer.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.issuer.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.issuer.organization_id	text
services.tls.certificate.parsed.issuer.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.issuer.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.issuer.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.issuer.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.issuer.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.issuer.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.issuer_dn	text	Distinguished Name of the entity that has signed and issued the certificate.
services.tls.certificate.parsed.ja4x	text
services.tls.certificate.parsed.redacted	boolean
services.tls.certificate.parsed.serial_number	text	Issuer-specific identifier of the certificate.
services.tls.certificate.parsed.serial_number_hex	text	Issuer-specific identifier of the certificate, represented as hexadecimal.
services.tls.certificate.parsed.signature	object
services.tls.certificate.parsed.signature.self_signed	boolean	Whether the certificate was signed by its own key.
services.tls.certificate.parsed.signature.signature_algorithm	object
services.tls.certificate.parsed.signature.signature_algorithm.name	text	Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.signature.signature_algorithm.oid	text
services.tls.certificate.parsed.signature.valid	boolean	Whether the signature is valid.
services.tls.certificate.parsed.signature.value	text	Contents of the signature.
services.tls.certificate.parsed.subject	object	A record containing the parsed contents of the subject_dn.
services.tls.certificate.parsed.subject.common_name	text	The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.subject.country	text	The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.subject.domain_component	text	The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.subject.email_address	text	The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.subject.given_name	text	The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.subject.jurisdiction_country	text	The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.subject.jurisdiction_locality	text	The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.subject.jurisdiction_province	text	The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.subject.locality	text	The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.subject.organization	text	The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.subject.organization_id	text
services.tls.certificate.parsed.subject.organizational_unit	text	The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.subject.postal_code	keyword	The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.subject.province	text	The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.subject.serial_number	keyword	The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.subject.street_address	text	The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.subject.surname	text	The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.subject_dn	text	Distinguished Name of the entity associated with the public key.
services.tls.certificate.parsed.subject_key_info	object	Information about the certificate's public key.
services.tls.certificate.parsed.subject_key_info.dsa	object	A record containing the public portion of a DSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.dsa.g	text
services.tls.certificate.parsed.subject_key_info.dsa.p	text
services.tls.certificate.parsed.subject_key_info.dsa.q	text
services.tls.certificate.parsed.subject_key_info.dsa.y	text
services.tls.certificate.parsed.subject_key_info.ecdsa	object	A record containing the public portion of an ECDSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.ecdsa.b	text
services.tls.certificate.parsed.subject_key_info.ecdsa.curve	text
services.tls.certificate.parsed.subject_key_info.ecdsa.gx	text
services.tls.certificate.parsed.subject_key_info.ecdsa.gy	text
services.tls.certificate.parsed.subject_key_info.ecdsa.length	long
services.tls.certificate.parsed.subject_key_info.ecdsa.n	text
services.tls.certificate.parsed.subject_key_info.ecdsa.p	text
services.tls.certificate.parsed.subject_key_info.ecdsa.pub	text
services.tls.certificate.parsed.subject_key_info.ecdsa.x	text
services.tls.certificate.parsed.subject_key_info.ecdsa.y	text
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256	text	The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.subject_key_info.key_algorithm	object	A record containing information about the type of subject key algorithm and any relevant parameters.
services.tls.certificate.parsed.subject_key_info.key_algorithm.name	text	Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid	text
services.tls.certificate.parsed.subject_key_info.rsa	object	A record containing the public portion of an RSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.rsa.exponent	long	The RSA key's public exponent (e).
services.tls.certificate.parsed.subject_key_info.rsa.length	long	Bit-length of the RSA modulus.
services.tls.certificate.parsed.subject_key_info.rsa.modulus	text	The RSA key's modulus (n) in big-endian encoding.
services.tls.certificate.parsed.subject_key_info.unrecognized	object	A record containing known information about an unrecognized key type.
services.tls.certificate.parsed.subject_key_info.unrecognized.raw	text
services.tls.certificate.parsed.unknown_extensions	nested
services.tls.certificate.parsed.unknown_extensions.critical	boolean
services.tls.certificate.parsed.unknown_extensions.id	text
services.tls.certificate.parsed.unknown_extensions.value	text
services.tls.certificate.parsed.validity_period	object	Information about the time for which the certificate is valid.
services.tls.certificate.parsed.validity_period.length_seconds	long	The duration of the certificate's validity period, in seconds.
services.tls.certificate.parsed.validity_period.not_after	date	An RFC-3339-formatted timestamp after which the certificate is no longer valid.
services.tls.certificate.parsed.validity_period.not_before	date	An RFC-3339-formatted timestamp before which the certificate is not valid.
services.tls.certificate.parsed.version	integer
services.tls.certificate.precert	boolean	Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted.
services.tls.certificate.revocation	object	A record containing revocation information, if the certificate has been revoked.
services.tls.certificate.revocation.crl	object
services.tls.certificate.revocation.crl.next_update	date
services.tls.certificate.revocation.crl.reason	text	An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.crl.revocation_time	date	The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.crl.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revocation.ocsp	object
services.tls.certificate.revocation.ocsp.next_update	date
services.tls.certificate.revocation.ocsp.reason	text	An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.ocsp.revocation_time	date	The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.ocsp.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revoked	boolean	Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.spki_subject_fingerprint_sha256	text	The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.tbs_fingerprint_sha256	text	The SHA-256 digest of the unsigned certificate's contents.
services.tls.certificate.tbs_no_ct_fingerprint_sha256	text	The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.
services.tls.certificate.validated_at	date	When the certificate record's trust was last checked.
services.tls.certificate.validation	object	A record containing information from the maintainers of major root certificate stores related to their trust assessment.
services.tls.certificate.validation.apple	object	A record containing validation information about the certificate from the Apple root store.
services.tls.certificate.validation.apple.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.apple.chains.sha256fp	text
services.tls.certificate.validation.apple.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.apple.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.apple.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.apple.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.apple.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.chrome	object	A record containing validation information about the certificate from the Chrome root store.
services.tls.certificate.validation.chrome.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.chrome.chains.sha256fp	text
services.tls.certificate.validation.chrome.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.chrome.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.chrome.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.chrome.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.chrome.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.microsoft	object	A record containing validation information about the certificate from the Microsoft root store.
services.tls.certificate.validation.microsoft.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.microsoft.chains.sha256fp	text
services.tls.certificate.validation.microsoft.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.microsoft.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.microsoft.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.microsoft.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.microsoft.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.nss	object	A record containing validation information about the certificate from the Mozilla NSS root store.
services.tls.certificate.validation.nss.chains	nested	A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.nss.chains.sha256fp	text
services.tls.certificate.validation.nss.ever_valid	boolean	Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.nss.had_trusted_path	boolean	Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.has_trusted_path	boolean	Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.in_revocation_set	boolean	Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.nss.is_valid	boolean	Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.nss.parents	text	The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.nss.type	text	The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation_level	text	The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).
services.tls.certificate.zlint	object	A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.
services.tls.certificate.zlint.errors_present	boolean	Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.failed_lints	text	A list of lint names which failed, if applicable.
services.tls.certificate.zlint.fatals_present	boolean	Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.notices_present	boolean	Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.timestamp	date	An RFC-3339-formated timestamp indicating when the certificate was linted.
services.tls.certificate.zlint.version	long	The version of Zlint used to lint the certificate.
services.tls.certificate.zlint.warnings_present	boolean	Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
services.tls.certificates	object	Certificate and certificate chain details.
services.tls.certificates.chain	object	Certificate chain information.
services.tls.certificates.chain.fingerprint	keyword	SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.certificates.chain.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.chain.subject_dn	text	Distinguished name of the entity that the certificate belongs to.
services.tls.certificates.chain_fps_sha_256	keyword	DEPRECATED (04/30/2021) - Use `chain` instead.
services.tls.certificates.leaf_data	object	The TBS Certificate information.
services.tls.certificates.leaf_data.fingerprint	keyword	SHA256 fingerprint of the TBS certificate.
services.tls.certificates.leaf_data.issuer	object	Issuer distinguished name attributes.
services.tls.certificates.leaf_data.issuer.common_name	text
services.tls.certificates.leaf_data.issuer.country	text
services.tls.certificates.leaf_data.issuer.domain_component	text
services.tls.certificates.leaf_data.issuer.email_address	text
services.tls.certificates.leaf_data.issuer.jurisdiction_country	text
services.tls.certificates.leaf_data.issuer.jurisdiction_locality	text
services.tls.certificates.leaf_data.issuer.jurisdiction_province	text
services.tls.certificates.leaf_data.issuer.locality	text
services.tls.certificates.leaf_data.issuer.organization	text
services.tls.certificates.leaf_data.issuer.organization_id	text
services.tls.certificates.leaf_data.issuer.organizational_unit	text
services.tls.certificates.leaf_data.issuer.postal_code	keyword
services.tls.certificates.leaf_data.issuer.province	text
services.tls.certificates.leaf_data.issuer.serial_number	keyword
services.tls.certificates.leaf_data.issuer.street_address	text
services.tls.certificates.leaf_data.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.leaf_data.names	text	Common names for the entity.
services.tls.certificates.leaf_data.pubkey_algorithm	text	Algorithm used to create the public key.
services.tls.certificates.leaf_data.pubkey_bit_size	integer	Size of the public key.
services.tls.certificates.leaf_data.public_key	object	Subject public key information.
services.tls.certificates.leaf_data.public_key.dsa	object
services.tls.certificates.leaf_data.public_key.dsa.g	text
services.tls.certificates.leaf_data.public_key.dsa.p	text
services.tls.certificates.leaf_data.public_key.dsa.q	text
services.tls.certificates.leaf_data.public_key.dsa.y	text
services.tls.certificates.leaf_data.public_key.ecdsa	object
services.tls.certificates.leaf_data.public_key.ecdsa.b	text
services.tls.certificates.leaf_data.public_key.ecdsa.curve	keyword
services.tls.certificates.leaf_data.public_key.ecdsa.gx	text
services.tls.certificates.leaf_data.public_key.ecdsa.gy	text
services.tls.certificates.leaf_data.public_key.ecdsa.length	unsigned_long
services.tls.certificates.leaf_data.public_key.ecdsa.n	text
services.tls.certificates.leaf_data.public_key.ecdsa.p	text
services.tls.certificates.leaf_data.public_key.ecdsa.pub	text
services.tls.certificates.leaf_data.public_key.ecdsa.x	text
services.tls.certificates.leaf_data.public_key.ecdsa.y	text
services.tls.certificates.leaf_data.public_key.fingerprint	text
services.tls.certificates.leaf_data.public_key.key_algorithm	keyword
services.tls.certificates.leaf_data.public_key.rsa	object
services.tls.certificates.leaf_data.public_key.rsa.exponent	text
services.tls.certificates.leaf_data.public_key.rsa.length	unsigned_long
services.tls.certificates.leaf_data.public_key.rsa.modulus	text
services.tls.certificates.leaf_data.signature	object	Certificate signature information.
services.tls.certificates.leaf_data.signature.self_signed	boolean	Denotes if the certificate was self signed.
services.tls.certificates.leaf_data.signature.signature_algorithm	keyword	Cryptographic algorithm used by the CA to sign this certificate.
services.tls.certificates.leaf_data.subject	object	Subject distinguished name attributes.
services.tls.certificates.leaf_data.subject.common_name	text
services.tls.certificates.leaf_data.subject.country	text
services.tls.certificates.leaf_data.subject.domain_component	text
services.tls.certificates.leaf_data.subject.email_address	text
services.tls.certificates.leaf_data.subject.jurisdiction_country	text
services.tls.certificates.leaf_data.subject.jurisdiction_locality	text
services.tls.certificates.leaf_data.subject.jurisdiction_province	text
services.tls.certificates.leaf_data.subject.locality	text
services.tls.certificates.leaf_data.subject.organization	text
services.tls.certificates.leaf_data.subject.organization_id	text
services.tls.certificates.leaf_data.subject.organizational_unit	text
services.tls.certificates.leaf_data.subject.postal_code	keyword
services.tls.certificates.leaf_data.subject.province	text
services.tls.certificates.leaf_data.subject.serial_number	keyword
services.tls.certificates.leaf_data.subject.street_address	text
services.tls.certificates.leaf_data.subject_dn	text	Distinguished name of the entity associated with the public key.
services.tls.certificates.leaf_data.tbs_fingerprint	keyword	Fingerprint of the TBS certificate.
services.tls.certificates.leaf_fp_sha_256	keyword	SHA 256 fingerprint of the TBS certificate.
services.tls.cipher_selected	text	Cipher suite chosen for the exchange.
services.tls.ja3s	text	The JA3S fingerprint for this service.
services.tls.ja4s	text
services.tls.presented_chain	object	Certificate chain information.
services.tls.presented_chain.fingerprint	keyword	SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.presented_chain.issuer_dn	text	Distinguished name of the entity that has signed and issued the certificate.
services.tls.presented_chain.subject_dn	text	Distinguished name of the entity that the certificate belongs to.
services.tls.server_key_exchange	object
services.tls.server_key_exchange.ec_params	object	Elliptic-Curve key exchange parameters used.
services.tls.server_key_exchange.ec_params.named_curve	unsigned_long	Elliptic-Curve ID value.
services.tls.server_key_exchange.ec_params.public_key	text
services.tls.session_ticket	object	The new session ticket sent by the server to the client.
services.tls.session_ticket.length	unsigned_long
services.tls.session_ticket.lifetime_hint	unsigned_long	Hint from server about how long the session ticket should be stored.
services.tls.version_selected	text	Certificate version v1(0), v2(1), v3(2).
services.tls.versions	object
services.tls.versions.ja3s	text
services.tls.versions.ja4s	text
services.tls.versions.tls_version	text

HTTP

Path	Type	Docs
services.http	object
services.http.request	object
services.http.request.body	text	The body sent in the HTTP request, always empty.
services.http.request.headers	nested	The key:value header pairs included in the HTTP request, which always includes a Censys User-Agent.
services.http.request.headers.key	text
services.http.request.headers.value	object
services.http.request.headers.value.headers	text	The values provided in the corresponding header.
services.http.request.method	text	The HTTP method used for the request, always "GET".
services.http.request.uri	text	The full path used to make the request, which includes the scheme, host, port (when non-standard), and endpoint.
services.http.response	object
services.http.response.body	text	The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.http.response.body_hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.http.response.body_size	integer	The length, in bytes, of services.http.response.body; at most, 64KB.
services.http.response.favicons	object
services.http.response.favicons.hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.http.response.favicons.md5_hash	keyword	The hexadecimal MD5 digest of the favicon.
services.http.response.favicons.name	text	The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.http.response.favicons.shodan_hash	integer	A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.http.response.favicons.size	integer	The size of the favicon retrieved, in bytes.
services.http.response.headers	nested	The key-value header pairs included in the response.
services.http.response.headers.key	text
services.http.response.headers.value	object
services.http.response.headers.value.headers	text	The values provided in the corresponding header.
services.http.response.html_tags	text	A list of the <title> and <meta> tags from services.http.response.body.
services.http.response.html_title	text	The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.http.response.protocol	text	The protocol field of the response, which includes the claimed HTTP version number.
services.http.response.status_code	integer	A 3-digit integer result code indicating the result of the services.http.request.
services.http.response.status_reason	text	A human-readable phrase describing the status code.
services.http.supports_http2	boolean	Whether a HTTP/2 handshake with the server succeeded.

SSH

Path	Type	Docs
services.ssh	object
services.ssh.algorithm_selection	object
services.ssh.algorithm_selection.client_to_server_alg_group	object
services.ssh.algorithm_selection.client_to_server_alg_group.cipher	text
services.ssh.algorithm_selection.client_to_server_alg_group.compression	text
services.ssh.algorithm_selection.client_to_server_alg_group.mac	text
services.ssh.algorithm_selection.host_key_algorithm	text
services.ssh.algorithm_selection.kex_algorithm	text
services.ssh.algorithm_selection.server_to_client_alg_group	object
services.ssh.algorithm_selection.server_to_client_alg_group.cipher	text
services.ssh.algorithm_selection.server_to_client_alg_group.compression	text
services.ssh.algorithm_selection.server_to_client_alg_group.mac	text
services.ssh.endpoint_id	object
services.ssh.endpoint_id.comment	text
services.ssh.endpoint_id.protocol_version	text
services.ssh.endpoint_id.raw	text
services.ssh.endpoint_id.software_version	text
services.ssh.hassh_fingerprint	text
services.ssh.kex_init_message	object
services.ssh.kex_init_message.client_to_server_ciphers	text	A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.client_to_server_compression	text	A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.client_to_server_languages	text	A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.client_to_server_macs	text	A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.kex_init_message.first_kex_follows	boolean
services.ssh.kex_init_message.host_key_algorithms	text	Asymmetric key algorithms for the host key supported by the client.
services.ssh.kex_init_message.kex_algorithms	text	Key exchange algorithms used in the handshake.
services.ssh.kex_init_message.server_to_client_ciphers	text	A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.server_to_client_compression	text	A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.server_to_client_languages	text	A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.server_to_client_macs	text	A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.server_host_key	object
services.ssh.server_host_key.certkey_public_key	text
services.ssh.server_host_key.dsa_public_key	object
services.ssh.server_host_key.dsa_public_key.g	text
services.ssh.server_host_key.dsa_public_key.p	text
services.ssh.server_host_key.dsa_public_key.q	text
services.ssh.server_host_key.dsa_public_key.y	text
services.ssh.server_host_key.ecdsa_public_key	object
services.ssh.server_host_key.ecdsa_public_key.b	text
services.ssh.server_host_key.ecdsa_public_key.curve	keyword
services.ssh.server_host_key.ecdsa_public_key.gx	text
services.ssh.server_host_key.ecdsa_public_key.gy	text
services.ssh.server_host_key.ecdsa_public_key.length	unsigned_long
services.ssh.server_host_key.ecdsa_public_key.n	text
services.ssh.server_host_key.ecdsa_public_key.p	text
services.ssh.server_host_key.ecdsa_public_key.pub	text
services.ssh.server_host_key.ecdsa_public_key.x	text
services.ssh.server_host_key.ecdsa_public_key.y	text
services.ssh.server_host_key.ed25519_public_key	object
services.ssh.server_host_key.ed25519_public_key.public_bytes	text
services.ssh.server_host_key.fingerprint_sha256	text
services.ssh.server_host_key.rsa_public_key	object
services.ssh.server_host_key.rsa_public_key.exponent	text
services.ssh.server_host_key.rsa_public_key.length	unsigned_long
services.ssh.server_host_key.rsa_public_key.modulus	text

TELNET

Path	Type	Docs
services.telnet	object
services.telnet.banner	text
services.telnet.do	object
services.telnet.do.key	unsigned_long
services.telnet.do.value	text
services.telnet.dont	object
services.telnet.dont.key	unsigned_long
services.telnet.dont.value	text
services.telnet.will	object
services.telnet.will.key	unsigned_long
services.telnet.will.value	text
services.telnet.wont	object
services.telnet.wont.key	unsigned_long
services.telnet.wont.value	text

FTP

Path	Type	Docs
services.ftp	object
services.ftp.auth_ssl_response	text
services.ftp.auth_tls_response	text
services.ftp.banner	text
services.ftp.implicit_tls	boolean
services.ftp.status_code	integer
services.ftp.status_meaning	text

DNS

Path	Type	Docs
services.dns	object
services.dns.additionals	object	A list of resource records (RRs) contained in the ADDITIONAL section of the response.
services.dns.additionals.name	text	The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.additionals.response	text	The RDATA field of the RR.
services.dns.additionals.type	text	An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.answers	object	A list of resource records (RRs) contained in the ANSWER section of the response.
services.dns.answers.name	text	The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.answers.response	text	The RDATA field of the RR.
services.dns.answers.type	text	An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.authorities	object	A list of resource records (RRs) contained in the AUTHORITIES section of the response.
services.dns.authorities.name	text	The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.authorities.response	text	The RDATA field of the RR.
services.dns.authorities.type	text	An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.edns	object
services.dns.edns.do	boolean
services.dns.edns.options	text
services.dns.edns.udp	unsigned_long
services.dns.edns.version	unsigned_long
services.dns.questions	object	A list of resource records (RRs) contained in the QUESTION section of the response, which may echo the request that the server is responding to.
services.dns.questions.name	text	The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.questions.response	text	The RDATA field of the RR.
services.dns.questions.type	text	An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.r_code	text	A enumerated field indicating the result of the request. The most common values are defined in RFC 1035.
services.dns.resolves_correctly	boolean	Whether the server returns an IP address for ip.parrotdns.com that matches the authoritative server, which is controlled by Censys.
services.dns.server_type	text	An enumerated value indicating the behavior of the server. An AUTHORITATIVE server fulfills requests for domain names it controls, which are not listed by the server. FORWARDING and RECURSIVE_RESOLVER servers fulfill requests indirectly for domain names they do not control. A RECURSIVE_RESOLVER will query ip.parrotdns.com itself, resulting in its own IP address being present in the dns.answers.response field.
services.dns.version	text

ACTIVEMQ

Path	Type	Docs
services.parsed.activemq	object
services.parsed.activemq.cache_enabled	boolean
services.parsed.activemq.cache_size	long
services.parsed.activemq.max_frame_size	long
services.parsed.activemq.max_inactivity_duration	long
services.parsed.activemq.platform_details	text
services.parsed.activemq.provider_name	text
services.parsed.activemq.provider_version	text
services.parsed.activemq.size_prefix_disabled	boolean
services.parsed.activemq.stack_trace_enabled	boolean
services.parsed.activemq.tight_encoding_enabled	boolean

AMQP

Path	Type	Docs
services.amqp	object
services.amqp.explicit_tls	boolean	Connected via a TLS connection after initial handshake
services.amqp.implicit_tls	boolean	Connected via a TLS wrapped connection (AMQPS)
services.amqp.protocol_id	object
services.amqp.protocol_id.id	unsigned_long
services.amqp.protocol_id.name	text
services.amqp.version	object
services.amqp.version.major	unsigned_long
services.amqp.version.minor	unsigned_long
services.amqp.version.revision	unsigned_long

ANY_CONNECT

Path	Type	Docs
services.any_connect	object
services.any_connect.aggregate_auth_version	integer	Version number indicated by the response for config-auth exchange
services.any_connect.auth_methods	text	Supported methods for users to enter credentials for this VPN
services.any_connect.groups	text	List of groups a user can authenticate with to use this VPN
services.any_connect.raw	text	XML content of the config-auth response
services.any_connect.response_type	text	Type of the response packet received after initializing the config-auth exchange

BACNET

Path	Type	Docs
services.bacnet	object
services.bacnet.application_software_revision	text
services.bacnet.description	text
services.bacnet.firmware_revision	text
services.bacnet.instance_number	unsigned_long
services.bacnet.location	text
services.bacnet.model_name	text
services.bacnet.object_name	text
services.bacnet.vendor_id	unsigned_long
services.bacnet.vendor_name	text

CHECKPOINT_TOPOLOGY

Path	Type	Docs
services.parsed.checkpoint_topology	object
services.parsed.checkpoint_topology.common_name	text
services.parsed.checkpoint_topology.organization	text

COAP

Path	Type	Docs
services.coap	object
services.coap.code	text
services.coap.message_id	unsigned_long
services.coap.message_type	text
services.coap.payload	text
services.coap.token	text
services.coap.version	unsigned_long

COBALT_STRIKE

Path	Type	Docs
services.cobalt_strike	object
services.cobalt_strike.x64	object
services.cobalt_strike.x64.cookie_beacon	unsigned_long
services.cobalt_strike.x64.crypto_scheme	unsigned_long
services.cobalt_strike.x64.dns	boolean
services.cobalt_strike.x64.http_get	object
services.cobalt_strike.x64.http_get.client	text
services.cobalt_strike.x64.http_get.uri	text
services.cobalt_strike.x64.http_get.verb	text
services.cobalt_strike.x64.http_post	object
services.cobalt_strike.x64.http_post.client	text
services.cobalt_strike.x64.http_post.uri	text
services.cobalt_strike.x64.http_post.verb	text
services.cobalt_strike.x64.jitter	unsigned_long
services.cobalt_strike.x64.killdate	unsigned_long
services.cobalt_strike.x64.post_ex	object
services.cobalt_strike.x64.post_ex.x64	text
services.cobalt_strike.x64.post_ex.x86	text
services.cobalt_strike.x64.public_key	text
services.cobalt_strike.x64.sleep_time	unsigned_long
services.cobalt_strike.x64.ssl	boolean
services.cobalt_strike.x64.unknown_bytes	object
services.cobalt_strike.x64.unknown_bytes.key	unsigned_long
services.cobalt_strike.x64.unknown_bytes.value	text
services.cobalt_strike.x64.unknown_int	object
services.cobalt_strike.x64.unknown_int.key	unsigned_long
services.cobalt_strike.x64.unknown_int.value	unsigned_long
services.cobalt_strike.x64.user_agent	text
services.cobalt_strike.x64.watermark	unsigned_long
services.cobalt_strike.x86	object
services.cobalt_strike.x86.cookie_beacon	unsigned_long
services.cobalt_strike.x86.crypto_scheme	unsigned_long
services.cobalt_strike.x86.dns	boolean
services.cobalt_strike.x86.http_get	object
services.cobalt_strike.x86.http_get.client	text
services.cobalt_strike.x86.http_get.uri	text
services.cobalt_strike.x86.http_get.verb	text
services.cobalt_strike.x86.http_post	object
services.cobalt_strike.x86.http_post.client	text
services.cobalt_strike.x86.http_post.uri	text
services.cobalt_strike.x86.http_post.verb	text
services.cobalt_strike.x86.jitter	unsigned_long
services.cobalt_strike.x86.killdate	unsigned_long
services.cobalt_strike.x86.post_ex	object
services.cobalt_strike.x86.post_ex.x64	text
services.cobalt_strike.x86.post_ex.x86	text
services.cobalt_strike.x86.public_key	text
services.cobalt_strike.x86.sleep_time	unsigned_long
services.cobalt_strike.x86.ssl	boolean
services.cobalt_strike.x86.unknown_bytes	object
services.cobalt_strike.x86.unknown_bytes.key	unsigned_long
services.cobalt_strike.x86.unknown_bytes.value	text
services.cobalt_strike.x86.unknown_int	object
services.cobalt_strike.x86.unknown_int.key	unsigned_long
services.cobalt_strike.x86.unknown_int.value	unsigned_long
services.cobalt_strike.x86.user_agent	text
services.cobalt_strike.x86.watermark	unsigned_long

CWMP

Path	Type	Docs
services.cwmp	object
services.cwmp.http_info	object
services.cwmp.http_info.body	text	The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.cwmp.http_info.body_hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.cwmp.http_info.body_size	integer	The length, in bytes, of services.http.response.body; at most, 64KB.
services.cwmp.http_info.favicons	object
services.cwmp.http_info.favicons.hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.cwmp.http_info.favicons.md5_hash	keyword	The hexadecimal MD5 digest of the favicon.
services.cwmp.http_info.favicons.name	text	The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.cwmp.http_info.favicons.shodan_hash	integer	A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.cwmp.http_info.favicons.size	integer	The size of the favicon retrieved, in bytes.
services.cwmp.http_info.headers	nested	The key-value header pairs included in the response.
services.cwmp.http_info.headers.key	text
services.cwmp.http_info.headers.value	object
services.cwmp.http_info.headers.value.headers	text	The values provided in the corresponding header.
services.cwmp.http_info.html_tags	text	A list of the <title> and <meta> tags from services.http.response.body.
services.cwmp.http_info.html_title	text	The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.cwmp.http_info.protocol	text	The protocol field of the response, which includes the claimed HTTP version number.
services.cwmp.http_info.status_code	integer	A 3-digit integer result code indicating the result of the services.http.request.
services.cwmp.http_info.status_reason	text	A human-readable phrase describing the status code.

DARKCOMET

Path	Type	Docs
services.parsed.darkcomet	object
services.parsed.darkcomet.version	text

DARKGATE

Path	Type	Docs
services.parsed.darkgate	object
services.parsed.darkgate.file_lengths	long
services.parsed.darkgate.filenames	text

DHCPDISCOVER

Path	Type	Docs
services.parsed.dhcpdiscover	object
services.parsed.dhcpdiscover.method	text
services.parsed.dhcpdiscover.params	object
services.parsed.dhcpdiscover.params.device_info	object
services.parsed.dhcpdiscover.params.device_info.alarm_input_channels	long
services.parsed.dhcpdiscover.params.device_info.alarm_output_channels	long
services.parsed.dhcpdiscover.params.device_info.device_class	text
services.parsed.dhcpdiscover.params.device_info.device_id	text
services.parsed.dhcpdiscover.params.device_info.device_type	text
services.parsed.dhcpdiscover.params.device_info.http_port	long
services.parsed.dhcpdiscover.params.device_info.ipv4_address	object
services.parsed.dhcpdiscover.params.device_info.ipv4_address.default_gateway	text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.dhcp_enable	boolean
services.parsed.dhcpdiscover.params.device_info.ipv4_address.ip_address	text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.subnetmask	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address	object
services.parsed.dhcpdiscover.params.device_info.ipv6_address.default_gateway	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.dhcp_enable	boolean
services.parsed.dhcpdiscover.params.device_info.ipv6_address.ip_address	text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.link_local_address	text
services.parsed.dhcpdiscover.params.device_info.machine_group	text
services.parsed.dhcpdiscover.params.device_info.machine_name	text
services.parsed.dhcpdiscover.params.device_info.manufacturer	text
services.parsed.dhcpdiscover.params.device_info.port	long
services.parsed.dhcpdiscover.params.device_info.remote_video_input_channels	long
services.parsed.dhcpdiscover.params.device_info.serial_no	text
services.parsed.dhcpdiscover.params.device_info.unlogin_func_mask	long
services.parsed.dhcpdiscover.params.device_info.vendor	text
services.parsed.dhcpdiscover.params.device_info.version	text
services.parsed.dhcpdiscover.params.device_info.video_input_channels	long
services.parsed.dhcpdiscover.params.device_info.video_output_channels	long

DNP3

Path	Type	Docs
services.dnp3	object
services.dnp3.banner	text

EIP

Path	Type	Docs
services.parsed.eip	object
services.parsed.eip.identity	object
services.parsed.eip.identity.device_type	text
services.parsed.eip.identity.device_type_code	long
services.parsed.eip.identity.product_code	long
services.parsed.eip.identity.product_name	text
services.parsed.eip.identity.revision	text
services.parsed.eip.identity.serial_number	long
services.parsed.eip.identity.socket_addr	text
services.parsed.eip.identity.socket_port	long
services.parsed.eip.identity.state	long
services.parsed.eip.identity.status	long
services.parsed.eip.identity.vendor_id	text
services.parsed.eip.identity.vendor_name	text
services.parsed.eip.interfaces	object
services.parsed.eip.interfaces.index	long
services.parsed.eip.interfaces.name	text
services.parsed.eip.services	object
services.parsed.eip.services.capabilities	long
services.parsed.eip.services.service_name	text
services.parsed.eip.services.supports_tcp	boolean
services.parsed.eip.services.supports_udp	boolean

ELASTICSEARCH

Path	Type	Docs
services.elasticsearch	object
services.elasticsearch.http_info	object	Information about the underlying HTTP connection.
services.elasticsearch.http_info.headers	nested	The key-value header pairs included in the response to the request for the root endpoint (/).
services.elasticsearch.http_info.headers.key	text
services.elasticsearch.http_info.headers.value	object
services.elasticsearch.http_info.headers.value.headers	text	The values provided in the corresponding header.
services.elasticsearch.http_info.status	text	A human-readable phrase describing the status code.
services.elasticsearch.http_info.status_code	integer	A 3-digit integer result code indicating the response to a request for the root endpoint (/).
services.elasticsearch.node_info	object
services.elasticsearch.node_info.cluster_combined_info	object
services.elasticsearch.node_info.cluster_combined_info.filesystem	object
services.elasticsearch.node_info.cluster_combined_info.filesystem.available	text	The amount of free disk space that the node can utilize, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes	unsigned_long	The amount of free disk space that the node can utilize, in bytes.
services.elasticsearch.node_info.cluster_combined_info.filesystem.free	text	The total amount of unallocated disk space on the node, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes	unsigned_long	The total amount of unallocated disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.filesystem.total	text	The total amount of disk space on the node, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes	unsigned_long	The total amount of disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.indices	object
services.elasticsearch.node_info.cluster_combined_info.indices.count	unsigned_long	The number of indices on the node.
services.elasticsearch.node_info.cluster_combined_info.indices.docs	object
services.elasticsearch.node_info.cluster_combined_info.indices.docs.count	unsigned_long	The total number of documents across all indices on this node.
services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted	unsigned_long	The total number of deleted documents across all indices on this node.
services.elasticsearch.node_info.cluster_combined_info.indices.store	object
services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes	unsigned_long	A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes	unsigned_long	The total amount of disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.name	text
services.elasticsearch.node_info.cluster_combined_info.status	text	An enumerated value representing the health status of the cluster. Green signifies no issues, yellow signifies that at least one replica shard is unassigned, and red signifies that at least one primary shard is unassigned.
services.elasticsearch.node_info.cluster_combined_info.timestamp	unsigned_long	The last time the cluster statistics were refreshed, in unix milliseconds.
services.elasticsearch.node_info.cluster_combined_info.uuid	text	The unique identifier for the cluster.
services.elasticsearch.node_info.nodes	object
services.elasticsearch.node_info.nodes.node_data	object
services.elasticsearch.node_info.nodes.node_data.build_flavor	text	An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown".
services.elasticsearch.node_info.nodes.node_data.build_hash	text	The short hash of the git commit used to compile this version of the software.
services.elasticsearch.node_info.nodes.node_data.build_type	text	An enumerated value indicating the file format in which the Elasticsearch executable was retrieved.
services.elasticsearch.node_info.nodes.node_data.host	text	The self-reported identifier of the node.
services.elasticsearch.node_info.nodes.node_data.ingest_processors	text	A list of the types of data processors the node has available.
services.elasticsearch.node_info.nodes.node_data.ip	ip	The IP address of the node.
services.elasticsearch.node_info.nodes.node_data.jvm	object	Information about the node's Java Virtual Machine configuration.
services.elasticsearch.node_info.nodes.node_data.jvm.gc	text	A list of the garbage-collection algorithms in use.
services.elasticsearch.node_info.nodes.node_data.jvm.input_args	text	The command-line arguments provided to the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools	text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time	text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms	unsigned_long	The time the Java Virtual Machine was started, in unix milliseconds.
services.elasticsearch.node_info.nodes.node_data.jvm.version	text	The version of Java the Java Virtual Machine is using.
services.elasticsearch.node_info.nodes.node_data.jvm.vm_name	text	The name of the Java Virtual Machine the node is using (e.g. OpenJDK).
services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor	text	The name of the person or organization that created or maintains the version of the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.jvm.vm_version	text	The version of the Java Virtual Machine the node is using.
services.elasticsearch.node_info.nodes.node_data.modules	object
services.elasticsearch.node_info.nodes.node_data.modules.class_name	text
services.elasticsearch.node_info.nodes.node_data.modules.desc	text
services.elasticsearch.node_info.nodes.node_data.modules.elastic_version	text
services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins	text
services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl	boolean
services.elasticsearch.node_info.nodes.node_data.modules.java_version	text
services.elasticsearch.node_info.nodes.node_data.modules.name	text
services.elasticsearch.node_info.nodes.node_data.modules.version	text
services.elasticsearch.node_info.nodes.node_data.name	text
services.elasticsearch.node_info.nodes.node_data.os	object
services.elasticsearch.node_info.nodes.node_data.os.allocated_proc	integer	The number of processors used by the node to calculate its thread pool size.
services.elasticsearch.node_info.nodes.node_data.os.arch	text	The name of the Java Virtual Machine architecture used by the node.
services.elasticsearch.node_info.nodes.node_data.os.available_proc	integer	The number of processors available to the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.os.name	text	The simplified name of the operating system used by the node.
services.elasticsearch.node_info.nodes.node_data.os.pretty_name	text	The full name of the operating system used by the node, which may include the distribution and version number.
services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms	unsigned_long	How often the node's processor statistics are refreshed, in milliseconds.
services.elasticsearch.node_info.nodes.node_data.os.version	text
services.elasticsearch.node_info.nodes.node_data.roles	text
services.elasticsearch.node_info.nodes.node_data.settings	object
services.elasticsearch.node_info.nodes.node_data.settings.cluster_name	text	The name of the cluster the node belongs to.
services.elasticsearch.node_info.nodes.node_data.settings.node	object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr	object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml	object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled	text	Whether the Elasticsearch machine-learning APIs are enabled on the node.
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory	text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs	text	The maximum number of jobs that can run simultaneously on a node.
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed	text	Whether X-Pack, an Elasticsearch expansion included by default, is installed.
services.elasticsearch.node_info.nodes.node_data.settings.node.name	text	The name of the node.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list	object
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive	text	How long an idle thread should remain in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max	integer	The maximum number of threads in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min	integer	The minimum number of threads in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size	integer	When applicable, the number of incoming requests to queue if there is not a thread available to execute them.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type	text	The strategy used to assign incoming requests to an execution thread.
services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer	unsigned_long	The amount of memory used to hold recently indexed documents before writing them to disk, in bytes.
services.elasticsearch.node_info.nodes.node_data.version	text	The Elasticsearch version running on this node.
services.elasticsearch.node_info.nodes.node_name	text	The name of the node.
services.elasticsearch.system_info	object
services.elasticsearch.system_info.cluster_uuid	text	The unique identifier for the cluster.
services.elasticsearch.system_info.name	text	The name of the cluster.
services.elasticsearch.system_info.tagline	text	A snippet describing the server. By default, it is "You Know, for Search"
services.elasticsearch.system_info.version	object	Version information and accompanying metadata, such as the build date and compatibility information.
services.elasticsearch.system_info.version.build_date	text	The date this version of the software was compiled.
services.elasticsearch.system_info.version.build_flavor	text	An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown".
services.elasticsearch.system_info.version.build_hash	text	The short hash of the git commit used to compile this version of the software.
services.elasticsearch.system_info.version.build_snapshot	boolean	Whether the server is running a snapshot version.
services.elasticsearch.system_info.version.build_type	text	An enumerated value indicating the file format in which the Elasticsearch executable was retrieved.
services.elasticsearch.system_info.version.lucene_version	text	The version of Lucene used by the server.
services.elasticsearch.system_info.version.min_idx_compat_ver	text	The minimum version of the Elasticsearch wire protocol compatible with the server.
services.elasticsearch.system_info.version.min_wire_compat_ver	text	The minimum version of indices that the server supports.
services.elasticsearch.system_info.version.number	text	The version number.

ELF_FILE

Path	Type	Docs
services.parsed.elf_file	object
services.parsed.elf_file.class	text
services.parsed.elf_file.data	text
services.parsed.elf_file.machine	text
services.parsed.elf_file.os_abi	text
services.parsed.elf_file.type	text

EPMD

Path	Type	Docs
services.parsed.epmd	object
services.parsed.epmd.names	text

ETHEREUM

Path	Type	Docs
services.parsed.ethereum	object
services.parsed.ethereum.accounts	text
services.parsed.ethereum.hashrate	text
services.parsed.ethereum.version	object
services.parsed.ethereum.version.client	text
services.parsed.ethereum.version.compiler	text
services.parsed.ethereum.version.platform	text
services.parsed.ethereum.version.trailing	text
services.parsed.ethereum.version.version	text

FORTIGATE

Path	Type	Docs
services.fortigate	object
services.fortigate.api_version	text
services.fortigate.build	integer
services.fortigate.http_info	object
services.fortigate.http_info.headers	nested
services.fortigate.http_info.headers.key	text
services.fortigate.http_info.headers.value	object
services.fortigate.http_info.headers.value.headers	text	The values provided in the corresponding header.
services.fortigate.http_info.status	text	Status message received from hitting 404 /censys.inspect.
services.fortigate.http_info.status_code	unsigned_long	Status code received from hitting /censys.inspect.
services.fortigate.serial	text
services.fortigate.status_code	integer
services.fortigate.status_msg	text
services.fortigate.version	text

FOX

Path	Type	Docs
services.fox	object
services.fox.app_name	text
services.fox.app_version	text
services.fox.auth_agent_type	text
services.fox.brand_id	text
services.fox.host_address	text
services.fox.hostid	text
services.fox.hostname	text
services.fox.id	unsigned_long
services.fox.language	text
services.fox.os_name	text
services.fox.os_version	text
services.fox.station_name	text
services.fox.sys_info	text
services.fox.time_zone	text
services.fox.version	text
services.fox.vm_name	text
services.fox.vm_uuid	text
services.fox.vm_version	text

IKE

Path	Type	Docs
services.ike	object
services.ike.v1	object
services.ike.v1.accepted_proposal	boolean	Did the host accept our security proposal? When false, the host responded with an error.
services.ike.v1.notify_message_types	unsigned_long	Which types of NOTIFY messages did the host send us?
services.ike.v1.vendor_ids	text	The list of Vendor ID "extensions" the host claimed to support in its handshake
services.ike.v2	object
services.ike.v2.accepted_proposal	boolean
services.ike.v2.notify_message_types	unsigned_long
services.ike.v2.vendor_ids	text

IMAP

Path	Type	Docs
services.imap	object
services.imap.banner	text	The IMAP banner.
services.imap.start_tls	text	The server's response to the STARTTLS command.

IPMI

Path	Type	Docs
services.ipmi	object
services.ipmi.capabilities	object	The Get Channel Authentication Capabilities response (section 22.13)
services.ipmi.capabilities.auth_status	object	The authentication status
services.ipmi.capabilities.auth_status.anonymous_login_enabled	boolean	If true, the server allows anonymous login.
services.ipmi.capabilities.auth_status.auth_each_message	boolean	If true, each message must be authenticated.
services.ipmi.capabilities.auth_status.has_anonymous_users	boolean	If true, the server has anonymous users.
services.ipmi.capabilities.auth_status.has_named_users	boolean	If true, the server supports named users.
services.ipmi.capabilities.auth_status.two_key_login_required	boolean	The KG field.
services.ipmi.capabilities.auth_status.user_auth_disabled	boolean	If true, user authentication is disabled.
services.ipmi.capabilities.channel_number	integer	The response channel number
services.ipmi.capabilities.completion_code	object	The status code of the response
services.ipmi.capabilities.completion_code.name	text	The human-readable name of the code
services.ipmi.capabilities.completion_code.raw	integer	The raw completion code
services.ipmi.capabilities.extended_capabilities	object	Extended auth capabilities (if present)
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5	boolean	True if IPMI v1.5 is supported
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0	boolean	True if IPMI v2.0 is supported
services.ipmi.capabilities.oem_data	integer	The OEM-specific data
services.ipmi.capabilities.oem_id	text	The 3-byte OEM identifier
services.ipmi.capabilities.supported_auth_types	object	The auth types supported by the server
services.ipmi.capabilities.supported_auth_types.extended	boolean	If true, the extended capabilities are present.
services.ipmi.capabilities.supported_auth_types.md2	boolean	True if the MD2 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.md5	boolean	True if the MD5 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.none	boolean	True if the None AuthType is supported.
services.ipmi.capabilities.supported_auth_types.oem_proprietary	boolean	True if the OEM Proprietary AuthType is supported
services.ipmi.capabilities.supported_auth_types.password	boolean	True if the Password AuthType is supported.
services.ipmi.capabilities.supported_auth_types.raw	integer	The raw byte, with the bit mask etc
services.ipmi.command_payload	object	The IPMI command payload
services.ipmi.command_payload.checksum_error	boolean	This is set to true if the values of chk1 / chk2 do not match the command data
services.ipmi.command_payload.data	text	The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse
services.ipmi.command_payload.ipmi_command_number	object	The parsed IPMI command number
services.ipmi.command_payload.ipmi_command_number.name	text	The human-readable name of the cmd + NetFn
services.ipmi.command_payload.ipmi_command_number.raw	integer	The raw value of the cmd value
services.ipmi.command_payload.network_function_code	object	The NetFn and LUN
services.ipmi.command_payload.network_function_code.logical_unit_number	object	The parsed LUN (logical unit number -- the lower 2 bits of raw)
services.ipmi.command_payload.network_function_code.logical_unit_number.name	text	The human-readable name of the LUN
services.ipmi.command_payload.network_function_code.logical_unit_number.raw	integer	The value of the LUN (3 bits)
services.ipmi.command_payload.network_function_code.net_fn	object	The parsed NetFn value (the upper 6 bits of raw)
services.ipmi.command_payload.network_function_code.net_fn.is_request	boolean	True if the least-significant bit is zero
services.ipmi.command_payload.network_function_code.net_fn.is_response	boolean	True if the least-significant bit is one
services.ipmi.command_payload.network_function_code.net_fn.name	text	The human-readable name of the NetFn
services.ipmi.command_payload.network_function_code.net_fn.raw	integer	The raw value of the NetFn (6 bits, least significant indicates request/response)
services.ipmi.command_payload.network_function_code.net_fn.value	integer	The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even)
services.ipmi.command_payload.network_function_code.raw	integer	The raw value of the (NetFn << 2) | LUN
services.ipmi.command_payload.requestor_sequence_number	integer	The request sequence number.
services.ipmi.raw	text	The raw data returned by the server
services.ipmi.rmcp_header	object	The RMCP header of the response, (section 13.1.3)
services.ipmi.rmcp_header.message_class	object	The class of the message.
services.ipmi.rmcp_header.message_class.class	integer	Just the class part of the byte (lower 5 bits of raw)
services.ipmi.rmcp_header.message_class.is_ack	boolean	True if the message is an acknowledgment to a previous message.
services.ipmi.rmcp_header.message_class.name	text	The human-readable name of the message class
services.ipmi.rmcp_header.message_class.raw	integer	The raw message class byte.
services.ipmi.rmcp_header.sequence_number	integer	Sequence number of this packet in the session.
services.ipmi.rmcp_header.version	integer	The version. This scanner supports version 6.
services.ipmi.session_header	object	The IPMI sesssion header of the response
services.ipmi.session_header.auth_code	text	The 16-byte authentication code; not present if auth_type is None.
services.ipmi.session_header.auth_type	object	The authentication type for this request (see section 13.6)
services.ipmi.session_header.auth_type.name	text	The raw value of the auth_type
services.ipmi.session_header.auth_type.raw	integer	The raw value of the auth_type
services.ipmi.session_header.auth_type.type	integer	Just the auth type (reserved bits omitted)
services.ipmi.session_header.session_id	long	The ID of this sessiod.
services.ipmi.session_header.session_sequence_number	long	The session sequence number of this packet in the session

IPP

Path	Type	Docs
services.ipp	object
services.ipp.attribute_cups_version	text	The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
services.ipp.attribute_ipp_versions	text	Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
services.ipp.attribute_printer_uris	text	Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
services.ipp.attributes	object	All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
services.ipp.attributes.name	text
services.ipp.attributes.value_tag	unsigned_long
services.ipp.cups_response	object
services.ipp.cups_response.body	text	The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.ipp.cups_response.body_hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.cups_response.body_size	integer	The length, in bytes, of services.http.response.body; at most, 64KB.
services.ipp.cups_response.favicons	object
services.ipp.cups_response.favicons.hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.cups_response.favicons.md5_hash	keyword	The hexadecimal MD5 digest of the favicon.
services.ipp.cups_response.favicons.name	text	The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.ipp.cups_response.favicons.shodan_hash	integer	A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.ipp.cups_response.favicons.size	integer	The size of the favicon retrieved, in bytes.
services.ipp.cups_response.headers	nested	The key-value header pairs included in the response.
services.ipp.cups_response.headers.key	text
services.ipp.cups_response.headers.value	object
services.ipp.cups_response.headers.value.headers	text	The values provided in the corresponding header.
services.ipp.cups_response.html_tags	text	A list of the <title> and <meta> tags from services.http.response.body.
services.ipp.cups_response.html_title	text	The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.ipp.cups_response.protocol	text	The protocol field of the response, which includes the claimed HTTP version number.
services.ipp.cups_response.status_code	integer	A 3-digit integer result code indicating the result of the services.http.request.
services.ipp.cups_response.status_reason	text	A human-readable phrase describing the status code.
services.ipp.cups_version	text	The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
services.ipp.major_version	unsigned_long	Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.minor_version	unsigned_long	Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.response	object
services.ipp.response.body	text	The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.ipp.response.body_hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.response.body_size	integer	The length, in bytes, of services.http.response.body; at most, 64KB.
services.ipp.response.favicons	object
services.ipp.response.favicons.hashes	text	A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.response.favicons.md5_hash	keyword	The hexadecimal MD5 digest of the favicon.
services.ipp.response.favicons.name	text	The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.ipp.response.favicons.shodan_hash	integer	A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.ipp.response.favicons.size	integer	The size of the favicon retrieved, in bytes.
services.ipp.response.headers	nested	The key-value header pairs included in the response.
services.ipp.response.headers.key	text
services.ipp.response.headers.value	object
services.ipp.response.headers.value.headers	text	The values provided in the corresponding header.
services.ipp.response.html_tags	text	A list of the <title> and <meta> tags from services.http.response.body.
services.ipp.response.html_title	text	The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.ipp.response.protocol	text	The protocol field of the response, which includes the claimed HTTP version number.
services.ipp.response.status_code	integer	A 3-digit integer result code indicating the result of the services.http.request.
services.ipp.response.status_reason	text	A human-readable phrase describing the status code.
services.ipp.version_string	text	The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'

KRPC

Path	Type	Docs
services.parsed.krpc	object
services.parsed.krpc.ping_response_id	text

KUBERNETES

Path	Type	Docs
services.kubernetes	object
services.kubernetes.endpoints	object
services.kubernetes.endpoints.name	text
services.kubernetes.endpoints.self_link	text
services.kubernetes.endpoints.subsets	object
services.kubernetes.endpoints.subsets.addresses	object
services.kubernetes.endpoints.subsets.addresses.hostname	text
services.kubernetes.endpoints.subsets.addresses.ip	ip
services.kubernetes.endpoints.subsets.addresses.node_name	text
services.kubernetes.endpoints.subsets.ports	object
services.kubernetes.endpoints.subsets.ports.name	text
services.kubernetes.endpoints.subsets.ports.port	unsigned_long
services.kubernetes.endpoints.subsets.ports.protocol	text
services.kubernetes.kubernetes_dashboard_found	boolean	True if the dashboard is running and accessible
services.kubernetes.nodes	object
services.kubernetes.nodes.addresses	object
services.kubernetes.nodes.addresses.address	keyword	Node address, IP/URL.
services.kubernetes.nodes.addresses.address_type	text	Node address type, one of Hostname, ExternalIP or InternalIP.
services.kubernetes.nodes.architecture	text	The Architecture reported by the node.
services.kubernetes.nodes.container_runtime_version	text	ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
services.kubernetes.nodes.images	text	List of container images on this node
services.kubernetes.nodes.kernel_version	text	Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
services.kubernetes.nodes.kube_proxy_version	text	KubeProxy Version reported by the node.
services.kubernetes.nodes.kubelet_version	text	Kubelet Version reported by the node.
services.kubernetes.nodes.name	text
services.kubernetes.nodes.operating_system	text	The Operating System reported by the node.
services.kubernetes.nodes.os_image	text	OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
services.kubernetes.pod_names	text
services.kubernetes.roles	object
services.kubernetes.roles.name	text
services.kubernetes.roles.rules	object	Rules set for this role.
services.kubernetes.roles.rules.api_groups	text	APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
services.kubernetes.roles.rules.resources	text	Resources is a list of resources this rule applies to. ResourceAll represents all resources
services.kubernetes.roles.rules.verbs	text	Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
services.kubernetes.version_info	object
services.kubernetes.version_info.build_date	text	Date version was built.
services.kubernetes.version_info.compiler	text	Go Compiler used
services.kubernetes.version_info.git_commit	text	Git commit version built from.
services.kubernetes.version_info.git_tree_state	text	State of the tree when built.
services.kubernetes.version_info.git_version	text
services.kubernetes.version_info.go_version	text	Version of GO used to build version.
services.kubernetes.version_info.major	text	Kubernetes major version
services.kubernetes.version_info.minor	text	Kubernetes minor version
services.kubernetes.version_info.platform	text	Platform compiled for

L2TP

Path	Type	Docs
services.parsed.l2tp	object
services.parsed.l2tp.hello_received	boolean
services.parsed.l2tp.ordered_messages_raw	text
services.parsed.l2tp.sccn_received	boolean
services.parsed.l2tp.sccrp	object
services.parsed.l2tp.sccrp.attribute_values	object
services.parsed.l2tp.sccrp.attribute_values.firmware_revision	long
services.parsed.l2tp.sccrp.attribute_values.hostname	text
services.parsed.l2tp.sccrp.attribute_values.protocol_revision	long
services.parsed.l2tp.sccrp.attribute_values.protocol_version	long
services.parsed.l2tp.sccrp.attribute_values.vendor_name	text
services.parsed.l2tp.sccrp_received	boolean
services.parsed.l2tp.sccrq_received	boolean
services.parsed.l2tp.stop_sccn	object
services.parsed.l2tp.stop_sccn.attribute_values	object
services.parsed.l2tp.stop_sccn.attribute_values.error_code	long
services.parsed.l2tp.stop_sccn.attribute_values.error_meaning	text
services.parsed.l2tp.stop_sccn.attribute_values.error_message	text
services.parsed.l2tp.stop_sccn.attribute_values.result_code	long
services.parsed.l2tp.stop_sccn.attribute_values.result_meaning	text
services.parsed.l2tp.stop_sccn_received	boolean
services.parsed.l2tp.zlb_received	boolean

LDAP

Path	Type	Docs
services.ldap	object
services.ldap.allows_anonymous_bind	boolean	Ability to connect with anonymous bind (empty username and password)
services.ldap.attributes	object	All root DN attributes available via anonymous bind
services.ldap.attributes.name	text	Name of the LDAP attribute in the root DN
services.ldap.attributes.values	text	Values for the respective LDAP attribute
services.ldap.resultcode	unsigned_long	Result or error code returned by LDAP instance upon bind

MEMCACHED

Path	Type	Docs
services.memcached	object
services.memcached.ascii_binding_protocol_enabled	boolean	Whether server responds to a handshake using the ASCII wire format of the protocol.
services.memcached.binary_binding_protocol_enabled	boolean	Whether server responds to a handshake using the binary wire format of the protocol.
services.memcached.responds_to_udp	boolean	Whether the server on the UDP port with the same number responds to a handshake using the ASCII wire format of the protocol.
services.memcached.stats	nested	Server information returned in response to the stats command, as a set of key:value pairs.
services.memcached.stats.key	text
services.memcached.stats.value	text
services.memcached.version	text	The Memcached version indicated in the server's response.

MMS

Path	Type	Docs
services.mms	object
services.mms.model	text
services.mms.revision	text
services.mms.vendor	text

MODBUS

Path	Type	Docs
services.modbus	object
services.modbus.exception_response	object
services.modbus.exception_response.exception_function	unsigned_long
services.modbus.exception_response.exception_type	unsigned_long
services.modbus.function	unsigned_long
services.modbus.mei_response	object
services.modbus.mei_response.conformity_level	long
services.modbus.mei_response.more_follows	boolean
services.modbus.mei_response.objects	nested
services.modbus.mei_response.objects.key	text
services.modbus.mei_response.objects.value	text
services.modbus.unit_id	long

MONERO_P2P

Path	Type	Docs
services.parsed.monero_p2p	object
services.parsed.monero_p2p.ping_response	object
services.parsed.monero_p2p.ping_response.payload	object
services.parsed.monero_p2p.ping_response.payload.entries	object
services.parsed.monero_p2p.ping_response.payload.entries.data	text
services.parsed.monero_p2p.ping_response.payload.entries.name	text
services.parsed.monero_p2p.ping_response.response_header	object
services.parsed.monero_p2p.ping_response.response_header.command	long
services.parsed.monero_p2p.ping_response.response_header.expects_response	boolean
services.parsed.monero_p2p.ping_response.response_header.flags	long
services.parsed.monero_p2p.ping_response.response_header.length	long
services.parsed.monero_p2p.ping_response.response_header.return_code	long
services.parsed.monero_p2p.ping_response.response_header.signature	long
services.parsed.monero_p2p.ping_response.response_header.version	long

MONGODB

Path	Type	Docs
services.mongodb	object
services.mongodb.build_info	object
services.mongodb.build_info.build_environment	object
services.mongodb.build_info.build_environment.cc	text
services.mongodb.build_info.build_environment.cc_flags	text
services.mongodb.build_info.build_environment.cxx	text
services.mongodb.build_info.build_environment.cxx_flags	text
services.mongodb.build_info.build_environment.dist_arch	text
services.mongodb.build_info.build_environment.dist_mod	text
services.mongodb.build_info.build_environment.link_flags	text
services.mongodb.build_info.build_environment.target_arch	text
services.mongodb.build_info.build_environment.target_os	text
services.mongodb.build_info.git_version	text	Version of mongodb server
services.mongodb.build_info.version	text	Version of mongodb server
services.mongodb.is_master	object
services.mongodb.is_master.is_master	boolean
services.mongodb.is_master.logical_session_timeout_minutes	integer
services.mongodb.is_master.max_bson_object_size	integer
services.mongodb.is_master.max_message_size_bytes	integer
services.mongodb.is_master.max_wire_version	integer
services.mongodb.is_master.max_write_batch_size	integer
services.mongodb.is_master.min_wire_version	integer
services.mongodb.is_master.read_only	boolean

MQTT

Path	Type	Docs
services.mqtt	object
services.mqtt.connection_ack_raw	text	Raw CONNACK response packet
services.mqtt.connection_ack_return	object
services.mqtt.connection_ack_return.raw	unsigned_long	Raw connect status value
services.mqtt.connection_ack_return.return_value	text	Connection status
services.mqtt.subscription_ack_return	object
services.mqtt.subscription_ack_return.raw	unsigned_long	Raw subscription response value
services.mqtt.subscription_ack_return.return_value	text	Subscription response

MSSQL

Path	Type	Docs
services.mssql	object
services.mssql.encrypt_mode	text	The negotiated ENCRYPT_MODE with the server
services.mssql.instance_name	text
services.mssql.prelogin_options	object
services.mssql.prelogin_options.encrypt_mode	text
services.mssql.prelogin_options.fed_auth_required	boolean
services.mssql.prelogin_options.instance	text
services.mssql.prelogin_options.mars	boolean
services.mssql.prelogin_options.nonce	text
services.mssql.prelogin_options.server_version	object
services.mssql.prelogin_options.server_version.build_number	unsigned_long
services.mssql.prelogin_options.server_version.major	unsigned_long
services.mssql.prelogin_options.server_version.minor	unsigned_long
services.mssql.prelogin_options.thread_id	unsigned_long
services.mssql.prelogin_options.trace_id	text
services.mssql.prelogin_options.unknown	object
services.mssql.prelogin_options.unknown.key	unsigned_long
services.mssql.prelogin_options.unknown.value	text
services.mssql.version	text

MYSQL

Path	Type	Docs
services.mysql	object
services.mysql.auth_plugin_data	text	Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
services.mysql.auth_plugin_name	text	The name of the authentication plugin, returned in the initial HandshakePacket.
services.mysql.capability_flags	nested	The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.capability_flags.key	text
services.mysql.capability_flags.value	boolean
services.mysql.character_set	unsigned_long	The identifier for the character set the server is using. Returned in the initial HandshakePacket.
services.mysql.connection_id	unsigned_long	The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
services.mysql.error_code	long	Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
services.mysql.error_id	text	The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN
services.mysql.error_message	text	Optional string describing the error. Only set if there is an error.
services.mysql.protocol_version	unsigned_long	8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
services.mysql.server_version	text	The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
services.mysql.status_flags	nested	The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.status_flags.key	text
services.mysql.status_flags.value	boolean

NTP

Path	Type	Docs
services.ntp	object
services.ntp.get_time_header	object	The header of the server's response to a GetTime request.
services.ntp.get_time_header.leap_indicator	unsigned_long	An enumerated value from 0 to 3 signifying whether a leap second will occur at the end of the current month. 0 signifies no leap second, 1 signifies an additive leap second, 2 signifies a subtractive leap second, and 3 signifies the state is unknown.
services.ntp.get_time_header.mode	unsigned_long	An enumerated value from 0 to 7 signifying the operational mode of the server.
services.ntp.get_time_header.poll	integer	The interval within which the server will expect a subsequent synchronization message, in log2 seconds.
services.ntp.get_time_header.precision	integer	The precision of the system's clock, in log2 seconds.
services.ntp.get_time_header.reference_id	text	The identifier of the reference clock. For servers in stratum 1, one of an IANA-maintained list of sources. For servers in stratum 2, the ID of the stratum 1 server from which the time was retrieved (usually, its IP address), etc.
services.ntp.get_time_header.stratum	unsigned_long	The number of servers between a client and a non-NTP time source. 1 signifies that the server is authoritative, having direct access to a sensor. 2 signifies that the server got its time from a "stratum 1" server, etc. 16 means the clock is unsynchronized.
services.ntp.get_time_header.version	unsigned_long	The NTP version indicated in the server's response.

OPC_UA

Path	Type	Docs
services.parsed.opc_ua	object
services.parsed.opc_ua.acknowledge	object
services.parsed.opc_ua.acknowledge.max_chunk_size	long
services.parsed.opc_ua.acknowledge.max_message_size	long
services.parsed.opc_ua.acknowledge.protocol_version	long
services.parsed.opc_ua.acknowledge.receive_buffer_size	long
services.parsed.opc_ua.acknowledge.send_buffer_size	long
services.parsed.opc_ua.error	object
services.parsed.opc_ua.error.error	long
services.parsed.opc_ua.error.reason	text
services.parsed.opc_ua.error.spec_error_name	text
services.parsed.opc_ua.error.spec_error_reason	text

OPENVPN

Path	Type	Docs
services.openvpn	object
services.openvpn.accepts_v1	boolean
services.openvpn.accepts_v2	boolean

ORACLE

Path	Type	Docs
services.oracle	object
services.oracle.accept_version	unsigned_long	The version declared by the service when it accepts the handshake, if applicable.
services.oracle.connect_flags0	nested	The first set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags0.key	text
services.oracle.connect_flags0.value	boolean
services.oracle.connect_flags1	nested	The second set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags1.key	text
services.oracle.connect_flags1.value	boolean
services.oracle.did_resend	boolean	Whether the server requested that the scanner resend its initial connection packet.
services.oracle.global_service_options	nested	Set of flags that the server returns in the Accept packet.
services.oracle.global_service_options.key	text
services.oracle.global_service_options.value	boolean
services.oracle.nsn_service_versions	nested	A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
services.oracle.nsn_service_versions.key	text
services.oracle.nsn_service_versions.value	text
services.oracle.nsn_version	text	The version string in the root of the native service negotiation packet, if applicable.
services.oracle.redirect_target	object	The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
services.oracle.redirect_target.key	text	The dot-delimited path to the parsed value from the error received when the initial handshake is refused.
services.oracle.redirect_target.value	text	The parsed value from the error received when the initial handshake is refused.
services.oracle.redirect_target_raw	text	The connect descriptor returned by the server in the Redirect packet, if one is sent.
services.oracle.refuse_error	object	The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE
services.oracle.refuse_error.key	text	The dot-delimited path to the parsed value from the error received when the initial handshake is refused.
services.oracle.refuse_error.value	text	The parsed value from the error received when the initial handshake is refused.
services.oracle.refuse_error_raw	text	The unparsed error received when the initial handshake is refused.
services.oracle.refuse_reason_app	text	The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_reason_sys	text	The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_version	text	The version declared by the service when it refuses the handshake, if applicable.

PC_ANYWHERE

Path	Type	Docs
services.pc_anywhere	object
services.pc_anywhere.name	text	Workstation Name, with padding bytes removed
services.pc_anywhere.nr	text	Full 'NR' query response
services.pc_anywhere.status	object
services.pc_anywhere.status.in_use	boolean	Workstation is In Use if true, Available if false
services.pc_anywhere.status.raw	text	Full 'ST' query response

PENDING_REMOVAL_SINCE

Path	Type	Docs
services.pending_removal_since	date

POP3

Path	Type	Docs
services.pop3	object
services.pop3.banner	text	The POP3 banner.
services.pop3.start_tls	text	The server's response to the STARTTLS command.

POSTGRES

Path	Type	Docs
services.postgres	object
services.postgres.authentication_mode	object
services.postgres.authentication_mode.mode	text
services.postgres.authentication_mode.payload	text
services.postgres.protocol_error	nested	The error received in response to a StartupMessage with an unexpected protocol version.
services.postgres.protocol_error.key	text
services.postgres.protocol_error.value	text
services.postgres.startup_error	nested	The error received in response to a StartupMessage without providing the User field.
services.postgres.startup_error.key	text
services.postgres.startup_error.value	text
services.postgres.supported_versions	text
services.postgres.transaction_status	text

PPTP

Path	Type	Docs
services.pptp	object
services.pptp.bearer_message	object
services.pptp.bearer_message.code	unsigned_long
services.pptp.bearer_message.meaning	text
services.pptp.error_message	object
services.pptp.error_message.code	unsigned_long
services.pptp.error_message.meaning	text
services.pptp.firmware	object
services.pptp.firmware.major	unsigned_long
services.pptp.firmware.minor	unsigned_long
services.pptp.framing_message	object
services.pptp.framing_message.code	unsigned_long
services.pptp.framing_message.meaning	text
services.pptp.hostname	text
services.pptp.maximum_channels	unsigned_long
services.pptp.protocol	object
services.pptp.protocol.major	unsigned_long
services.pptp.protocol.minor	unsigned_long
services.pptp.result_message	object
services.pptp.result_message.code	unsigned_long
services.pptp.result_message.meaning	text
services.pptp.vendor	text

PROMETHEUS

Path	Type	Docs
services.prometheus	object
services.prometheus.http_info	object
services.prometheus.http_info.headers	nested
services.prometheus.http_info.headers.key	text
services.prometheus.http_info.headers.value	object
services.prometheus.http_info.headers.value.headers	text	The values provided in the corresponding header.
services.prometheus.http_info.status	text	Status message received from hitting /api/v1/targets.
services.prometheus.http_info.status_code	unsigned_long	Status code received from hitting /api/v1/targets.
services.prometheus.response	object	Information Prometheus captured as well as build information.
services.prometheus.response.active_targets	object	List of active targets.
services.prometheus.response.active_targets.discovered_labels	object
services.prometheus.response.active_targets.discovered_labels.address	text	Address of target.
services.prometheus.response.active_targets.discovered_labels.job	text	Job of target.
services.prometheus.response.active_targets.discovered_labels.metrics_path	text	Path to metrics of target.
services.prometheus.response.active_targets.discovered_labels.scheme	text	URL scheme.
services.prometheus.response.active_targets.health	text	Whether target is up or down.
services.prometheus.response.active_targets.labels	object
services.prometheus.response.active_targets.labels.instance	text	Instance after relabelling has occurred.
services.prometheus.response.active_targets.labels.job	text	Job of target after relabelling has occurred.
services.prometheus.response.active_targets.last_error	text	Last error that occurred within target.
services.prometheus.response.active_targets.last_scrape	text	Last time Prometheus scraped target.
services.prometheus.response.active_targets.scrape_url	text	URL that Prometheus scraped.
services.prometheus.response.all_versions	text	List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
services.prometheus.response.config_exposed	boolean	True when the config endpoint is exposed.
services.prometheus.response.dropped_targets	object	List of dropped targets.
services.prometheus.response.dropped_targets.address	text	Address of target.
services.prometheus.response.dropped_targets.job	text	Job of target.
services.prometheus.response.dropped_targets.metrics_path	text	Path to metrics of target.
services.prometheus.response.dropped_targets.scheme	text	URL scheme.
services.prometheus.response.go_versions	text	List of the versions of Go.
services.prometheus.response.prometheus_versions	object
services.prometheus.response.prometheus_versions.go_version	text	Version of Go used to build Prometheus.
services.prometheus.response.prometheus_versions.revision	text	Revision of Prometheus.
services.prometheus.response.prometheus_versions.version	text	Version of Prometheus.

RDP

Path	Type	Docs
services.rdp	object
services.rdp.certificate_info	object
services.rdp.certificate_info.internal_x509_chain_fps	keyword
services.rdp.certificate_info.proprietary_rsa_key	object
services.rdp.certificate_info.proprietary_rsa_key.key_length	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.magic	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.modulus	text
services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.public_exponent	unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.signature	text
services.rdp.connect_response	object
services.rdp.connect_response.connect_id	unsigned_long
services.rdp.connect_response.domain_parameters	object
services.rdp.connect_response.domain_parameters.domain_protocol_version	long
services.rdp.connect_response.domain_parameters.max_channel_ids	long
services.rdp.connect_response.domain_parameters.max_mcspdu_size	long
services.rdp.connect_response.domain_parameters.max_provider_height	long
services.rdp.connect_response.domain_parameters.max_token_ids	long
services.rdp.connect_response.domain_parameters.max_user_id_channels	long
services.rdp.connect_response.domain_parameters.min_throughput	long
services.rdp.connect_response.domain_parameters.num_priorities	long
services.rdp.protocol_flags	object
services.rdp.protocol_flags.dynvc_graphics_pipeline	boolean
services.rdp.protocol_flags.extended_client_data_supported	boolean
services.rdp.protocol_flags.neg_resp_reserved	boolean
services.rdp.protocol_flags.restricted_admin_mode	boolean
services.rdp.protocol_flags.restricted_auth_mode	boolean
services.rdp.selected_security_protocol	object
services.rdp.selected_security_protocol.credssp	boolean
services.rdp.selected_security_protocol.credssp_early_auth	boolean
services.rdp.selected_security_protocol.error	boolean
services.rdp.selected_security_protocol.error_bad_flags	boolean
services.rdp.selected_security_protocol.error_hybrid_required	boolean
services.rdp.selected_security_protocol.error_ssl_cert_missing	boolean
services.rdp.selected_security_protocol.error_ssl_forbidden	boolean
services.rdp.selected_security_protocol.error_ssl_required	boolean
services.rdp.selected_security_protocol.error_ssl_user_auth_required	boolean
services.rdp.selected_security_protocol.error_unknown	boolean
services.rdp.selected_security_protocol.raw_value	unsigned_long
services.rdp.selected_security_protocol.rdstls	boolean
services.rdp.selected_security_protocol.standard_rdp	boolean
services.rdp.selected_security_protocol.tls	boolean
services.rdp.version	object
services.rdp.version.major	integer
services.rdp.version.minor	integer
services.rdp.version.raw	unsigned_long	Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes.
services.rdp.x224_cc_pdu_srcref	unsigned_long

REDIS

Path	Type	Docs
services.redis	object
services.redis.arch_bits	text	The architecture bits (32 or 64) the Redis server used to build.
services.redis.auth_response	text	The response from the AUTH command, if sent.
services.redis.build_id	text	The Build ID of the Redis server.
services.redis.commands	text	The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
services.redis.commands_processed	unsigned_long	The total number of commands processed by the server.
services.redis.connections_received	unsigned_long	The total number of connections accepted by the server.
services.redis.gcc_version	text	The version of the GCC compiler used to compile the Redis server.
services.redis.git_sha1	text	The Sha-1 Git commit hash the Redis server used.
services.redis.info_response	object	The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.
services.redis.info_response.key	text
services.redis.info_response.value	text
services.redis.major	unsigned_long	Major is the version's major number.
services.redis.mem_allocator	text	The memory allocator.
services.redis.minor	unsigned_long	Minor is the version's major number.
services.redis.mode	text	The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
services.redis.nonexistent_response	text	The response from the NONEXISTENT command.
services.redis.os	text	The OS the Redis server is running, read from the the info_response (if available).
services.redis.patch_level	unsigned_long	Patchlevel is the version's patchlevel number.
services.redis.ping_response	text	The response from the PING command; should either be "PONG" or an authentication error.
services.redis.quit_response	text	The response to the QUIT command.
services.redis.raw_command_output	object	The raw output returned by the server for each command sent; the indices match those of commands.
services.redis.raw_command_output.output	text
services.redis.uptime	unsigned_long	The number of seconds since Redis server start.
services.redis.used_memory	unsigned_long	The total number of bytes allocated by Redis using its allocator.

ROCKETMQ

Path	Type	Docs
services.parsed.rocketmq	object
services.parsed.rocketmq.cluster_info	object
services.parsed.rocketmq.cluster_info.header	object
services.parsed.rocketmq.cluster_info.header.code	long
services.parsed.rocketmq.cluster_info.header.flag	long
services.parsed.rocketmq.cluster_info.header.language	text
services.parsed.rocketmq.cluster_info.header.opaque	long
services.parsed.rocketmq.cluster_info.header.serialize_type_current_rpc	text
services.parsed.rocketmq.cluster_info.header.version	long
services.parsed.rocketmq.cluster_info.payload	text
services.parsed.rocketmq.topics	object
services.parsed.rocketmq.topics.header	object
services.parsed.rocketmq.topics.header.code	long
services.parsed.rocketmq.topics.header.flag	long
services.parsed.rocketmq.topics.header.language	text
services.parsed.rocketmq.topics.header.opaque	long
services.parsed.rocketmq.topics.header.serialize_type_current_rpc	text
services.parsed.rocketmq.topics.header.version	long
services.parsed.rocketmq.topics.topic_list	text
services.parsed.rocketmq.version	text

S7

Path	Type	Docs
services.s7	object
services.s7.copyright	text
services.s7.cpu_profile	text
services.s7.firmware	text
services.s7.hardware	text
services.s7.location	text
services.s7.memory_serial_number	text
services.s7.module	text
services.s7.module_id	text
services.s7.module_type	text
services.s7.oem_id	text
services.s7.plant_id	text
services.s7.reserved_for_os	text
services.s7.serial_number	text
services.s7.system	text

SIP

Path	Type	Docs
services.sip	object
services.sip.code	integer
services.sip.server	text	Server software reported by service
services.sip.status	text
services.sip.version	text	SIP version

SKINNY

Path	Type	Docs
services.skinny	object
services.skinny.response	text

SMB

Path	Type	Docs
services.smb	object
services.smb.group_name	text	Default group name
services.smb.has_ntlm	boolean	Server supports the NTLM authentication method
services.smb.native_os	text	Server-identified operating system
services.smb.negotiation_log	object
services.smb.negotiation_log.authentication_types	text
services.smb.negotiation_log.capabilities	unsigned_long
services.smb.negotiation_log.dialect_revision	unsigned_long
services.smb.negotiation_log.header_log	object
services.smb.negotiation_log.header_log.command	unsigned_long
services.smb.negotiation_log.header_log.credits	unsigned_long
services.smb.negotiation_log.header_log.flags	unsigned_long
services.smb.negotiation_log.header_log.protocol_id	text
services.smb.negotiation_log.header_log.status	unsigned_long
services.smb.negotiation_log.security_mode	unsigned_long
services.smb.negotiation_log.server_guid	text
services.smb.negotiation_log.server_start_time	unsigned_long
services.smb.negotiation_log.system_time	unsigned_long
services.smb.ntlm	text	Native LAN manager
services.smb.session_setup_log	object
services.smb.session_setup_log.header_log	object
services.smb.session_setup_log.header_log.command	unsigned_long
services.smb.session_setup_log.header_log.credits	unsigned_long
services.smb.session_setup_log.header_log.flags	unsigned_long
services.smb.session_setup_log.header_log.protocol_id	text
services.smb.session_setup_log.header_log.status	unsigned_long
services.smb.session_setup_log.negotiate_flags	unsigned_long
services.smb.session_setup_log.setup_flags	unsigned_long
services.smb.session_setup_log.target_name	text
services.smb.smb_capabilities	object	Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
services.smb.smb_capabilities.smb_dfs_support	boolean	Server supports Distributed File System
services.smb.smb_capabilities.smb_directory_leasing_support	boolean	Server supports directory leasing
services.smb.smb_capabilities.smb_encryption_support	boolean	Server supports encryption
services.smb.smb_capabilities.smb_leasing_support	boolean	Server supports Leasing
services.smb.smb_capabilities.smb_multichan_support	boolean	Server supports multiple channels per session
services.smb.smb_capabilities.smb_multicredit_support	boolean	Server supports multi-credit operations
services.smb.smb_capabilities.smb_persistent_handle_support	boolean	Server supports persistent handles
services.smb.smb_version	object
services.smb.smb_version.major	unsigned_long	Major version
services.smb.smb_version.minor	unsigned_long	Minor version
services.smb.smb_version.revision	unsigned_long	Protocol Revision
services.smb.smb_version.version_string	text	Full SMB Version String
services.smb.smbv1_support	boolean

SMTP

Path	Type	Docs
services.smtp	object
services.smtp.banner	text	The STMP banner.
services.smtp.ehlo	text	The server's response to the EHLO command.
services.smtp.start_tls	text	The server's response to the STARTTLS command.

SNMP

Path	Type	Docs
services.snmp	object
services.snmp.engine	object
services.snmp.engine.description	text
services.snmp.engine.engine_boots	unsigned_long
services.snmp.engine.engine_time	unsigned_long
services.snmp.engine.format	text
services.snmp.engine.format_data	text
services.snmp.engine.organization	text
services.snmp.engine.pen	unsigned_long
services.snmp.engine.raw_id	text
services.snmp.engine.rfc3411	boolean
services.snmp.oid_interfaces	object	1.3.6.1.2.1.2 - Interfaces
services.snmp.oid_interfaces.num_ifaces	unsigned_long	1.3.6.1.2.1.2.1 - Number of network interfaces
services.snmp.oid_physical	object	1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
services.snmp.oid_physical.firmware_rev	text	1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
services.snmp.oid_physical.hardware_rev	text	1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
services.snmp.oid_physical.mfg_name	text	1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
services.snmp.oid_physical.model_name	text	1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
services.snmp.oid_physical.name	text	1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
services.snmp.oid_physical.serial_num	text	1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
services.snmp.oid_physical.software_rev	text	1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
services.snmp.oid_system	object	1.3.6.1.2.1.1 - System Variables
services.snmp.oid_system.contact	text	1.3.6.1.2.1.1.4 - Contact info
services.snmp.oid_system.desc	text	1.3.6.1.2.1.1.1 - Description of entity
services.snmp.oid_system.init_time	unsigned_long	1.3.6.1.2.1.1.3 - 1/100ths of sec
services.snmp.oid_system.location	text	1.3.6.1.2.1.1.6 - Physical location
services.snmp.oid_system.name	text	1.3.6.1.2.1.1.5 - Name, usually FQDN
services.snmp.oid_system.object_id	text	1.3.6.1.2.1.1.2 - Vendor ID
services.snmp.oid_system.services	object	1.3.6.1.2.1.1.7 - Set of services offered by entity
services.snmp.oid_system.services.layer_1	boolean	Physical (e.g. repeaters)
services.snmp.oid_system.services.layer_2	boolean	Datalink/subnetwork (e.g. bridges)
services.snmp.oid_system.services.layer_3	boolean	Internet (e.g. IP gateways)
services.snmp.oid_system.services.layer_4	boolean	End-to-end (e.g. IP hosts)
services.snmp.oid_system.services.layer_5	boolean	OSI layer 5
services.snmp.oid_system.services.layer_6	boolean	OSI layer 6
services.snmp.oid_system.services.layer_7	boolean	Applications (e.g. mail relays)
services.snmp.versions	text

SOCKS

Path	Type	Docs
services.parsed.socks	object
services.parsed.socks.no_authentication_required	boolean
services.parsed.socks.preferred_authentication	text
services.parsed.socks.preferred_authentication_value	long
services.parsed.socks.socks_version	long

SSDP

Path	Type	Docs
services.ssdp	object
services.ssdp.headers	nested
services.ssdp.headers.key	text
services.ssdp.headers.value	object
services.ssdp.headers.value.headers	text	The values provided in the corresponding header.
services.ssdp.upnp_url	text

TEAM_VIEWER

Path	Type	Docs
services.team_viewer	object
services.team_viewer.response	text

TPLINK_KASA

Path	Type	Docs
services.parsed.tplink_kasa	object
services.parsed.tplink_kasa.active_mode	text
services.parsed.tplink_kasa.brightness	long
services.parsed.tplink_kasa.dev_name	text
services.parsed.tplink_kasa.err_code	long
services.parsed.tplink_kasa.feature	text
services.parsed.tplink_kasa.hw_ver	text
services.parsed.tplink_kasa.icon_hash	text
services.parsed.tplink_kasa.led_off	long
services.parsed.tplink_kasa.mic_type	text
services.parsed.tplink_kasa.model	text
services.parsed.tplink_kasa.on_time	long
services.parsed.tplink_kasa.relay_state	long
services.parsed.tplink_kasa.rssi	long
services.parsed.tplink_kasa.sw_ver	text
services.parsed.tplink_kasa.updating	long

UPNP

Path	Type	Docs
services.upnp	object
services.upnp.devices	object
services.upnp.devices.device_type	text
services.upnp.devices.friendly_name	text
services.upnp.devices.id	integer	Censys-generated IDs representing a device tree
services.upnp.devices.manufacturer	text
services.upnp.devices.manufacturer_url	text
services.upnp.devices.model_description	text
services.upnp.devices.model_name	text
services.upnp.devices.model_number	text
services.upnp.devices.model_url	text
services.upnp.devices.parent_id	integer
services.upnp.devices.presentation_url	text
services.upnp.devices.serial_number	text
services.upnp.devices.service_list	object
services.upnp.devices.service_list.control_url	text
services.upnp.devices.service_list.event_sub_url	text
services.upnp.devices.service_list.scpd_url	text
services.upnp.devices.service_list.service_id	text
services.upnp.devices.service_list.service_type	text
services.upnp.devices.udn	text
services.upnp.devices.upc	text
services.upnp.endpoint	text
services.upnp.headers	nested
services.upnp.headers.key	text
services.upnp.headers.value	object
services.upnp.headers.value.headers	text	The values provided in the corresponding header.
services.upnp.spec	object
services.upnp.spec.major	text
services.upnp.spec.minor	text

VNC

Path	Type	Docs
services.vnc	object
services.vnc.connection_failed_reason	text	If server terminates handshake, the reason offered (if any)
services.vnc.desktop_name	text	Desktop name provided by the server, capped at 255 bytes
services.vnc.pixel_encoding	object
services.vnc.pixel_encoding.name	text
services.vnc.pixel_encoding.value	integer
services.vnc.screen_info	object
services.vnc.screen_info.height	unsigned_long
services.vnc.screen_info.name_len	unsigned_long
services.vnc.screen_info.pixel_format	object
services.vnc.screen_info.pixel_format.big_endian	boolean	If pixel RGB data are in big-endian
services.vnc.screen_info.pixel_format.bits_per_pixel	unsigned_long	How many bits in a single full pixel datum. Valid values are: 8, 16, 32
services.vnc.screen_info.pixel_format.blue_max	unsigned_long	Max value of blue pixel
services.vnc.screen_info.pixel_format.blue_shift	unsigned_long	How many bits to right shift a pixel datum to get blue bits in lsb
services.vnc.screen_info.pixel_format.depth	unsigned_long	Color depth
services.vnc.screen_info.pixel_format.green_max	unsigned_long	Max value of green pixel
services.vnc.screen_info.pixel_format.green_shift	unsigned_long	How many bits to right shift a pixel datum to get green bits in lsb
services.vnc.screen_info.pixel_format.padding1	unsigned_long
services.vnc.screen_info.pixel_format.padding2	unsigned_long
services.vnc.screen_info.pixel_format.padding3	unsigned_long
services.vnc.screen_info.pixel_format.red_max	unsigned_long	Max value of red pixel
services.vnc.screen_info.pixel_format.red_shift	unsigned_long	How many bits to right shift a pixel datum to get red bits in lsb
services.vnc.screen_info.pixel_format.true_color	boolean	If false, color maps are used
services.vnc.screen_info.width	unsigned_long
services.vnc.security_types	object	server-specified security options
services.vnc.security_types.name	text
services.vnc.security_types.value	integer
services.vnc.version	text

X11

Path	Type	Docs
services.x11	object
services.x11.refusal_reason	text
services.x11.requires_authentication	boolean
services.x11.vendor	text
services.x11.version	text

ZEROMQ

Path	Type	Docs
services.parsed.zeromq	object
services.parsed.zeromq.greeting	object
services.parsed.zeromq.greeting.as_server	boolean
services.parsed.zeromq.greeting.mechanism	text
services.parsed.zeromq.greeting.signature	text
services.parsed.zeromq.greeting.version_major	long
services.parsed.zeromq.greeting.version_minor	long
services.parsed.zeromq.handshake	object
services.parsed.zeromq.handshake.raw	text
services.parsed.zeromq.handshake.ready	boolean
services.parsed.zeromq.handshake.socket_type	text
services.parsed.zeromq.subscription_match	object
services.parsed.zeromq.subscription_match.is_monero_node	boolean