This page lists every field whose value can be searched within the Hosts dataset.
The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.
Hosts Categories List
Host Information
Path | Type | Docs |
---|---|---|
ip | ip | |
last_updated_at | date | |
name | text | |
service_count | integer | |
truncated | boolean |
Service Information
Path | Type | Docs |
---|---|---|
services | nested | |
services.banner | text | |
services.banner_hashes | text | |
services.banner_hex | text | |
services.discovery_method | text | |
services.extended_service_name | text | |
services.parsed | object | |
services.perspective_id | text | |
services.port | integer | |
services.service_name | text | |
services.source_ip | ip | |
services.transport_protocol | text | |
services.truncated | boolean |
Host DNS
Path | Type | Docs |
---|---|---|
dns | object | |
dns.names | text | Names that resolve to the host |
dns.reverse_dns | object | |
dns.reverse_dns.names | text | |
dns.reverse_dns.resolved_at | date |
Host Location
Path | Type | Docs |
---|---|---|
location | object | |
location.city | text | The English name of the detected city. |
location.continent | keyword | The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica). |
location.coordinates | object | The estimated coordinates of the detected location. |
location.coordinates.latitude | double | |
location.coordinates.longitude | double | |
location.country | text | The English name of the detected country. |
location.country_code | keyword | The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...). |
location.postal_code | keyword | The postal code (if applicable) of the detected location. |
location.province | text | The state or province name of the detected location. |
location.registered_country | text | The English name of the registered country. |
location.registered_country_code | keyword | The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...). |
location.timezone | text | The IANA time zone database name of the detected location. |
Host Operating System
Path | Type | Docs |
---|---|---|
operating_system | object | |
operating_system.component_uniform_resource_identifiers | text | URIs of software components related to the identified software. |
operating_system.cpe | text | CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf |
operating_system.edition | text | Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2. |
operating_system.language | text | Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described. |
operating_system.other | object | Other attributes describing the identified software |
operating_system.other.key | text | |
operating_system.other.value | text | |
operating_system.part | keyword | Defines the class of this software, a for application, o for operating system, h for hardware devices. |
operating_system.product | text | Identifies the most common and recognizable title or name of the product. |
operating_system.source | text | Defines the source that this software information was derived from. |
operating_system.sw_edition | text | Characterizes how the product is tailored to a particular market or class of end users. |
operating_system.target_hw | text | Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures. |
operating_system.target_sw | text | Characterizes the software computing environment within which the product operates. |
operating_system.update | text | Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product. |
operating_system.vendor | text | Identifies the person or organization that manufactured or created the product. |
operating_system.version | text | Vendor-Specific alphanumeric strings characterizing the particular release version of the product. |
Host Autonomous System
Path | Type | Docs |
---|---|---|
autonomous_system | object | |
autonomous_system.asn | unsigned_long | The ASN (autonomous system number) of the host's autonomous system. |
autonomous_system.bgp_prefix | ip_range | The autonomous system's CIDR. |
autonomous_system.country_code | keyword | The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...). |
autonomous_system.description | text | Brief description of the autonomous system. |
autonomous_system.name | text | The friendly name of the autonomous system. |
autonomous_system.organization | text | The name of the organization managning the autonomous system. |
Host WHOIS
Path | Type | Docs |
---|---|---|
whois | object | |
whois.network | object | |
whois.network.allocation_type | text | |
whois.network.cidrs | ip_range | A set of CIDRs describing the range. |
whois.network.created | date | |
whois.network.handle | text | |
whois.network.name | text | |
whois.network.updated | date | |
whois.organization | object | |
whois.organization.abuse_contacts | object | |
whois.organization.abuse_contacts.email | text | |
whois.organization.abuse_contacts.handle | text | |
whois.organization.abuse_contacts.name | text | |
whois.organization.address | text | |
whois.organization.admin_contacts | object | |
whois.organization.admin_contacts.email | text | |
whois.organization.admin_contacts.handle | text | |
whois.organization.admin_contacts.name | text | |
whois.organization.city | text | |
whois.organization.country | text | |
whois.organization.handle | text | |
whois.organization.name | text | |
whois.organization.postal_code | text | |
whois.organization.state | text | |
whois.organization.street | text | |
whois.organization.tech_contacts | object | |
whois.organization.tech_contacts.email | text | |
whois.organization.tech_contacts.handle | text | |
whois.organization.tech_contacts.name | text |
Software
Path | Type | Docs |
---|---|---|
services.software | nested | |
services.software.component_uniform_resource_identifiers | text | URIs of software components related to the identified software. |
services.software.cpe | text | CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf |
services.software.edition | text | Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2. |
services.software.language | text | Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described. |
services.software.other | object | Other attributes describing the identified software |
services.software.other.key | text | |
services.software.other.value | text | |
services.software.part | keyword | Defines the class of this software, a for application, o for operating system, h for hardware devices. |
services.software.product | text | Identifies the most common and recognizable title or name of the product. |
services.software.source | text | Defines the source that this software information was derived from. |
services.software.sw_edition | text | Characterizes how the product is tailored to a particular market or class of end users. |
services.software.target_hw | text | Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures. |
services.software.target_sw | text | Characterizes the software computing environment within which the product operates. |
services.software.update | text | Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product. |
services.software.vendor | text | Identifies the person or organization that manufactured or created the product. |
services.software.version | text | Vendor-Specific alphanumeric strings characterizing the particular release version of the product. |
services.transport_fingerprint | object | |
services.transport_fingerprint.id | integer | |
services.transport_fingerprint.os | text | |
services.transport_fingerprint.quic | object | |
services.transport_fingerprint.quic.versions | unsigned_long | Raw versions presented in the QUIC version negotiation packet, if any. |
services.transport_fingerprint.raw | text |
TLS
Path | Type | Docs |
---|---|---|
services.certificate | text | |
services.jarm | object | |
services.jarm.cipher_and_version_fingerprint | text | The first 30 byte portion of the Jarm fingerprint. |
services.jarm.fingerprint | text | The 62 byte Jarm fingerprint of the service. |
services.jarm.observed_at | date | The time the service was fingerprinted |
services.jarm.tls_extensions_sha256 | text | The second 32 byte portion of the Jarm fingerprint |
services.tls | object | |
services.tls.certificate | object | |
services.tls.certificate.added_at | date | When the certificate was added to the Censys dataset. |
services.tls.certificate.ct | object | |
services.tls.certificate.ct.entries | nested | |
services.tls.certificate.ct.entries.key | text | |
services.tls.certificate.ct.entries.value | object | |
services.tls.certificate.ct.entries.value.added_to_ct_at | date | An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log. |
services.tls.certificate.ct.entries.value.ct_to_censys_at | date | An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset. |
services.tls.certificate.ct.entries.value.index | long | Numerical marker of the certificate's place in the CT log. |
services.tls.certificate.ever_seen_in_scan | boolean | |
services.tls.certificate.fingerprint_md5 | text | The MD-5 digest of the entire raw certificate. An identifier used by some systems. |
services.tls.certificate.fingerprint_sha1 | text | The SHA-1 digest of the entire raw certificate. An identifier used by some systems. |
services.tls.certificate.fingerprint_sha256 | text | The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records. |
services.tls.certificate.modified_at | date | When the certificate record was last modified. |
services.tls.certificate.names | text | All the names contained in the certificate from various fields. |
services.tls.certificate.parent_spki_subject_fingerprint_sha256 | text | The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |
services.tls.certificate.parse_status | text | |
services.tls.certificate.parsed | object | A record containing all of the data parsed from the certificate. |
services.tls.certificate.parsed.extensions | object | A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities. |
services.tls.certificate.parsed.extensions.authority_info_access | object | The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted. |
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls | text | |
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls | text | |
services.tls.certificate.parsed.extensions.authority_key_id | text | A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo. |
services.tls.certificate.parsed.extensions.basic_constraints | object | The parsed id-ce-basicConstraints extension (OID: 2.5.29.19). |
services.tls.certificate.parsed.extensions.basic_constraints.is_ca | boolean | Whether the certificate is permitted to sign other certificates. |
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len | integer | When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path. |
services.tls.certificate.parsed.extensions.cabf_organization_id | object | CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1). |
services.tls.certificate.parsed.extensions.cabf_organization_id.country | text | |
services.tls.certificate.parsed.extensions.cabf_organization_id.reference | text | |
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme | text | |
services.tls.certificate.parsed.extensions.cabf_organization_id.state | text | |
services.tls.certificate.parsed.extensions.certificate_policies | nested | The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32). |
services.tls.certificate.parsed.extensions.certificate_policies.cps | text | |
services.tls.certificate.parsed.extensions.certificate_policies.id | text | |
services.tls.certificate.parsed.extensions.certificate_policies.user_notice | nested | |
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text | text | |
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference | object | |
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers | integer | |
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization | text | |
services.tls.certificate.parsed.extensions.crl_distribution_points | text | The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted). |
services.tls.certificate.parsed.extensions.ct_poison | boolean | Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3). |
services.tls.certificate.parsed.extensions.extended_key_usage | object | The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37). |
services.tls.certificate.parsed.extensions.extended_key_usage.any | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21 | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3 | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping | boolean | |
services.tls.certificate.parsed.extensions.extended_key_usage.unknown | text | |
services.tls.certificate.parsed.extensions.issuer_alt_name | object | The parsed id-ce-issuerAltName extension (OID: 2.5.29.18). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names | nested | The parsed directoryName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id | text | |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names | text | The parsed dNSName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names | nested | The parsed eDIPartyName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner | text | |
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name | text | |
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses | text | The parsed rfc822Name entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses | text | The parsed ipAddress entries in the GeneralName. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names | nested | The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id | text | The OID identifying the syntax of the otherName value. |
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value | text | The raw otherName value. |
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids | text | The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers | text | The parsed uniformResourceIdentifier entries in the GeneralName. |
services.tls.certificate.parsed.extensions.key_usage | object | The parsed id-ce-keyUsage extension (OID: 2.5.29.15). |
services.tls.certificate.parsed.extensions.key_usage.certificate_sign | boolean | Whether the keyCertSign bit is set. |
services.tls.certificate.parsed.extensions.key_usage.content_commitment | boolean | Whether the contentCommitment (formerly called nonRepudiation) bit is set. |
services.tls.certificate.parsed.extensions.key_usage.crl_sign | boolean | Whether the cRLSign bit is set. |
services.tls.certificate.parsed.extensions.key_usage.data_encipherment | boolean | Whether the dataEncipherment bit is set. |
services.tls.certificate.parsed.extensions.key_usage.decipher_only | boolean | Whether the decipherOnly bit is set. |
services.tls.certificate.parsed.extensions.key_usage.digital_signature | boolean | Whether the digitalSignature bit is set. |
services.tls.certificate.parsed.extensions.key_usage.encipher_only | boolean | Whether the encipherOnly bit is set. |
services.tls.certificate.parsed.extensions.key_usage.key_agreement | boolean | Whether the keyAgreement bit is set. |
services.tls.certificate.parsed.extensions.key_usage.key_encipherment | boolean | Whether the keyEncipherment bit is set. |
services.tls.certificate.parsed.extensions.key_usage.value | unsigned_long | The integer value of the bitmask in the extension. |
services.tls.certificate.parsed.extensions.name_constraints | object | The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located. |
services.tls.certificate.parsed.extensions.name_constraints.critical | boolean | |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names | nested | A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id | text | |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names | nested | A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner | text | |
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name | text | |
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses | text | A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses | nested | A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin | text | The first IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr | text | The CIDR specifying the subtree. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end | text | The last IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask | text | The subnet mask of the CIDR. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_names | text | A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids | text | A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris | text | A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names | nested | A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id | text | |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names | nested | A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner | text | |
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name | text | |
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses | text | A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses | nested | A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin | text | The first IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr | text | The CIDR specifying the subtree. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end | text | The last IP address in the range. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask | text | The subnet mask of the CIDR. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_names | text | A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids | text | A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris | text | A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate. |
services.tls.certificate.parsed.extensions.qc_statements | object | |
services.tls.certificate.parsed.extensions.qc_statements.ids | text | |
services.tls.certificate.parsed.extensions.qc_statements.parsed | object | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance | boolean | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation | nested | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes | text | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit | nested | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount | long | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency | text | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number | long | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent | long | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations | nested | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language | text | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url | text | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period | long | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd | boolean | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.types | nested | |
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids | text | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps | nested | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id | text | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature | object | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm | text | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature | text | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm | text | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp | date | |
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version | integer | |
services.tls.certificate.parsed.extensions.subject_alt_name | object | The parsed id-ce-subjectAltName extension (OID: 2.5.29.17). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names | nested | The parsed directoryName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id | text | |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names | text | The parsed dNSName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names | nested | The parsed eDIPartyName entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner | text | |
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name | text | |
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses | text | The parsed rfc822Name entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses | text | The parsed ipAddress entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names | nested | The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id | text | The OID identifying the syntax of the otherName value. |
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value | text | The raw otherName value. |
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids | text | The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format. |
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers | text | The parsed uniformResourceIdentifier entries in the GeneralName. |
services.tls.certificate.parsed.extensions.subject_key_id | text | A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.. |
services.tls.certificate.parsed.extensions.tor_service_descriptors | nested | |
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name | text | |
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash | text | |
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits | integer | |
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion | text | |
services.tls.certificate.parsed.issuer | object | A record containing the parsed contents of the issuer_dn. |
services.tls.certificate.parsed.issuer.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.issuer.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.issuer.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.issuer.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.issuer.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.issuer.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.issuer.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.issuer.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.issuer.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.issuer.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.issuer.organization_id | text | |
services.tls.certificate.parsed.issuer.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.issuer.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.issuer.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.issuer.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.issuer.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.issuer.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.issuer_dn | text | Distinguished Name of the entity that has signed and issued the certificate. |
services.tls.certificate.parsed.ja4x | text | |
services.tls.certificate.parsed.redacted | boolean | |
services.tls.certificate.parsed.serial_number | text | Issuer-specific identifier of the certificate. |
services.tls.certificate.parsed.serial_number_hex | text | Issuer-specific identifier of the certificate, represented as hexadecimal. |
services.tls.certificate.parsed.signature | object | |
services.tls.certificate.parsed.signature.self_signed | boolean | Whether the certificate was signed by its own key. |
services.tls.certificate.parsed.signature.signature_algorithm | object | |
services.tls.certificate.parsed.signature.signature_algorithm.name | text | Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
services.tls.certificate.parsed.signature.signature_algorithm.oid | text | |
services.tls.certificate.parsed.signature.valid | boolean | Whether the signature is valid. |
services.tls.certificate.parsed.signature.value | text | Contents of the signature. |
services.tls.certificate.parsed.subject | object | A record containing the parsed contents of the subject_dn. |
services.tls.certificate.parsed.subject.common_name | text | The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3). |
services.tls.certificate.parsed.subject.country | text | The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6). |
services.tls.certificate.parsed.subject.domain_component | text | The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25). |
services.tls.certificate.parsed.subject.email_address | text | The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1). |
services.tls.certificate.parsed.subject.given_name | text | The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42). |
services.tls.certificate.parsed.subject.jurisdiction_country | text | The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3). |
services.tls.certificate.parsed.subject.jurisdiction_locality | text | The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1). |
services.tls.certificate.parsed.subject.jurisdiction_province | text | The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2). |
services.tls.certificate.parsed.subject.locality | text | The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7). |
services.tls.certificate.parsed.subject.organization | text | The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10). |
services.tls.certificate.parsed.subject.organization_id | text | |
services.tls.certificate.parsed.subject.organizational_unit | text | The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11). |
services.tls.certificate.parsed.subject.postal_code | keyword | The postalCode elements of the Distinguished Name (OID: 2.5.4.17). |
services.tls.certificate.parsed.subject.province | text | The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8). |
services.tls.certificate.parsed.subject.serial_number | keyword | The serialNumber elements of the Distinguished Name (OID: 2.5.4.5). |
services.tls.certificate.parsed.subject.street_address | text | The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9). |
services.tls.certificate.parsed.subject.surname | text | The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4). |
services.tls.certificate.parsed.subject_dn | text | Distinguished Name of the entity associated with the public key. |
services.tls.certificate.parsed.subject_key_info | object | Information about the certificate's public key. |
services.tls.certificate.parsed.subject_key_info.dsa | object | A record containing the public portion of a DSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.dsa.g | text | |
services.tls.certificate.parsed.subject_key_info.dsa.p | text | |
services.tls.certificate.parsed.subject_key_info.dsa.q | text | |
services.tls.certificate.parsed.subject_key_info.dsa.y | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa | object | A record containing the public portion of an ECDSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.ecdsa.b | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.curve | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.gx | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.gy | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.length | long | |
services.tls.certificate.parsed.subject_key_info.ecdsa.n | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.p | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.pub | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.x | text | |
services.tls.certificate.parsed.subject_key_info.ecdsa.y | text | |
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256 | text | The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo. |
services.tls.certificate.parsed.subject_key_info.key_algorithm | object | A record containing information about the type of subject key algorithm and any relevant parameters. |
services.tls.certificate.parsed.subject_key_info.key_algorithm.name | text | Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record. |
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid | text | |
services.tls.certificate.parsed.subject_key_info.rsa | object | A record containing the public portion of an RSA asymmetric key. |
services.tls.certificate.parsed.subject_key_info.rsa.exponent | long | The RSA key's public exponent (e). |
services.tls.certificate.parsed.subject_key_info.rsa.length | long | Bit-length of the RSA modulus. |
services.tls.certificate.parsed.subject_key_info.rsa.modulus | text | The RSA key's modulus (n) in big-endian encoding. |
services.tls.certificate.parsed.subject_key_info.unrecognized | object | A record containing known information about an unrecognized key type. |
services.tls.certificate.parsed.subject_key_info.unrecognized.raw | text | |
services.tls.certificate.parsed.unknown_extensions | nested | |
services.tls.certificate.parsed.unknown_extensions.critical | boolean | |
services.tls.certificate.parsed.unknown_extensions.id | text | |
services.tls.certificate.parsed.unknown_extensions.value | text | |
services.tls.certificate.parsed.validity_period | object | Information about the time for which the certificate is valid. |
services.tls.certificate.parsed.validity_period.length_seconds | long | The duration of the certificate's validity period, in seconds. |
services.tls.certificate.parsed.validity_period.not_after | date | An RFC-3339-formatted timestamp after which the certificate is no longer valid. |
services.tls.certificate.parsed.validity_period.not_before | date | An RFC-3339-formatted timestamp before which the certificate is not valid. |
services.tls.certificate.parsed.version | integer | |
services.tls.certificate.precert | boolean | Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted. |
services.tls.certificate.revocation | object | A record containing revocation information, if the certificate has been revoked. |
services.tls.certificate.revocation.crl | object | |
services.tls.certificate.revocation.crl.next_update | date | |
services.tls.certificate.revocation.crl.reason | text | An enumerated value indicating the issuer-supplied reason for the revocation. |
services.tls.certificate.revocation.crl.revocation_time | date | The issuer-supplied timestamp indicating when the certificate was revoked. |
services.tls.certificate.revocation.crl.revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.revocation.ocsp | object | |
services.tls.certificate.revocation.ocsp.next_update | date | |
services.tls.certificate.revocation.ocsp.reason | text | An enumerated value indicating the issuer-supplied reason for the revocation. |
services.tls.certificate.revocation.ocsp.revocation_time | date | The issuer-supplied timestamp indicating when the certificate was revoked. |
services.tls.certificate.revocation.ocsp.revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.revoked | boolean | Whether the certificate has been revoked before its expiry date by the issuer. |
services.tls.certificate.spki_subject_fingerprint_sha256 | text | The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject. |
services.tls.certificate.tbs_fingerprint_sha256 | text | The SHA-256 digest of the unsigned certificate's contents. |
services.tls.certificate.tbs_no_ct_fingerprint_sha256 | text | The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate. |
services.tls.certificate.validated_at | date | When the certificate record's trust was last checked. |
services.tls.certificate.validation | object | A record containing information from the maintainers of major root certificate stores related to their trust assessment. |
services.tls.certificate.validation.apple | object | A record containing validation information about the certificate from the Apple root store. |
services.tls.certificate.validation.apple.chains | nested | A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.apple.chains.sha256fp | text | |
services.tls.certificate.validation.apple.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.apple.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.apple.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.apple.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
services.tls.certificate.validation.apple.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.apple.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.apple.type | text | The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.chrome | object | A record containing validation information about the certificate from the Chrome root store. |
services.tls.certificate.validation.chrome.chains | nested | A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.chrome.chains.sha256fp | text | |
services.tls.certificate.validation.chrome.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.chrome.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.chrome.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.chrome.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
services.tls.certificate.validation.chrome.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.chrome.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.chrome.type | text | The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.microsoft | object | A record containing validation information about the certificate from the Microsoft root store. |
services.tls.certificate.validation.microsoft.chains | nested | A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.microsoft.chains.sha256fp | text | |
services.tls.certificate.validation.microsoft.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.microsoft.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.microsoft.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.microsoft.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
services.tls.certificate.validation.microsoft.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.microsoft.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.microsoft.type | text | The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation.nss | object | A record containing validation information about the certificate from the Mozilla NSS root store. |
services.tls.certificate.validation.nss.chains | nested | A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints. |
services.tls.certificate.validation.nss.chains.sha256fp | text | |
services.tls.certificate.validation.nss.ever_valid | boolean | Whether the certificate has ever been considered valid by the root store. |
services.tls.certificate.validation.nss.had_trusted_path | boolean | Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.nss.has_trusted_path | boolean | Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store. |
services.tls.certificate.validation.nss.in_revocation_set | boolean | Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store. |
services.tls.certificate.validation.nss.is_valid | boolean | Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields. |
services.tls.certificate.validation.nss.parents | text | The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s). |
services.tls.certificate.validation.nss.type | text | The certificate's type. Options include root, intermediate, or leaf. |
services.tls.certificate.validation_level | text | The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV). |
services.tls.certificate.zlint | object | A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint. |
services.tls.certificate.zlint.errors_present | boolean | Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.failed_lints | text | A list of lint names which failed, if applicable. |
services.tls.certificate.zlint.fatals_present | boolean | Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.notices_present | boolean | Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard. |
services.tls.certificate.zlint.timestamp | date | An RFC-3339-formated timestamp indicating when the certificate was linted. |
services.tls.certificate.zlint.version | long | The version of Zlint used to lint the certificate. |
services.tls.certificate.zlint.warnings_present | boolean | Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard. |
services.tls.certificates | object | Certificate and certificate chain details. |
services.tls.certificates.chain | object | Certificate chain information. |
services.tls.certificates.chain.fingerprint | keyword | SHA 256 fingerprint of the certificate in the certificate chain. |
services.tls.certificates.chain.issuer_dn | text | Distinguished name of the entity that has signed and issued the certificate. |
services.tls.certificates.chain.subject_dn | text | Distinguished name of the entity that the certificate belongs to. |
services.tls.certificates.chain_fps_sha_256 | keyword | DEPRECATED (04/30/2021) - Use `chain` instead. |
services.tls.certificates.leaf_data | object | The TBS Certificate information. |
services.tls.certificates.leaf_data.fingerprint | keyword | SHA256 fingerprint of the TBS certificate. |
services.tls.certificates.leaf_data.issuer | object | Issuer distinguished name attributes. |
services.tls.certificates.leaf_data.issuer.common_name | text | |
services.tls.certificates.leaf_data.issuer.country | text | |
services.tls.certificates.leaf_data.issuer.domain_component | text | |
services.tls.certificates.leaf_data.issuer.email_address | text | |
services.tls.certificates.leaf_data.issuer.jurisdiction_country | text | |
services.tls.certificates.leaf_data.issuer.jurisdiction_locality | text | |
services.tls.certificates.leaf_data.issuer.jurisdiction_province | text | |
services.tls.certificates.leaf_data.issuer.locality | text | |
services.tls.certificates.leaf_data.issuer.organization | text | |
services.tls.certificates.leaf_data.issuer.organization_id | text | |
services.tls.certificates.leaf_data.issuer.organizational_unit | text | |
services.tls.certificates.leaf_data.issuer.postal_code | keyword | |
services.tls.certificates.leaf_data.issuer.province | text | |
services.tls.certificates.leaf_data.issuer.serial_number | keyword | |
services.tls.certificates.leaf_data.issuer.street_address | text | |
services.tls.certificates.leaf_data.issuer_dn | text | Distinguished name of the entity that has signed and issued the certificate. |
services.tls.certificates.leaf_data.names | text | Common names for the entity. |
services.tls.certificates.leaf_data.pubkey_algorithm | text | Algorithm used to create the public key. |
services.tls.certificates.leaf_data.pubkey_bit_size | integer | Size of the public key. |
services.tls.certificates.leaf_data.public_key | object | Subject public key information. |
services.tls.certificates.leaf_data.public_key.dsa | object | |
services.tls.certificates.leaf_data.public_key.dsa.g | text | |
services.tls.certificates.leaf_data.public_key.dsa.p | text | |
services.tls.certificates.leaf_data.public_key.dsa.q | text | |
services.tls.certificates.leaf_data.public_key.dsa.y | text | |
services.tls.certificates.leaf_data.public_key.ecdsa | object | |
services.tls.certificates.leaf_data.public_key.ecdsa.b | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.curve | keyword | |
services.tls.certificates.leaf_data.public_key.ecdsa.gx | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.gy | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.length | unsigned_long | |
services.tls.certificates.leaf_data.public_key.ecdsa.n | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.p | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.pub | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.x | text | |
services.tls.certificates.leaf_data.public_key.ecdsa.y | text | |
services.tls.certificates.leaf_data.public_key.fingerprint | text | |
services.tls.certificates.leaf_data.public_key.key_algorithm | keyword | |
services.tls.certificates.leaf_data.public_key.rsa | object | |
services.tls.certificates.leaf_data.public_key.rsa.exponent | text | |
services.tls.certificates.leaf_data.public_key.rsa.length | unsigned_long | |
services.tls.certificates.leaf_data.public_key.rsa.modulus | text | |
services.tls.certificates.leaf_data.signature | object | Certificate signature information. |
services.tls.certificates.leaf_data.signature.self_signed | boolean | Denotes if the certificate was self signed. |
services.tls.certificates.leaf_data.signature.signature_algorithm | keyword | Cryptographic algorithm used by the CA to sign this certificate. |
services.tls.certificates.leaf_data.subject | object | Subject distinguished name attributes. |
services.tls.certificates.leaf_data.subject.common_name | text | |
services.tls.certificates.leaf_data.subject.country | text | |
services.tls.certificates.leaf_data.subject.domain_component | text | |
services.tls.certificates.leaf_data.subject.email_address | text | |
services.tls.certificates.leaf_data.subject.jurisdiction_country | text | |
services.tls.certificates.leaf_data.subject.jurisdiction_locality | text | |
services.tls.certificates.leaf_data.subject.jurisdiction_province | text | |
services.tls.certificates.leaf_data.subject.locality | text | |
services.tls.certificates.leaf_data.subject.organization | text | |
services.tls.certificates.leaf_data.subject.organization_id | text | |
services.tls.certificates.leaf_data.subject.organizational_unit | text | |
services.tls.certificates.leaf_data.subject.postal_code | keyword | |
services.tls.certificates.leaf_data.subject.province | text | |
services.tls.certificates.leaf_data.subject.serial_number | keyword | |
services.tls.certificates.leaf_data.subject.street_address | text | |
services.tls.certificates.leaf_data.subject_dn | text | Distinguished name of the entity associated with the public key. |
services.tls.certificates.leaf_data.tbs_fingerprint | keyword | Fingerprint of the TBS certificate. |
services.tls.certificates.leaf_fp_sha_256 | keyword | SHA 256 fingerprint of the TBS certificate. |
services.tls.cipher_selected | text | Cipher suite chosen for the exchange. |
services.tls.ja3s | text | The JA3S fingerprint for this service. |
services.tls.ja4s | text | |
services.tls.presented_chain | object | Certificate chain information. |
services.tls.presented_chain.fingerprint | keyword | SHA 256 fingerprint of the certificate in the certificate chain. |
services.tls.presented_chain.issuer_dn | text | Distinguished name of the entity that has signed and issued the certificate. |
services.tls.presented_chain.subject_dn | text | Distinguished name of the entity that the certificate belongs to. |
services.tls.server_key_exchange | object | |
services.tls.server_key_exchange.ec_params | object | Elliptic-Curve key exchange parameters used. |
services.tls.server_key_exchange.ec_params.named_curve | unsigned_long | Elliptic-Curve ID value. |
services.tls.server_key_exchange.ec_params.public_key | text | |
services.tls.session_ticket | object | The new session ticket sent by the server to the client. |
services.tls.session_ticket.length | unsigned_long | |
services.tls.session_ticket.lifetime_hint | unsigned_long | Hint from server about how long the session ticket should be stored. |
services.tls.version_selected | text | Certificate version v1(0), v2(1), v3(2). |
services.tls.versions | object | |
services.tls.versions.ja3s | text | |
services.tls.versions.ja4s | text | |
services.tls.versions.tls_version | text |
HTTP
Path | Type | Docs |
---|---|---|
services.http | object | |
services.http.request | object | |
services.http.request.body | text | The body sent in the HTTP request, always empty. |
services.http.request.headers | nested | The key:value header pairs included in the HTTP request, which always includes a Censys User-Agent. |
services.http.request.headers.key | text | |
services.http.request.headers.value | object | |
services.http.request.headers.value.headers | text | The values provided in the corresponding header. |
services.http.request.method | text | The HTTP method used for the request, always "GET". |
services.http.request.uri | text | The full path used to make the request, which includes the scheme, host, port (when non-standard), and endpoint. |
services.http.response | object | |
services.http.response.body | text | The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available. |
services.http.response.body_hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.http.response.body_size | integer | The length, in bytes, of services.http.response.body; at most, 64KB. |
services.http.response.favicons | object | |
services.http.response.favicons.hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.http.response.favicons.md5_hash | keyword | The hexadecimal MD5 digest of the favicon. |
services.http.response.favicons.name | text | The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved. |
services.http.response.favicons.shodan_hash | integer | A hash expressed as a signed decimal integer, provided for compatability with Shodan search. |
services.http.response.favicons.size | integer | The size of the favicon retrieved, in bytes. |
services.http.response.headers | nested | The key-value header pairs included in the response. |
services.http.response.headers.key | text | |
services.http.response.headers.value | object | |
services.http.response.headers.value.headers | text | The values provided in the corresponding header. |
services.http.response.html_tags | text | A list of the <title> and <meta> tags from services.http.response.body. |
services.http.response.html_title | text | The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present. |
services.http.response.protocol | text | The protocol field of the response, which includes the claimed HTTP version number. |
services.http.response.status_code | integer | A 3-digit integer result code indicating the result of the services.http.request. |
services.http.response.status_reason | text | A human-readable phrase describing the status code. |
services.http.supports_http2 | boolean | Whether a HTTP/2 handshake with the server succeeded. |
SSH
Path | Type | Docs |
---|---|---|
services.ssh | object | |
services.ssh.algorithm_selection | object | |
services.ssh.algorithm_selection.client_to_server_alg_group | object | |
services.ssh.algorithm_selection.client_to_server_alg_group.cipher | text | |
services.ssh.algorithm_selection.client_to_server_alg_group.compression | text | |
services.ssh.algorithm_selection.client_to_server_alg_group.mac | text | |
services.ssh.algorithm_selection.host_key_algorithm | text | |
services.ssh.algorithm_selection.kex_algorithm | text | |
services.ssh.algorithm_selection.server_to_client_alg_group | object | |
services.ssh.algorithm_selection.server_to_client_alg_group.cipher | text | |
services.ssh.algorithm_selection.server_to_client_alg_group.compression | text | |
services.ssh.algorithm_selection.server_to_client_alg_group.mac | text | |
services.ssh.endpoint_id | object | |
services.ssh.endpoint_id.comment | text | |
services.ssh.endpoint_id.protocol_version | text | |
services.ssh.endpoint_id.raw | text | |
services.ssh.endpoint_id.software_version | text | |
services.ssh.hassh_fingerprint | text | |
services.ssh.kex_init_message | object | |
services.ssh.kex_init_message.client_to_server_ciphers | text | A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values. |
services.ssh.kex_init_message.client_to_server_compression | text | A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values. |
services.ssh.kex_init_message.client_to_server_languages | text | A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt. |
services.ssh.kex_init_message.client_to_server_macs | text | A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values. |
services.ssh.kex_init_message.first_kex_follows | boolean | |
services.ssh.kex_init_message.host_key_algorithms | text | Asymmetric key algorithms for the host key supported by the client. |
services.ssh.kex_init_message.kex_algorithms | text | Key exchange algorithms used in the handshake. |
services.ssh.kex_init_message.server_to_client_ciphers | text | A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values. |
services.ssh.kex_init_message.server_to_client_compression | text | A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values. |
services.ssh.kex_init_message.server_to_client_languages | text | A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt. |
services.ssh.kex_init_message.server_to_client_macs | text | A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values. |
services.ssh.server_host_key | object | |
services.ssh.server_host_key.certkey_public_key | text | |
services.ssh.server_host_key.dsa_public_key | object | |
services.ssh.server_host_key.dsa_public_key.g | text | |
services.ssh.server_host_key.dsa_public_key.p | text | |
services.ssh.server_host_key.dsa_public_key.q | text | |
services.ssh.server_host_key.dsa_public_key.y | text | |
services.ssh.server_host_key.ecdsa_public_key | object | |
services.ssh.server_host_key.ecdsa_public_key.b | text | |
services.ssh.server_host_key.ecdsa_public_key.curve | keyword | |
services.ssh.server_host_key.ecdsa_public_key.gx | text | |
services.ssh.server_host_key.ecdsa_public_key.gy | text | |
services.ssh.server_host_key.ecdsa_public_key.length | unsigned_long | |
services.ssh.server_host_key.ecdsa_public_key.n | text | |
services.ssh.server_host_key.ecdsa_public_key.p | text | |
services.ssh.server_host_key.ecdsa_public_key.pub | text | |
services.ssh.server_host_key.ecdsa_public_key.x | text | |
services.ssh.server_host_key.ecdsa_public_key.y | text | |
services.ssh.server_host_key.ed25519_public_key | object | |
services.ssh.server_host_key.ed25519_public_key.public_bytes | text | |
services.ssh.server_host_key.fingerprint_sha256 | text | |
services.ssh.server_host_key.rsa_public_key | object | |
services.ssh.server_host_key.rsa_public_key.exponent | text | |
services.ssh.server_host_key.rsa_public_key.length | unsigned_long | |
services.ssh.server_host_key.rsa_public_key.modulus | text |
TELNET
Path | Type | Docs |
---|---|---|
services.telnet | object | |
services.telnet.banner | text | |
services.telnet.do | object | |
services.telnet.do.key | unsigned_long | |
services.telnet.do.value | text | |
services.telnet.dont | object | |
services.telnet.dont.key | unsigned_long | |
services.telnet.dont.value | text | |
services.telnet.will | object | |
services.telnet.will.key | unsigned_long | |
services.telnet.will.value | text | |
services.telnet.wont | object | |
services.telnet.wont.key | unsigned_long | |
services.telnet.wont.value | text |
FTP
Path | Type | Docs |
---|---|---|
services.ftp | object | |
services.ftp.auth_ssl_response | text | |
services.ftp.auth_tls_response | text | |
services.ftp.banner | text | |
services.ftp.implicit_tls | boolean | |
services.ftp.status_code | integer | |
services.ftp.status_meaning | text |
DNS
Path | Type | Docs |
---|---|---|
services.dns | object | |
services.dns.additionals | object | A list of resource records (RRs) contained in the ADDITIONAL section of the response. |
services.dns.additionals.name | text | The Fully Qualified Domain Name (FQDN) this RR is for. |
services.dns.additionals.response | text | The RDATA field of the RR. |
services.dns.additionals.type | text | An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name". |
services.dns.answers | object | A list of resource records (RRs) contained in the ANSWER section of the response. |
services.dns.answers.name | text | The Fully Qualified Domain Name (FQDN) this RR is for. |
services.dns.answers.response | text | The RDATA field of the RR. |
services.dns.answers.type | text | An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name". |
services.dns.authorities | object | A list of resource records (RRs) contained in the AUTHORITIES section of the response. |
services.dns.authorities.name | text | The Fully Qualified Domain Name (FQDN) this RR is for. |
services.dns.authorities.response | text | The RDATA field of the RR. |
services.dns.authorities.type | text | An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name". |
services.dns.edns | object | |
services.dns.edns.do | boolean | |
services.dns.edns.options | text | |
services.dns.edns.udp | unsigned_long | |
services.dns.edns.version | unsigned_long | |
services.dns.questions | object | A list of resource records (RRs) contained in the QUESTION section of the response, which may echo the request that the server is responding to. |
services.dns.questions.name | text | The Fully Qualified Domain Name (FQDN) this RR is for. |
services.dns.questions.response | text | The RDATA field of the RR. |
services.dns.questions.type | text | An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name". |
services.dns.r_code | text | A enumerated field indicating the result of the request. The most common values are defined in RFC 1035. |
services.dns.resolves_correctly | boolean | Whether the server returns an IP address for ip.parrotdns.com that matches the authoritative server, which is controlled by Censys. |
services.dns.server_type | text | An enumerated value indicating the behavior of the server. An AUTHORITATIVE server fulfills requests for domain names it controls, which are not listed by the server. FORWARDING and RECURSIVE_RESOLVER servers fulfill requests indirectly for domain names they do not control. A RECURSIVE_RESOLVER will query ip.parrotdns.com itself, resulting in its own IP address being present in the dns.answers.response field. |
services.dns.version | text |
ACTIVEMQ
Path | Type | Docs |
---|---|---|
services.parsed.activemq | object | |
services.parsed.activemq.cache_enabled | boolean | |
services.parsed.activemq.cache_size | long | |
services.parsed.activemq.max_frame_size | long | |
services.parsed.activemq.max_inactivity_duration | long | |
services.parsed.activemq.platform_details | text | |
services.parsed.activemq.provider_name | text | |
services.parsed.activemq.provider_version | text | |
services.parsed.activemq.size_prefix_disabled | boolean | |
services.parsed.activemq.stack_trace_enabled | boolean | |
services.parsed.activemq.tight_encoding_enabled | boolean |
AMQP
Path | Type | Docs |
---|---|---|
services.amqp | object | |
services.amqp.explicit_tls | boolean | Connected via a TLS connection after initial handshake |
services.amqp.implicit_tls | boolean | Connected via a TLS wrapped connection (AMQPS) |
services.amqp.protocol_id | object | |
services.amqp.protocol_id.id | unsigned_long | |
services.amqp.protocol_id.name | text | |
services.amqp.version | object | |
services.amqp.version.major | unsigned_long | |
services.amqp.version.minor | unsigned_long | |
services.amqp.version.revision | unsigned_long |
ANY_CONNECT
Path | Type | Docs |
---|---|---|
services.any_connect | object | |
services.any_connect.aggregate_auth_version | integer | Version number indicated by the response for config-auth exchange |
services.any_connect.auth_methods | text | Supported methods for users to enter credentials for this VPN |
services.any_connect.groups | text | List of groups a user can authenticate with to use this VPN |
services.any_connect.raw | text | XML content of the config-auth response |
services.any_connect.response_type | text | Type of the response packet received after initializing the config-auth exchange |
BACNET
Path | Type | Docs |
---|---|---|
services.bacnet | object | |
services.bacnet.application_software_revision | text | |
services.bacnet.description | text | |
services.bacnet.firmware_revision | text | |
services.bacnet.instance_number | unsigned_long | |
services.bacnet.location | text | |
services.bacnet.model_name | text | |
services.bacnet.object_name | text | |
services.bacnet.vendor_id | unsigned_long | |
services.bacnet.vendor_name | text |
CHECKPOINT_TOPOLOGY
Path | Type | Docs |
---|---|---|
services.parsed.checkpoint_topology | object | |
services.parsed.checkpoint_topology.common_name | text | |
services.parsed.checkpoint_topology.organization | text |
CHROMECAST
Path | Type | Docs |
---|---|---|
services.parsed.chromecast | object | |
services.parsed.chromecast.applications | object | |
services.parsed.chromecast.applications.app_id | text | |
services.parsed.chromecast.applications.app_type | text | |
services.parsed.chromecast.applications.display_name | text | |
services.parsed.chromecast.applications.namespaces | object | |
services.parsed.chromecast.applications.namespaces.name | text | |
services.parsed.chromecast.applications.session_id | text | |
services.parsed.chromecast.applications.transport_id | text | |
services.parsed.chromecast.protocol_version | long | |
services.parsed.chromecast.volume | object | |
services.parsed.chromecast.volume.control_type | text | |
services.parsed.chromecast.volume.level | float | |
services.parsed.chromecast.volume.muted | boolean | |
services.parsed.chromecast.volume.step_interval | float |
CISCO_IPSLA
Path | Type | Docs |
---|---|---|
services.parsed.cisco_ipsla | object | |
services.parsed.cisco_ipsla.handshake | object | |
services.parsed.cisco_ipsla.handshake.header | object | |
services.parsed.cisco_ipsla.handshake.header.length | long | |
services.parsed.cisco_ipsla.handshake.header.seq | long | |
services.parsed.cisco_ipsla.handshake.header.unknown | long | |
services.parsed.cisco_ipsla.handshake.header.version | long | |
services.parsed.cisco_ipsla.handshake.message | object | |
services.parsed.cisco_ipsla.handshake.message.ip | text | |
services.parsed.cisco_ipsla.handshake.message.length | long | |
services.parsed.cisco_ipsla.handshake.message.port | long | |
services.parsed.cisco_ipsla.handshake.message.type | long |
COAP
Path | Type | Docs |
---|---|---|
services.coap | object | |
services.coap.code | text | |
services.coap.message_id | unsigned_long | |
services.coap.message_type | text | |
services.coap.payload | text | |
services.coap.token | text | |
services.coap.version | unsigned_long |
COBALT_STRIKE
Path | Type | Docs |
---|---|---|
services.cobalt_strike | object | |
services.cobalt_strike.x64 | object | |
services.cobalt_strike.x64.cookie_beacon | unsigned_long | |
services.cobalt_strike.x64.crypto_scheme | unsigned_long | |
services.cobalt_strike.x64.dns | boolean | |
services.cobalt_strike.x64.http_get | object | |
services.cobalt_strike.x64.http_get.client | text | |
services.cobalt_strike.x64.http_get.uri | text | |
services.cobalt_strike.x64.http_get.verb | text | |
services.cobalt_strike.x64.http_post | object | |
services.cobalt_strike.x64.http_post.client | text | |
services.cobalt_strike.x64.http_post.uri | text | |
services.cobalt_strike.x64.http_post.verb | text | |
services.cobalt_strike.x64.jitter | unsigned_long | |
services.cobalt_strike.x64.killdate | unsigned_long | |
services.cobalt_strike.x64.post_ex | object | |
services.cobalt_strike.x64.post_ex.x64 | text | |
services.cobalt_strike.x64.post_ex.x86 | text | |
services.cobalt_strike.x64.public_key | text | |
services.cobalt_strike.x64.sleep_time | unsigned_long | |
services.cobalt_strike.x64.ssl | boolean | |
services.cobalt_strike.x64.unknown_bytes | object | |
services.cobalt_strike.x64.unknown_bytes.key | unsigned_long | |
services.cobalt_strike.x64.unknown_bytes.value | text | |
services.cobalt_strike.x64.unknown_int | object | |
services.cobalt_strike.x64.unknown_int.key | unsigned_long | |
services.cobalt_strike.x64.unknown_int.value | unsigned_long | |
services.cobalt_strike.x64.user_agent | text | |
services.cobalt_strike.x64.watermark | unsigned_long | |
services.cobalt_strike.x86 | object | |
services.cobalt_strike.x86.cookie_beacon | unsigned_long | |
services.cobalt_strike.x86.crypto_scheme | unsigned_long | |
services.cobalt_strike.x86.dns | boolean | |
services.cobalt_strike.x86.http_get | object | |
services.cobalt_strike.x86.http_get.client | text | |
services.cobalt_strike.x86.http_get.uri | text | |
services.cobalt_strike.x86.http_get.verb | text | |
services.cobalt_strike.x86.http_post | object | |
services.cobalt_strike.x86.http_post.client | text | |
services.cobalt_strike.x86.http_post.uri | text | |
services.cobalt_strike.x86.http_post.verb | text | |
services.cobalt_strike.x86.jitter | unsigned_long | |
services.cobalt_strike.x86.killdate | unsigned_long | |
services.cobalt_strike.x86.post_ex | object | |
services.cobalt_strike.x86.post_ex.x64 | text | |
services.cobalt_strike.x86.post_ex.x86 | text | |
services.cobalt_strike.x86.public_key | text | |
services.cobalt_strike.x86.sleep_time | unsigned_long | |
services.cobalt_strike.x86.ssl | boolean | |
services.cobalt_strike.x86.unknown_bytes | object | |
services.cobalt_strike.x86.unknown_bytes.key | unsigned_long | |
services.cobalt_strike.x86.unknown_bytes.value | text | |
services.cobalt_strike.x86.unknown_int | object | |
services.cobalt_strike.x86.unknown_int.key | unsigned_long | |
services.cobalt_strike.x86.unknown_int.value | unsigned_long | |
services.cobalt_strike.x86.user_agent | text | |
services.cobalt_strike.x86.watermark | unsigned_long |
CRESTRON_CP3
Path | Type | Docs |
---|---|---|
services.parsed.crestron_cp3 | object | |
services.parsed.crestron_cp3.version_string | text |
CWMP
Path | Type | Docs |
---|---|---|
services.cwmp | object | |
services.cwmp.http_info | object | |
services.cwmp.http_info.body | text | The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available. |
services.cwmp.http_info.body_hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.cwmp.http_info.body_size | integer | The length, in bytes, of services.http.response.body; at most, 64KB. |
services.cwmp.http_info.favicons | object | |
services.cwmp.http_info.favicons.hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.cwmp.http_info.favicons.md5_hash | keyword | The hexadecimal MD5 digest of the favicon. |
services.cwmp.http_info.favicons.name | text | The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved. |
services.cwmp.http_info.favicons.shodan_hash | integer | A hash expressed as a signed decimal integer, provided for compatability with Shodan search. |
services.cwmp.http_info.favicons.size | integer | The size of the favicon retrieved, in bytes. |
services.cwmp.http_info.headers | nested | The key-value header pairs included in the response. |
services.cwmp.http_info.headers.key | text | |
services.cwmp.http_info.headers.value | object | |
services.cwmp.http_info.headers.value.headers | text | The values provided in the corresponding header. |
services.cwmp.http_info.html_tags | text | A list of the <title> and <meta> tags from services.http.response.body. |
services.cwmp.http_info.html_title | text | The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present. |
services.cwmp.http_info.protocol | text | The protocol field of the response, which includes the claimed HTTP version number. |
services.cwmp.http_info.status_code | integer | A 3-digit integer result code indicating the result of the services.http.request. |
services.cwmp.http_info.status_reason | text | A human-readable phrase describing the status code. |
services.parsed.cwmp | object | |
services.parsed.cwmp.auth | text | |
services.parsed.cwmp.cookies | text | |
services.parsed.cwmp.server | text |
DCERPC
Path | Type | Docs |
---|---|---|
services.parsed.dcerpc | object | |
services.parsed.dcerpc.could_bind | boolean | |
services.parsed.dcerpc.could_query_epm | boolean | |
services.parsed.dcerpc.endpoints | object | |
services.parsed.dcerpc.endpoints.bindings | text | |
services.parsed.dcerpc.endpoints.executable | text | |
services.parsed.dcerpc.endpoints.explained_uuid | text | |
services.parsed.dcerpc.endpoints.protocol | text |
DHCPDISCOVER
Path | Type | Docs |
---|---|---|
services.parsed.dhcpdiscover | object | |
services.parsed.dhcpdiscover.method | text | |
services.parsed.dhcpdiscover.params | object | |
services.parsed.dhcpdiscover.params.device_info | object | |
services.parsed.dhcpdiscover.params.device_info.alarm_input_channels | long | |
services.parsed.dhcpdiscover.params.device_info.alarm_output_channels | long | |
services.parsed.dhcpdiscover.params.device_info.device_class | text | |
services.parsed.dhcpdiscover.params.device_info.device_id | text | |
services.parsed.dhcpdiscover.params.device_info.device_type | text | |
services.parsed.dhcpdiscover.params.device_info.http_port | long | |
services.parsed.dhcpdiscover.params.device_info.ipv4_address | object | |
services.parsed.dhcpdiscover.params.device_info.ipv4_address.default_gateway | text | |
services.parsed.dhcpdiscover.params.device_info.ipv4_address.dhcp_enable | boolean | |
services.parsed.dhcpdiscover.params.device_info.ipv4_address.ip_address | text | |
services.parsed.dhcpdiscover.params.device_info.ipv4_address.subnetmask | text | |
services.parsed.dhcpdiscover.params.device_info.ipv6_address | object | |
services.parsed.dhcpdiscover.params.device_info.ipv6_address.default_gateway | text | |
services.parsed.dhcpdiscover.params.device_info.ipv6_address.dhcp_enable | boolean | |
services.parsed.dhcpdiscover.params.device_info.ipv6_address.ip_address | text | |
services.parsed.dhcpdiscover.params.device_info.ipv6_address.link_local_address | text | |
services.parsed.dhcpdiscover.params.device_info.machine_group | text | |
services.parsed.dhcpdiscover.params.device_info.machine_name | text | |
services.parsed.dhcpdiscover.params.device_info.manufacturer | text | |
services.parsed.dhcpdiscover.params.device_info.port | long | |
services.parsed.dhcpdiscover.params.device_info.remote_video_input_channels | long | |
services.parsed.dhcpdiscover.params.device_info.serial_no | text | |
services.parsed.dhcpdiscover.params.device_info.unlogin_func_mask | long | |
services.parsed.dhcpdiscover.params.device_info.vendor | text | |
services.parsed.dhcpdiscover.params.device_info.version | text | |
services.parsed.dhcpdiscover.params.device_info.video_input_channels | long | |
services.parsed.dhcpdiscover.params.device_info.video_output_channels | long |
DVR_IP
Path | Type | Docs |
---|---|---|
services.parsed.dvr_ip | object | |
services.parsed.dvr_ip.function_capability | text | |
services.parsed.dvr_ip.function_list | text | |
services.parsed.dvr_ip.hard_drive | text | |
services.parsed.dvr_ip.language_support | text | |
services.parsed.dvr_ip.network_status | text | |
services.parsed.dvr_ip.oem_info | text | |
services.parsed.dvr_ip.partition_capability | object | |
services.parsed.dvr_ip.partition_capability.max_partition_number | long | |
services.parsed.dvr_ip.partition_capability.supported | boolean | |
services.parsed.dvr_ip.serial | text | |
services.parsed.dvr_ip.split_screen_capability | text | |
services.parsed.dvr_ip.version | text | |
services.parsed.dvr_ip.wireless_alarm_capability | text |
EIP
Path | Type | Docs |
---|---|---|
services.parsed.eip | object | |
services.parsed.eip.identity | object | |
services.parsed.eip.identity.device_type | text | |
services.parsed.eip.identity.device_type_code | long | |
services.parsed.eip.identity.product_code | long | |
services.parsed.eip.identity.product_name | text | |
services.parsed.eip.identity.revision | text | |
services.parsed.eip.identity.serial_number | long | |
services.parsed.eip.identity.socket_addr | text | |
services.parsed.eip.identity.socket_port | long | |
services.parsed.eip.identity.state | long | |
services.parsed.eip.identity.status | long | |
services.parsed.eip.identity.vendor_id | text | |
services.parsed.eip.identity.vendor_name | text | |
services.parsed.eip.interfaces | object | |
services.parsed.eip.interfaces.index | long | |
services.parsed.eip.interfaces.name | text | |
services.parsed.eip.services | object | |
services.parsed.eip.services.capabilities | long | |
services.parsed.eip.services.service_name | text | |
services.parsed.eip.services.supports_tcp | boolean | |
services.parsed.eip.services.supports_udp | boolean |
ELASTICSEARCH
Path | Type | Docs |
---|---|---|
services.elasticsearch | object | |
services.elasticsearch.http_info | object | Information about the underlying HTTP connection. |
services.elasticsearch.http_info.headers | nested | The key-value header pairs included in the response to the request for the root endpoint (/). |
services.elasticsearch.http_info.headers.key | text | |
services.elasticsearch.http_info.headers.value | object | |
services.elasticsearch.http_info.headers.value.headers | text | The values provided in the corresponding header. |
services.elasticsearch.http_info.status | text | A human-readable phrase describing the status code. |
services.elasticsearch.http_info.status_code | integer | A 3-digit integer result code indicating the response to a request for the root endpoint (/). |
services.elasticsearch.node_info | object | |
services.elasticsearch.node_info.cluster_combined_info | object | |
services.elasticsearch.node_info.cluster_combined_info.filesystem | object | |
services.elasticsearch.node_info.cluster_combined_info.filesystem.available | text | The amount of free disk space that the node can utilize, in an easy-to-read format. |
services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes | unsigned_long | The amount of free disk space that the node can utilize, in bytes. |
services.elasticsearch.node_info.cluster_combined_info.filesystem.free | text | The total amount of unallocated disk space on the node, in an easy-to-read format. |
services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes | unsigned_long | The total amount of unallocated disk space on the node, in bytes. |
services.elasticsearch.node_info.cluster_combined_info.filesystem.total | text | The total amount of disk space on the node, in an easy-to-read format. |
services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes | unsigned_long | The total amount of disk space on the node, in bytes. |
services.elasticsearch.node_info.cluster_combined_info.indices | object | |
services.elasticsearch.node_info.cluster_combined_info.indices.count | unsigned_long | The number of indices on the node. |
services.elasticsearch.node_info.cluster_combined_info.indices.docs | object | |
services.elasticsearch.node_info.cluster_combined_info.indices.docs.count | unsigned_long | The total number of documents across all indices on this node. |
services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted | unsigned_long | The total number of deleted documents across all indices on this node. |
services.elasticsearch.node_info.cluster_combined_info.indices.store | object | |
services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes | unsigned_long | A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities. |
services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes | unsigned_long | The total amount of disk space on the node, in bytes. |
services.elasticsearch.node_info.cluster_combined_info.name | text | |
services.elasticsearch.node_info.cluster_combined_info.status | text | An enumerated value representing the health status of the cluster. Green signifies no issues, yellow signifies that at least one replica shard is unassigned, and red signifies that at least one primary shard is unassigned. |
services.elasticsearch.node_info.cluster_combined_info.timestamp | unsigned_long | The last time the cluster statistics were refreshed, in unix milliseconds. |
services.elasticsearch.node_info.cluster_combined_info.uuid | text | The unique identifier for the cluster. |
services.elasticsearch.node_info.nodes | object | |
services.elasticsearch.node_info.nodes.node_data | object | |
services.elasticsearch.node_info.nodes.node_data.build_flavor | text | An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown". |
services.elasticsearch.node_info.nodes.node_data.build_hash | text | The short hash of the git commit used to compile this version of the software. |
services.elasticsearch.node_info.nodes.node_data.build_type | text | An enumerated value indicating the file format in which the Elasticsearch executable was retrieved. |
services.elasticsearch.node_info.nodes.node_data.host | text | The self-reported identifier of the node. |
services.elasticsearch.node_info.nodes.node_data.ingest_processors | text | A list of the types of data processors the node has available. |
services.elasticsearch.node_info.nodes.node_data.ip | ip | The IP address of the node. |
services.elasticsearch.node_info.nodes.node_data.jvm | object | Information about the node's Java Virtual Machine configuration. |
services.elasticsearch.node_info.nodes.node_data.jvm.gc | text | A list of the garbage-collection algorithms in use. |
services.elasticsearch.node_info.nodes.node_data.jvm.input_args | text | The command-line arguments provided to the Java Virtual Machine. |
services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools | text | |
services.elasticsearch.node_info.nodes.node_data.jvm.start_time | text | |
services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms | unsigned_long | The time the Java Virtual Machine was started, in unix milliseconds. |
services.elasticsearch.node_info.nodes.node_data.jvm.version | text | The version of Java the Java Virtual Machine is using. |
services.elasticsearch.node_info.nodes.node_data.jvm.vm_name | text | The name of the Java Virtual Machine the node is using (e.g. OpenJDK). |
services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor | text | The name of the person or organization that created or maintains the version of the Java Virtual Machine. |
services.elasticsearch.node_info.nodes.node_data.jvm.vm_version | text | The version of the Java Virtual Machine the node is using. |
services.elasticsearch.node_info.nodes.node_data.modules | object | |
services.elasticsearch.node_info.nodes.node_data.modules.class_name | text | |
services.elasticsearch.node_info.nodes.node_data.modules.desc | text | |
services.elasticsearch.node_info.nodes.node_data.modules.elastic_version | text | |
services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins | text | |
services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl | boolean | |
services.elasticsearch.node_info.nodes.node_data.modules.java_version | text | |
services.elasticsearch.node_info.nodes.node_data.modules.name | text | |
services.elasticsearch.node_info.nodes.node_data.modules.version | text | |
services.elasticsearch.node_info.nodes.node_data.name | text | |
services.elasticsearch.node_info.nodes.node_data.os | object | |
services.elasticsearch.node_info.nodes.node_data.os.allocated_proc | integer | The number of processors used by the node to calculate its thread pool size. |
services.elasticsearch.node_info.nodes.node_data.os.arch | text | The name of the Java Virtual Machine architecture used by the node. |
services.elasticsearch.node_info.nodes.node_data.os.available_proc | integer | The number of processors available to the Java Virtual Machine. |
services.elasticsearch.node_info.nodes.node_data.os.name | text | The simplified name of the operating system used by the node. |
services.elasticsearch.node_info.nodes.node_data.os.pretty_name | text | The full name of the operating system used by the node, which may include the distribution and version number. |
services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms | unsigned_long | How often the node's processor statistics are refreshed, in milliseconds. |
services.elasticsearch.node_info.nodes.node_data.os.version | text | |
services.elasticsearch.node_info.nodes.node_data.roles | text | |
services.elasticsearch.node_info.nodes.node_data.settings | object | |
services.elasticsearch.node_info.nodes.node_data.settings.cluster_name | text | The name of the cluster the node belongs to. |
services.elasticsearch.node_info.nodes.node_data.settings.node | object | |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr | object | |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml | object | |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled | text | Whether the Elasticsearch machine-learning APIs are enabled on the node. |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory | text | |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs | text | The maximum number of jobs that can run simultaneously on a node. |
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed | text | Whether X-Pack, an Elasticsearch expansion included by default, is installed. |
services.elasticsearch.node_info.nodes.node_data.settings.node.name | text | The name of the node. |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list | object | |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive | text | How long an idle thread should remain in the thread pool. |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max | integer | The maximum number of threads in the thread pool. |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min | integer | The minimum number of threads in the thread pool. |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size | integer | When applicable, the number of incoming requests to queue if there is not a thread available to execute them. |
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type | text | The strategy used to assign incoming requests to an execution thread. |
services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer | unsigned_long | The amount of memory used to hold recently indexed documents before writing them to disk, in bytes. |
services.elasticsearch.node_info.nodes.node_data.version | text | The Elasticsearch version running on this node. |
services.elasticsearch.node_info.nodes.node_name | text | The name of the node. |
services.elasticsearch.system_info | object | |
services.elasticsearch.system_info.cluster_uuid | text | The unique identifier for the cluster. |
services.elasticsearch.system_info.name | text | The name of the cluster. |
services.elasticsearch.system_info.tagline | text | A snippet describing the server. By default, it is "You Know, for Search" |
services.elasticsearch.system_info.version | object | Version information and accompanying metadata, such as the build date and compatibility information. |
services.elasticsearch.system_info.version.build_date | text | The date this version of the software was compiled. |
services.elasticsearch.system_info.version.build_flavor | text | An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown". |
services.elasticsearch.system_info.version.build_hash | text | The short hash of the git commit used to compile this version of the software. |
services.elasticsearch.system_info.version.build_snapshot | boolean | Whether the server is running a snapshot version. |
services.elasticsearch.system_info.version.build_type | text | An enumerated value indicating the file format in which the Elasticsearch executable was retrieved. |
services.elasticsearch.system_info.version.lucene_version | text | The version of Lucene used by the server. |
services.elasticsearch.system_info.version.min_idx_compat_ver | text | The minimum version of the Elasticsearch wire protocol compatible with the server. |
services.elasticsearch.system_info.version.min_wire_compat_ver | text | The minimum version of indices that the server supports. |
services.elasticsearch.system_info.version.number | text | The version number. |
ELF_FILE
Path | Type | Docs |
---|---|---|
services.parsed.elf_file | object | |
services.parsed.elf_file.class | text | |
services.parsed.elf_file.data | text | |
services.parsed.elf_file.machine | text | |
services.parsed.elf_file.os_abi | text | |
services.parsed.elf_file.type | text |
ETCD
Path | Type | Docs |
---|---|---|
services.parsed.etcd | object | |
services.parsed.etcd.tls | boolean | |
services.parsed.etcd.v2 | object | |
services.parsed.etcd.v2.auth | object | |
services.parsed.etcd.v2.auth.enabled | boolean | |
services.parsed.etcd.v2.members | object | |
services.parsed.etcd.v2.members.client_urls | text | |
services.parsed.etcd.v2.members.id | text | |
services.parsed.etcd.v2.members.name | text | |
services.parsed.etcd.v2.members.peer_urls | text | |
services.parsed.etcd.v3 | object | |
services.parsed.etcd.v3.auth | object | |
services.parsed.etcd.v3.auth.enabled | boolean | |
services.parsed.etcd.v3.members | object | |
services.parsed.etcd.v3.members.client_urls | text | |
services.parsed.etcd.v3.members.id | text | |
services.parsed.etcd.v3.members.name | text | |
services.parsed.etcd.v3.members.peer_urls | text | |
services.parsed.etcd.v3.total_keys | long | |
services.parsed.etcd.version | object | |
services.parsed.etcd.version.etcdcluster | text | |
services.parsed.etcd.version.etcdserver | text |
ETHEREUM
Path | Type | Docs |
---|---|---|
services.parsed.ethereum | object | |
services.parsed.ethereum.accounts | text | |
services.parsed.ethereum.hashrate | text | |
services.parsed.ethereum.version | object | |
services.parsed.ethereum.version.client | text | |
services.parsed.ethereum.version.compiler | text | |
services.parsed.ethereum.version.platform | text | |
services.parsed.ethereum.version.trailing | text | |
services.parsed.ethereum.version.version | text |
FORTIGATE
Path | Type | Docs |
---|---|---|
services.fortigate | object | |
services.fortigate.api_version | text | |
services.fortigate.build | integer | |
services.fortigate.http_info | object | |
services.fortigate.http_info.headers | nested | |
services.fortigate.http_info.headers.key | text | |
services.fortigate.http_info.headers.value | object | |
services.fortigate.http_info.headers.value.headers | text | The values provided in the corresponding header. |
services.fortigate.http_info.status | text | Status message received from hitting 404 /censys.inspect. |
services.fortigate.http_info.status_code | unsigned_long | Status code received from hitting /censys.inspect. |
services.fortigate.serial | text | |
services.fortigate.status_code | integer | |
services.fortigate.status_msg | text | |
services.fortigate.version | text |
FOX
Path | Type | Docs |
---|---|---|
services.fox | object | |
services.fox.app_name | text | |
services.fox.app_version | text | |
services.fox.auth_agent_type | text | |
services.fox.brand_id | text | |
services.fox.host_address | text | |
services.fox.hostid | text | |
services.fox.hostname | text | |
services.fox.id | unsigned_long | |
services.fox.language | text | |
services.fox.os_name | text | |
services.fox.os_version | text | |
services.fox.station_name | text | |
services.fox.sys_info | text | |
services.fox.time_zone | text | |
services.fox.version | text | |
services.fox.vm_name | text | |
services.fox.vm_uuid | text | |
services.fox.vm_version | text |
GEARMAN
Path | Type | Docs |
---|---|---|
services.parsed.gearman | object | |
services.parsed.gearman.status | object | |
services.parsed.gearman.status.available_workers | long | |
services.parsed.gearman.status.function | text | |
services.parsed.gearman.status.running | long | |
services.parsed.gearman.status.total | long | |
services.parsed.gearman.version | text | |
services.parsed.gearman.workers | object | |
services.parsed.gearman.workers.client_id | text | |
services.parsed.gearman.workers.fd | text | |
services.parsed.gearman.workers.functions | text | |
services.parsed.gearman.workers.ip | text |
HID_VERTX
Path | Type | Docs |
---|---|---|
services.parsed.hid_vertx | object | |
services.parsed.hid_vertx.firmware_date | text | |
services.parsed.hid_vertx.id | text | |
services.parsed.hid_vertx.ip | text | |
services.parsed.hid_vertx.mac_address | text | |
services.parsed.hid_vertx.make_model | text | |
services.parsed.hid_vertx.model | text | |
services.parsed.hid_vertx.version | text |
HIKVISION
Path | Type | Docs |
---|---|---|
services.parsed.hikvision | object | |
services.parsed.hikvision.custom_version | text | |
services.parsed.hikvision.platforms | object | |
services.parsed.hikvision.platforms.libraries | object | |
services.parsed.hikvision.platforms.libraries.name | text | |
services.parsed.hikvision.platforms.libraries.version | text | |
services.parsed.hikvision.platforms.name | text | |
services.parsed.hikvision.plugin_version | text | |
services.parsed.hikvision.web_version | text |
IBMNJE
Path | Type | Docs |
---|---|---|
services.parsed.ibmnje | object | |
services.parsed.ibmnje.ohost | text | |
services.parsed.ibmnje.oip | text | |
services.parsed.ibmnje.r | long | |
services.parsed.ibmnje.rhost | text | |
services.parsed.ibmnje.rip | text | |
services.parsed.ibmnje.type | text |
IKE
Path | Type | Docs |
---|---|---|
services.ike | object | |
services.ike.v1 | object | |
services.ike.v1.accepted_proposal | boolean | Did the host accept our security proposal? When false, the host responded with an error. |
services.ike.v1.notify_message_types | unsigned_long | Which types of NOTIFY messages did the host send us? |
services.ike.v1.vendor_ids | text | The list of Vendor ID "extensions" the host claimed to support in its handshake |
services.ike.v2 | object | |
services.ike.v2.accepted_proposal | boolean | |
services.ike.v2.notify_message_types | unsigned_long | |
services.ike.v2.vendor_ids | text |
IMAP
Path | Type | Docs |
---|---|---|
services.imap | object | |
services.imap.banner | text | The IMAP banner. |
services.imap.start_tls | text | The server's response to the STARTTLS command. |
IOTA
Path | Type | Docs |
---|---|---|
services.parsed.iota | object | |
services.parsed.iota.v0_info | object | |
services.parsed.iota.v0_info.features | text | |
services.parsed.iota.v0_info.is_healthy | boolean | |
services.parsed.iota.v0_info.latest_milestone | long | |
services.parsed.iota.v0_info.latest_uncommitted_milestone | long | |
services.parsed.iota.v0_info.name | text | |
services.parsed.iota.v0_info.neighbors | long | |
services.parsed.iota.v0_info.tips | long | |
services.parsed.iota.v0_info.version | text | |
services.parsed.iota.v1_info | object | |
services.parsed.iota.v1_info.confirmed_milestone_index | long | |
services.parsed.iota.v1_info.features | text | |
services.parsed.iota.v1_info.is_healthy | boolean | |
services.parsed.iota.v1_info.latest_milestone_index | long | |
services.parsed.iota.v1_info.name | text | |
services.parsed.iota.v1_info.network_id | text | |
services.parsed.iota.v1_info.version | text | |
services.parsed.iota.v2_info | object | |
services.parsed.iota.v2_info.decimals | long | |
services.parsed.iota.v2_info.features | text | |
services.parsed.iota.v2_info.is_healthy | boolean | |
services.parsed.iota.v2_info.latest_milestone | long | |
services.parsed.iota.v2_info.latest_uncommitted_milestone | long | |
services.parsed.iota.v2_info.network_name | text | |
services.parsed.iota.v2_info.subunit | text | |
services.parsed.iota.v2_info.supported_protocol_versions | long | |
services.parsed.iota.v2_info.ticker_symbol | text | |
services.parsed.iota.v2_info.token_supply | text | |
services.parsed.iota.v2_info.unit | text |
IPMI
Path | Type | Docs |
---|---|---|
services.ipmi | object | |
services.ipmi.capabilities | object | The Get Channel Authentication Capabilities response (section 22.13) |
services.ipmi.capabilities.auth_status | object | The authentication status |
services.ipmi.capabilities.auth_status.anonymous_login_enabled | boolean | If true, the server allows anonymous login. |
services.ipmi.capabilities.auth_status.auth_each_message | boolean | If true, each message must be authenticated. |
services.ipmi.capabilities.auth_status.has_anonymous_users | boolean | If true, the server has anonymous users. |
services.ipmi.capabilities.auth_status.has_named_users | boolean | If true, the server supports named users. |
services.ipmi.capabilities.auth_status.two_key_login_required | boolean | The KG field. |
services.ipmi.capabilities.auth_status.user_auth_disabled | boolean | If true, user authentication is disabled. |
services.ipmi.capabilities.channel_number | integer | The response channel number |
services.ipmi.capabilities.completion_code | object | The status code of the response |
services.ipmi.capabilities.completion_code.name | text | The human-readable name of the code |
services.ipmi.capabilities.completion_code.raw | integer | The raw completion code |
services.ipmi.capabilities.extended_capabilities | object | Extended auth capabilities (if present) |
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5 | boolean | True if IPMI v1.5 is supported |
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0 | boolean | True if IPMI v2.0 is supported |
services.ipmi.capabilities.oem_data | integer | The OEM-specific data |
services.ipmi.capabilities.oem_id | text | The 3-byte OEM identifier |
services.ipmi.capabilities.supported_auth_types | object | The auth types supported by the server |
services.ipmi.capabilities.supported_auth_types.extended | boolean | If true, the extended capabilities are present. |
services.ipmi.capabilities.supported_auth_types.md2 | boolean | True if the MD2 AuthType is supported. |
services.ipmi.capabilities.supported_auth_types.md5 | boolean | True if the MD5 AuthType is supported. |
services.ipmi.capabilities.supported_auth_types.none | boolean | True if the None AuthType is supported. |
services.ipmi.capabilities.supported_auth_types.oem_proprietary | boolean | True if the OEM Proprietary AuthType is supported |
services.ipmi.capabilities.supported_auth_types.password | boolean | True if the Password AuthType is supported. |
services.ipmi.capabilities.supported_auth_types.raw | integer | The raw byte, with the bit mask etc |
services.ipmi.command_payload | object | The IPMI command payload |
services.ipmi.command_payload.checksum_error | boolean | This is set to true if the values of chk1 / chk2 do not match the command data |
services.ipmi.command_payload.data | text | The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse |
services.ipmi.command_payload.ipmi_command_number | object | The parsed IPMI command number |
services.ipmi.command_payload.ipmi_command_number.name | text | The human-readable name of the cmd + NetFn |
services.ipmi.command_payload.ipmi_command_number.raw | integer | The raw value of the cmd value |
services.ipmi.command_payload.network_function_code | object | The NetFn and LUN |
services.ipmi.command_payload.network_function_code.logical_unit_number | object | The parsed LUN (logical unit number -- the lower 2 bits of raw) |
services.ipmi.command_payload.network_function_code.logical_unit_number.name | text | The human-readable name of the LUN |
services.ipmi.command_payload.network_function_code.logical_unit_number.raw | integer | The value of the LUN (3 bits) |
services.ipmi.command_payload.network_function_code.net_fn | object | The parsed NetFn value (the upper 6 bits of raw) |
services.ipmi.command_payload.network_function_code.net_fn.is_request | boolean | True if the least-significant bit is zero |
services.ipmi.command_payload.network_function_code.net_fn.is_response | boolean | True if the least-significant bit is one |
services.ipmi.command_payload.network_function_code.net_fn.name | text | The human-readable name of the NetFn |
services.ipmi.command_payload.network_function_code.net_fn.raw | integer | The raw value of the NetFn (6 bits, least significant indicates request/response) |
services.ipmi.command_payload.network_function_code.net_fn.value | integer | The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even) |
services.ipmi.command_payload.network_function_code.raw | integer | The raw value of the (NetFn << 2) | LUN |
services.ipmi.command_payload.requestor_sequence_number | integer | The request sequence number. |
services.ipmi.raw | text | The raw data returned by the server |
services.ipmi.rmcp_header | object | The RMCP header of the response, (section 13.1.3) |
services.ipmi.rmcp_header.message_class | object | The class of the message. |
services.ipmi.rmcp_header.message_class.class | integer | Just the class part of the byte (lower 5 bits of raw) |
services.ipmi.rmcp_header.message_class.is_ack | boolean | True if the message is an acknowledgment to a previous message. |
services.ipmi.rmcp_header.message_class.name | text | The human-readable name of the message class |
services.ipmi.rmcp_header.message_class.raw | integer | The raw message class byte. |
services.ipmi.rmcp_header.sequence_number | integer | Sequence number of this packet in the session. |
services.ipmi.rmcp_header.version | integer | The version. This scanner supports version 6. |
services.ipmi.session_header | object | The IPMI sesssion header of the response |
services.ipmi.session_header.auth_code | text | The 16-byte authentication code; not present if auth_type is None. |
services.ipmi.session_header.auth_type | object | The authentication type for this request (see section 13.6) |
services.ipmi.session_header.auth_type.name | text | The raw value of the auth_type |
services.ipmi.session_header.auth_type.raw | integer | The raw value of the auth_type |
services.ipmi.session_header.auth_type.type | integer | Just the auth type (reserved bits omitted) |
services.ipmi.session_header.session_id | long | The ID of this sessiod. |
services.ipmi.session_header.session_sequence_number | long | The session sequence number of this packet in the session |
IPP
Path | Type | Docs |
---|---|---|
services.ipp | object | |
services.ipp.attribute_cups_version | text | The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'. |
services.ipp.attribute_ipp_versions | text | Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'. |
services.ipp.attribute_printer_uris | text | Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer. |
services.ipp.attributes | object | All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted. |
services.ipp.attributes.name | text | |
services.ipp.attributes.value_tag | unsigned_long | |
services.ipp.cups_response | object | |
services.ipp.cups_response.body | text | The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available. |
services.ipp.cups_response.body_hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.ipp.cups_response.body_size | integer | The length, in bytes, of services.http.response.body; at most, 64KB. |
services.ipp.cups_response.favicons | object | |
services.ipp.cups_response.favicons.hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.ipp.cups_response.favicons.md5_hash | keyword | The hexadecimal MD5 digest of the favicon. |
services.ipp.cups_response.favicons.name | text | The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved. |
services.ipp.cups_response.favicons.shodan_hash | integer | A hash expressed as a signed decimal integer, provided for compatability with Shodan search. |
services.ipp.cups_response.favicons.size | integer | The size of the favicon retrieved, in bytes. |
services.ipp.cups_response.headers | nested | The key-value header pairs included in the response. |
services.ipp.cups_response.headers.key | text | |
services.ipp.cups_response.headers.value | object | |
services.ipp.cups_response.headers.value.headers | text | The values provided in the corresponding header. |
services.ipp.cups_response.html_tags | text | A list of the <title> and <meta> tags from services.http.response.body. |
services.ipp.cups_response.html_title | text | The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present. |
services.ipp.cups_response.protocol | text | The protocol field of the response, which includes the claimed HTTP version number. |
services.ipp.cups_response.status_code | integer | A 3-digit integer result code indicating the result of the services.http.request. |
services.ipp.cups_response.status_reason | text | A human-readable phrase describing the status code. |
services.ipp.cups_version | text | The CUPS version, if any, specified in the Server header of an IPP get-attributes response. |
services.ipp.major_version | unsigned_long | Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request. |
services.ipp.minor_version | unsigned_long | Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request. |
services.ipp.response | object | |
services.ipp.response.body | text | The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available. |
services.ipp.response.body_hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.ipp.response.body_size | integer | The length, in bytes, of services.http.response.body; at most, 64KB. |
services.ipp.response.favicons | object | |
services.ipp.response.favicons.hashes | text | A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f". |
services.ipp.response.favicons.md5_hash | keyword | The hexadecimal MD5 digest of the favicon. |
services.ipp.response.favicons.name | text | The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved. |
services.ipp.response.favicons.shodan_hash | integer | A hash expressed as a signed decimal integer, provided for compatability with Shodan search. |
services.ipp.response.favicons.size | integer | The size of the favicon retrieved, in bytes. |
services.ipp.response.headers | nested | The key-value header pairs included in the response. |
services.ipp.response.headers.key | text | |
services.ipp.response.headers.value | object | |
services.ipp.response.headers.value.headers | text | The values provided in the corresponding header. |
services.ipp.response.html_tags | text | A list of the <title> and <meta> tags from services.http.response.body. |
services.ipp.response.html_title | text | The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present. |
services.ipp.response.protocol | text | The protocol field of the response, which includes the claimed HTTP version number. |
services.ipp.response.status_code | integer | A 3-digit integer result code indicating the result of the services.http.request. |
services.ipp.response.status_reason | text | A human-readable phrase describing the status code. |
services.ipp.version_string | text | The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y' |
ISCSI
Path | Type | Docs |
---|---|---|
services.parsed.iscsi | object | |
services.parsed.iscsi.connection | object | |
services.parsed.iscsi.connection.ahs_length | long | |
services.parsed.iscsi.connection.isid | long | |
services.parsed.iscsi.connection.keyval_pairs | text | |
services.parsed.iscsi.connection.max_new_cmds | long | |
services.parsed.iscsi.connection.starting_seq | long | |
services.parsed.iscsi.connection.status | long | |
services.parsed.iscsi.connection.tsih | long | |
services.parsed.iscsi.connection.version_active | long | |
services.parsed.iscsi.connection.version_max | long | |
services.parsed.iscsi.error | text | |
services.parsed.iscsi.targets | object | |
services.parsed.iscsi.targets.alias | text | |
services.parsed.iscsi.targets.auths | text | |
services.parsed.iscsi.targets.error | text | |
services.parsed.iscsi.targets.name | text | |
services.parsed.iscsi.targets.private | text | |
services.parsed.iscsi.targets.public | text |
KUBERNETES
Path | Type | Docs |
---|---|---|
services.kubernetes | object | |
services.kubernetes.endpoints | object | |
services.kubernetes.endpoints.name | text | |
services.kubernetes.endpoints.self_link | text | |
services.kubernetes.endpoints.subsets | object | |
services.kubernetes.endpoints.subsets.addresses | object | |
services.kubernetes.endpoints.subsets.addresses.hostname | text | |
services.kubernetes.endpoints.subsets.addresses.ip | ip | |
services.kubernetes.endpoints.subsets.addresses.node_name | text | |
services.kubernetes.endpoints.subsets.ports | object | |
services.kubernetes.endpoints.subsets.ports.name | text | |
services.kubernetes.endpoints.subsets.ports.port | unsigned_long | |
services.kubernetes.endpoints.subsets.ports.protocol | text | |
services.kubernetes.kubernetes_dashboard_found | boolean | True if the dashboard is running and accessible |
services.kubernetes.nodes | object | |
services.kubernetes.nodes.addresses | object | |
services.kubernetes.nodes.addresses.address | keyword | Node address, IP/URL. |
services.kubernetes.nodes.addresses.address_type | text | Node address type, one of Hostname, ExternalIP or InternalIP. |
services.kubernetes.nodes.architecture | text | The Architecture reported by the node. |
services.kubernetes.nodes.container_runtime_version | text | ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0). |
services.kubernetes.nodes.images | text | List of container images on this node |
services.kubernetes.nodes.kernel_version | text | Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). |
services.kubernetes.nodes.kube_proxy_version | text | KubeProxy Version reported by the node. |
services.kubernetes.nodes.kubelet_version | text | Kubelet Version reported by the node. |
services.kubernetes.nodes.name | text | |
services.kubernetes.nodes.operating_system | text | The Operating System reported by the node. |
services.kubernetes.nodes.os_image | text | OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). |
services.kubernetes.pod_names | text | |
services.kubernetes.roles | object | |
services.kubernetes.roles.name | text | |
services.kubernetes.roles.rules | object | Rules set for this role. |
services.kubernetes.roles.rules.api_groups | text | APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. |
services.kubernetes.roles.rules.resources | text | Resources is a list of resources this rule applies to. ResourceAll represents all resources |
services.kubernetes.roles.rules.verbs | text | Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. |
services.kubernetes.version_info | object | |
services.kubernetes.version_info.build_date | text | Date version was built. |
services.kubernetes.version_info.compiler | text | Go Compiler used |
services.kubernetes.version_info.git_commit | text | Git commit version built from. |
services.kubernetes.version_info.git_tree_state | text | State of the tree when built. |
services.kubernetes.version_info.git_version | text | |
services.kubernetes.version_info.go_version | text | Version of GO used to build version. |
services.kubernetes.version_info.major | text | Kubernetes major version |
services.kubernetes.version_info.minor | text | Kubernetes minor version |
services.kubernetes.version_info.platform | text | Platform compiled for |
L2TP
Path | Type | Docs |
---|---|---|
services.parsed.l2tp | object | |
services.parsed.l2tp.hello_received | boolean | |
services.parsed.l2tp.ordered_messages_raw | text | |
services.parsed.l2tp.sccn_received | boolean | |
services.parsed.l2tp.sccrp | object | |
services.parsed.l2tp.sccrp.attribute_values | object | |
services.parsed.l2tp.sccrp.attribute_values.firmware_revision | long | |
services.parsed.l2tp.sccrp.attribute_values.hostname | text | |
services.parsed.l2tp.sccrp.attribute_values.protocol_revision | long | |
services.parsed.l2tp.sccrp.attribute_values.protocol_version | long | |
services.parsed.l2tp.sccrp.attribute_values.result_code | long | |
services.parsed.l2tp.sccrp.attribute_values.vendor_name | text | |
services.parsed.l2tp.sccrp_received | boolean | |
services.parsed.l2tp.sccrq_received | boolean | |
services.parsed.l2tp.stop_sccn | object | |
services.parsed.l2tp.stop_sccn.attribute_values | object | |
services.parsed.l2tp.stop_sccn.attribute_values.error_code | long | |
services.parsed.l2tp.stop_sccn.attribute_values.error_meaning | text | |
services.parsed.l2tp.stop_sccn.attribute_values.error_message | text | |
services.parsed.l2tp.stop_sccn.attribute_values.result_code | long | |
services.parsed.l2tp.stop_sccn.attribute_values.result_meaning | text | |
services.parsed.l2tp.stop_sccn_received | boolean | |
services.parsed.l2tp.zlb_received | boolean |
LDAP
Path | Type | Docs |
---|---|---|
services.ldap | object | |
services.ldap.allows_anonymous_bind | boolean | Ability to connect with anonymous bind (empty username and password) |
services.ldap.attributes | object | All root DN attributes available via anonymous bind |
services.ldap.attributes.name | text | Name of the LDAP attribute in the root DN |
services.ldap.attributes.values | text | Values for the respective LDAP attribute |
services.ldap.resultcode | unsigned_long | Result or error code returned by LDAP instance upon bind |
LPD
Path | Type | Docs |
---|---|---|
services.parsed.lpd | object | |
services.parsed.lpd.jobs | object | |
services.parsed.lpd.jobs.body | text | |
services.parsed.lpd.jobs.status | long | |
services.parsed.lpd.long_state | text | |
services.parsed.lpd.lp | object | |
services.parsed.lpd.lp.body | text | |
services.parsed.lpd.lp.status | long | |
services.parsed.lpd.printer | text | |
services.parsed.lpd.raw | text | |
services.parsed.lpd.short_state | text | |
services.parsed.lpd.text | text |
MDNS
Path | Type | Docs |
---|---|---|
services.parsed.mdns | object | |
services.parsed.mdns.multiple_responses | boolean | |
services.parsed.mdns.names | text | |
services.parsed.mdns.results | object | |
services.parsed.mdns.results.addresses | text | |
services.parsed.mdns.results.full_name | text | |
services.parsed.mdns.results.port | long | |
services.parsed.mdns.results.priority | long | |
services.parsed.mdns.results.target | text | |
services.parsed.mdns.results.texts | text | |
services.parsed.mdns.results.weight | long |
MEMCACHED
Path | Type | Docs |
---|---|---|
services.memcached | object | |
services.memcached.ascii_binding_protocol_enabled | boolean | Whether server responds to a handshake using the ASCII wire format of the protocol. |
services.memcached.binary_binding_protocol_enabled | boolean | Whether server responds to a handshake using the binary wire format of the protocol. |
services.memcached.responds_to_udp | boolean | Whether the server on the UDP port with the same number responds to a handshake using the ASCII wire format of the protocol. |
services.memcached.stats | nested | Server information returned in response to the stats command, as a set of key:value pairs. |
services.memcached.stats.key | text | |
services.memcached.stats.value | text | |
services.memcached.version | text | The Memcached version indicated in the server's response. |
MINECRAFT
Path | Type | Docs |
---|---|---|
services.parsed.minecraft | object | |
services.parsed.minecraft.motd | text | |
services.parsed.minecraft.players_max | long | |
services.parsed.minecraft.players_online | long | |
services.parsed.minecraft.protocol_version | text | |
services.parsed.minecraft.server_version | text |
MMS
Path | Type | Docs |
---|---|---|
services.mms | object | |
services.mms.model | text | |
services.mms.revision | text | |
services.mms.vendor | text |
MODBUS
Path | Type | Docs |
---|---|---|
services.modbus | object | |
services.modbus.exception_response | object | |
services.modbus.exception_response.exception_function | unsigned_long | |
services.modbus.exception_response.exception_type | unsigned_long | |
services.modbus.function | unsigned_long | |
services.modbus.mei_response | object | |
services.modbus.mei_response.conformity_level | long | |
services.modbus.mei_response.more_follows | boolean | |
services.modbus.mei_response.objects | nested | |
services.modbus.mei_response.objects.key | text | |
services.modbus.mei_response.objects.value | text | |
services.modbus.unit_id | long |
MONERO_P2P
Path | Type | Docs |
---|---|---|
services.parsed.monero_p2p | object | |
services.parsed.monero_p2p.ping_response | object | |
services.parsed.monero_p2p.ping_response.payload | object | |
services.parsed.monero_p2p.ping_response.payload.entries | object | |
services.parsed.monero_p2p.ping_response.payload.entries.data | text | |
services.parsed.monero_p2p.ping_response.payload.entries.name | text | |
services.parsed.monero_p2p.ping_response.response_header | object | |
services.parsed.monero_p2p.ping_response.response_header.command | long | |
services.parsed.monero_p2p.ping_response.response_header.expects_response | boolean | |
services.parsed.monero_p2p.ping_response.response_header.flags | long | |
services.parsed.monero_p2p.ping_response.response_header.length | long | |
services.parsed.monero_p2p.ping_response.response_header.return_code | long | |
services.parsed.monero_p2p.ping_response.response_header.signature | long | |
services.parsed.monero_p2p.ping_response.response_header.version | long |
MONGODB
Path | Type | Docs |
---|---|---|
services.mongodb | object | |
services.mongodb.build_info | object | |
services.mongodb.build_info.build_environment | object | |
services.mongodb.build_info.build_environment.cc | text | |
services.mongodb.build_info.build_environment.cc_flags | text | |
services.mongodb.build_info.build_environment.cxx | text | |
services.mongodb.build_info.build_environment.cxx_flags | text | |
services.mongodb.build_info.build_environment.dist_arch | text | |
services.mongodb.build_info.build_environment.dist_mod | text | |
services.mongodb.build_info.build_environment.link_flags | text | |
services.mongodb.build_info.build_environment.target_arch | text | |
services.mongodb.build_info.build_environment.target_os | text | |
services.mongodb.build_info.git_version | text | Version of mongodb server |
services.mongodb.build_info.version | text | Version of mongodb server |
services.mongodb.is_master | object | |
services.mongodb.is_master.is_master | boolean | |
services.mongodb.is_master.logical_session_timeout_minutes | integer | |
services.mongodb.is_master.max_bson_object_size | integer | |
services.mongodb.is_master.max_message_size_bytes | integer | |
services.mongodb.is_master.max_wire_version | integer | |
services.mongodb.is_master.max_write_batch_size | integer | |
services.mongodb.is_master.min_wire_version | integer | |
services.mongodb.is_master.read_only | boolean |
MQTT
Path | Type | Docs |
---|---|---|
services.mqtt | object | |
services.mqtt.connection_ack_raw | text | Raw CONNACK response packet |
services.mqtt.connection_ack_return | object | |
services.mqtt.connection_ack_return.raw | unsigned_long | Raw connect status value |
services.mqtt.connection_ack_return.return_value | text | Connection status |
services.mqtt.subscription_ack_return | object | |
services.mqtt.subscription_ack_return.raw | unsigned_long | Raw subscription response value |
services.mqtt.subscription_ack_return.return_value | text | Subscription response |
MSSQL
Path | Type | Docs |
---|---|---|
services.mssql | object | |
services.mssql.encrypt_mode | text | The negotiated ENCRYPT_MODE with the server |
services.mssql.instance_name | text | |
services.mssql.prelogin_options | object | |
services.mssql.prelogin_options.encrypt_mode | text | |
services.mssql.prelogin_options.fed_auth_required | boolean | |
services.mssql.prelogin_options.instance | text | |
services.mssql.prelogin_options.mars | boolean | |
services.mssql.prelogin_options.nonce | text | |
services.mssql.prelogin_options.server_version | object | |
services.mssql.prelogin_options.server_version.build_number | unsigned_long | |
services.mssql.prelogin_options.server_version.major | unsigned_long | |
services.mssql.prelogin_options.server_version.minor | unsigned_long | |
services.mssql.prelogin_options.thread_id | unsigned_long | |
services.mssql.prelogin_options.trace_id | text | |
services.mssql.prelogin_options.unknown | object | |
services.mssql.prelogin_options.unknown.key | unsigned_long | |
services.mssql.prelogin_options.unknown.value | text | |
services.mssql.version | text |
MURMUR
Path | Type | Docs |
---|---|---|
services.parsed.murmur | object | |
services.parsed.murmur.channels | long | |
services.parsed.murmur.crypto | object | |
services.parsed.murmur.crypto.client_nonce | text | |
services.parsed.murmur.crypto.key | text | |
services.parsed.murmur.crypto.server_nonce | text | |
services.parsed.murmur.messages | object | |
services.parsed.murmur.messages.body | text | |
services.parsed.murmur.messages.type | text | |
services.parsed.murmur.reject | object | |
services.parsed.murmur.reject.reason | text | |
services.parsed.murmur.reject.type | long | |
services.parsed.murmur.text_messages | object | |
services.parsed.murmur.text_messages.message | text | |
services.parsed.murmur.text_messages.session | long | |
services.parsed.murmur.users | long | |
services.parsed.murmur.version | object | |
services.parsed.murmur.version.build | long | |
services.parsed.murmur.version.major | long | |
services.parsed.murmur.version.minor | long | |
services.parsed.murmur.version.os | text | |
services.parsed.murmur.version.os_version | text | |
services.parsed.murmur.version.version_string | text |
MYSQL
Path | Type | Docs |
---|---|---|
services.mysql | object | |
services.mysql.auth_plugin_data | text | Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket. |
services.mysql.auth_plugin_name | text | The name of the authentication plugin, returned in the initial HandshakePacket. |
services.mysql.capability_flags | nested | The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs. |
services.mysql.capability_flags.key | text | |
services.mysql.capability_flags.value | boolean | |
services.mysql.character_set | unsigned_long | The identifier for the character set the server is using. Returned in the initial HandshakePacket. |
services.mysql.connection_id | unsigned_long | The server's internal identifier for this client's connection, sent in the initial HandshakePacket. |
services.mysql.error_code | long | Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list. |
services.mysql.error_id | text | The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN |
services.mysql.error_message | text | Optional string describing the error. Only set if there is an error. |
services.mysql.protocol_version | unsigned_long | 8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server. |
services.mysql.server_version | text | The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always. |
services.mysql.status_flags | nested | The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs. |
services.mysql.status_flags.key | text | |
services.mysql.status_flags.value | boolean |
NBD
Path | Type | Docs |
---|---|---|
services.parsed.nbd | object | |
services.parsed.nbd.exports | object | |
services.parsed.nbd.exports.max_payload_size | long | |
services.parsed.nbd.exports.min_block_size | long | |
services.parsed.nbd.exports.name | text | |
services.parsed.nbd.exports.preferred_block_size | long | |
services.parsed.nbd.exports.size | long | |
services.parsed.nbd.exports.transmit_flags | text | |
services.parsed.nbd.handshake_style | text | |
services.parsed.nbd.policies | text |
NMEA
Path | Type | Docs |
---|---|---|
services.parsed.nmea | object | |
services.parsed.nmea.messages | object | |
services.parsed.nmea.messages.fields | text | |
services.parsed.nmea.messages.sentence_id | text | |
services.parsed.nmea.messages.talker_id | text | |
services.parsed.nmea.messages.talker_name | text |
NTP
Path | Type | Docs |
---|---|---|
services.ntp | object | |
services.ntp.get_time_header | object | The header of the server's response to a GetTime request. |
services.ntp.get_time_header.leap_indicator | unsigned_long | An enumerated value from 0 to 3 signifying whether a leap second will occur at the end of the current month. 0 signifies no leap second, 1 signifies an additive leap second, 2 signifies a subtractive leap second, and 3 signifies the state is unknown. |
services.ntp.get_time_header.mode | unsigned_long | An enumerated value from 0 to 7 signifying the operational mode of the server. |
services.ntp.get_time_header.poll | integer | The interval within which the server will expect a subsequent synchronization message, in log2 seconds. |
services.ntp.get_time_header.precision | integer | The precision of the system's clock, in log2 seconds. |
services.ntp.get_time_header.reference_id | text | The identifier of the reference clock. For servers in stratum 1, one of an IANA-maintained list of sources. For servers in stratum 2, the ID of the stratum 1 server from which the time was retrieved (usually, its IP address), etc. |
services.ntp.get_time_header.stratum | unsigned_long | The number of servers between a client and a non-NTP time source. 1 signifies that the server is authoritative, having direct access to a sensor. 2 signifies that the server got its time from a "stratum 1" server, etc. 16 means the clock is unsynchronized. |
services.ntp.get_time_header.version | unsigned_long | The NTP version indicated in the server's response. |
NTRIP
Path | Type | Docs |
---|---|---|
services.parsed.ntrip | object | |
services.parsed.ntrip.data_streams | object | |
services.parsed.ntrip.data_streams.authentication | text | |
services.parsed.ntrip.data_streams.bitrate | long | |
services.parsed.ntrip.data_streams.carrier_info | text | |
services.parsed.ntrip.data_streams.caster_mount_point | text | |
services.parsed.ntrip.data_streams.compression_or_encryption | text | |
services.parsed.ntrip.data_streams.country_code | text | |
services.parsed.ntrip.data_streams.data_format | text | |
services.parsed.ntrip.data_streams.fee | boolean | |
services.parsed.ntrip.data_streams.format_details | text | |
services.parsed.ntrip.data_streams.generator | text | |
services.parsed.ntrip.data_streams.latitude | text | |
services.parsed.ntrip.data_streams.longitude | text | |
services.parsed.ntrip.data_streams.misc | text | |
services.parsed.ntrip.data_streams.nav_system | text | |
services.parsed.ntrip.data_streams.network | text | |
services.parsed.ntrip.data_streams.nmea | boolean | |
services.parsed.ntrip.data_streams.solution | text | |
services.parsed.ntrip.data_streams.source_identifier | text | |
services.parsed.ntrip.server | text | |
services.parsed.ntrip.version | text |
ONVIF
Path | Type | Docs |
---|---|---|
services.parsed.onvif | object | |
services.parsed.onvif.hostname | object | |
services.parsed.onvif.hostname.from_dhcp | boolean | |
services.parsed.onvif.hostname.name | text | |
services.parsed.onvif.services | object | |
services.parsed.onvif.services.capabilities | object | |
services.parsed.onvif.services.capabilities.analytics | object | |
services.parsed.onvif.services.capabilities.analytics.analytics_module_support | boolean | |
services.parsed.onvif.services.capabilities.analytics.rule_options_suported | boolean | |
services.parsed.onvif.services.capabilities.analytics.rule_support | boolean | |
services.parsed.onvif.services.capabilities.device | object | |
services.parsed.onvif.services.capabilities.device.network | object | |
services.parsed.onvif.services.capabilities.device.network.dhcp_v6 | boolean | |
services.parsed.onvif.services.capabilities.device.network.dot11_configuration | boolean | |
services.parsed.onvif.services.capabilities.device.network.dot1x_configurations | long | |
services.parsed.onvif.services.capabilities.device.network.dynamic_dns | boolean | |
services.parsed.onvif.services.capabilities.device.network.hostname_from_dhcp | boolean | |
services.parsed.onvif.services.capabilities.device.network.ip_filter | boolean | |
services.parsed.onvif.services.capabilities.device.network.ipv6 | boolean | |
services.parsed.onvif.services.capabilities.device.network.ntp | long | |
services.parsed.onvif.services.capabilities.device.network.zero_configuration | boolean | |
services.parsed.onvif.services.capabilities.device.security | object | |
services.parsed.onvif.services.capabilities.device.security.access_policy_config | boolean | |
services.parsed.onvif.services.capabilities.device.security.dot_1x | boolean | |
services.parsed.onvif.services.capabilities.device.security.http_digest | boolean | |
services.parsed.onvif.services.capabilities.device.security.kerberos_token | boolean | |
services.parsed.onvif.services.capabilities.device.security.max_password_length | long | |
services.parsed.onvif.services.capabilities.device.security.max_username_length | long | |
services.parsed.onvif.services.capabilities.device.security.max_users | long | |
services.parsed.onvif.services.capabilities.device.security.onboard_key_generation | boolean | |
services.parsed.onvif.services.capabilities.device.security.rel_token | boolean | |
services.parsed.onvif.services.capabilities.device.security.remote_user_handling | boolean | |
services.parsed.onvif.services.capabilities.device.security.saml_token | boolean | |
services.parsed.onvif.services.capabilities.device.security.supported_eap_methods | long | |
services.parsed.onvif.services.capabilities.device.security.tls_1 | object | |
services.parsed.onvif.services.capabilities.device.security.tls_1.0 | boolean | |
services.parsed.onvif.services.capabilities.device.security.tls_1.1 | boolean | |
services.parsed.onvif.services.capabilities.device.security.tls_1.2 | boolean | |
services.parsed.onvif.services.capabilities.device.security.username_token | boolean | |
services.parsed.onvif.services.capabilities.device.security.x509_token | boolean | |
services.parsed.onvif.services.capabilities.device.system | object | |
services.parsed.onvif.services.capabilities.device.system.discovery_bye | boolean | |
services.parsed.onvif.services.capabilities.device.system.discovery_resolve | boolean | |
services.parsed.onvif.services.capabilities.device.system.firmware_upgrade | boolean | |
services.parsed.onvif.services.capabilities.device.system.http_firmware_upgrade | boolean | |
services.parsed.onvif.services.capabilities.device.system.http_support_information | boolean | |
services.parsed.onvif.services.capabilities.device.system.http_system_backup | boolean | |
services.parsed.onvif.services.capabilities.device.system.http_systme_logging | boolean | |
services.parsed.onvif.services.capabilities.device.system.remote_discovery | boolean | |
services.parsed.onvif.services.capabilities.device.system.storage_configuration | boolean | |
services.parsed.onvif.services.capabilities.device.system.system_backup | boolean | |
services.parsed.onvif.services.capabilities.device.system.system_logging | boolean | |
services.parsed.onvif.services.capabilities.device_io | object | |
services.parsed.onvif.services.capabilities.device_io.audio_outputs | long | |
services.parsed.onvif.services.capabilities.device_io.audio_sources | long | |
services.parsed.onvif.services.capabilities.device_io.digital_inputs | long | |
services.parsed.onvif.services.capabilities.device_io.relay_outputs | long | |
services.parsed.onvif.services.capabilities.device_io.serial_ports | long | |
services.parsed.onvif.services.capabilities.device_io.video_outputs | long | |
services.parsed.onvif.services.capabilities.events | object | |
services.parsed.onvif.services.capabilities.events.max_notification_producers | long | |
services.parsed.onvif.services.capabilities.events.max_pull_points | long | |
services.parsed.onvif.services.capabilities.events.ws_pausable_subscription_manager_interface_support | boolean | |
services.parsed.onvif.services.capabilities.events.ws_pull_point_support | boolean | |
services.parsed.onvif.services.capabilities.events.ws_subscription_policy_support | boolean | |
services.parsed.onvif.services.capabilities.image | object | |
services.parsed.onvif.services.capabilities.image.image_stabilization | boolean | |
services.parsed.onvif.services.capabilities.media | object | |
services.parsed.onvif.services.capabilities.media.osd | boolean | |
services.parsed.onvif.services.capabilities.media.profile | object | |
services.parsed.onvif.services.capabilities.media.profile.max_profile_count | long | |
services.parsed.onvif.services.capabilities.media.rotation | boolean | |
services.parsed.onvif.services.capabilities.media.snapshot_uri | boolean | |
services.parsed.onvif.services.capabilities.media.streaming | object | |
services.parsed.onvif.services.capabilities.media.streaming.non_aggregate_control | boolean | |
services.parsed.onvif.services.capabilities.media.streaming.rtp_multicast | boolean | |
services.parsed.onvif.services.capabilities.media.streaming.rtp_rtsp_tcp | boolean | |
services.parsed.onvif.services.capabilities.media.streaming.rtp_tcp | boolean | |
services.parsed.onvif.services.capabilities.media.video_source_mode | boolean | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom | object | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom.eflip | boolean | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom.get_compatible_configurations | boolean | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom.move_status | boolean | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom.reverse | boolean | |
services.parsed.onvif.services.capabilities.pan_tilt_zoom.status_position | boolean | |
services.parsed.onvif.services.namespace | text | |
services.parsed.onvif.services.service_version_major | long | |
services.parsed.onvif.services.service_version_minor | long | |
services.parsed.onvif.services.xaddr | text |
OPC_UA
Path | Type | Docs |
---|---|---|
services.parsed.opc_ua | object | |
services.parsed.opc_ua.endpoints | object | |
services.parsed.opc_ua.endpoints.endpoint_url | text | |
services.parsed.opc_ua.endpoints.security_level | long | |
services.parsed.opc_ua.endpoints.security_mode | text | |
services.parsed.opc_ua.endpoints.security_policy_uri | text | |
services.parsed.opc_ua.endpoints.server | object | |
services.parsed.opc_ua.endpoints.server.application_name | object | |
services.parsed.opc_ua.endpoints.server.application_name.flags | long | |
services.parsed.opc_ua.endpoints.server.application_name.locale | text | |
services.parsed.opc_ua.endpoints.server.application_name.text | text | |
services.parsed.opc_ua.endpoints.server.application_type | text | |
services.parsed.opc_ua.endpoints.server.application_uri | text | |
services.parsed.opc_ua.endpoints.server.discovery_profile_uri | text | |
services.parsed.opc_ua.endpoints.server.product_uri | text | |
services.parsed.opc_ua.endpoints.server_cert | text | |
services.parsed.opc_ua.endpoints.transport_profile_uri | text | |
services.parsed.opc_ua.max_chunk_size | long | |
services.parsed.opc_ua.max_message_size | long | |
services.parsed.opc_ua.protocol_version | long | |
services.parsed.opc_ua.receive_buffer_size | long | |
services.parsed.opc_ua.send_buffer_size | long |
OPENVPN
Path | Type | Docs |
---|---|---|
services.openvpn | object | |
services.openvpn.accepts_v1 | boolean | |
services.openvpn.accepts_v2 | boolean |
ORACLE
Path | Type | Docs |
---|---|---|
services.oracle | object | |
services.oracle.accept_version | unsigned_long | The version declared by the service when it accepts the handshake, if applicable. |
services.oracle.connect_flags0 | nested | The first set of ConnectFlags returned in the Accept packet. |
services.oracle.connect_flags0.key | text | |
services.oracle.connect_flags0.value | boolean | |
services.oracle.connect_flags1 | nested | The second set of ConnectFlags returned in the Accept packet. |
services.oracle.connect_flags1.key | text | |
services.oracle.connect_flags1.value | boolean | |
services.oracle.did_resend | boolean | Whether the server requested that the scanner resend its initial connection packet. |
services.oracle.global_service_options | nested | Set of flags that the server returns in the Accept packet. |
services.oracle.global_service_options.key | text | |
services.oracle.global_service_options.value | boolean | |
services.oracle.nsn_service_versions | nested | A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet. |
services.oracle.nsn_service_versions.key | text | |
services.oracle.nsn_service_versions.value | text | |
services.oracle.nsn_version | text | The version string in the root of the native service negotiation packet, if applicable. |
services.oracle.redirect_target | object | The parsed connect descriptor returned by the server in the redirect packet, if one is sent. |
services.oracle.redirect_target.key | text | The dot-delimited path to the parsed value from the error received when the initial handshake is refused. |
services.oracle.redirect_target.value | text | The parsed value from the error received when the initial handshake is refused. |
services.oracle.redirect_target_raw | text | The connect descriptor returned by the server in the Redirect packet, if one is sent. |
services.oracle.refuse_error | object | The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE |
services.oracle.refuse_error.key | text | The dot-delimited path to the parsed value from the error received when the initial handshake is refused. |
services.oracle.refuse_error.value | text | The parsed value from the error received when the initial handshake is refused. |
services.oracle.refuse_error_raw | text | The unparsed error received when the initial handshake is refused. |
services.oracle.refuse_reason_app | text | The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. |
services.oracle.refuse_reason_sys | text | The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. |
services.oracle.refuse_version | text | The version declared by the service when it refuses the handshake, if applicable. |
PCOM
Path | Type | Docs |
---|---|---|
services.parsed.pcom | object | |
services.parsed.pcom.buffer_size | text | |
services.parsed.pcom.hardware_version | text | |
services.parsed.pcom.model | text | |
services.parsed.pcom.model_executor | text | |
services.parsed.pcom.model_op_executor | text | |
services.parsed.pcom.name | text | |
services.parsed.pcom.os_build | text | |
services.parsed.pcom.os_version | text | |
services.parsed.pcom.unique_id | long | |
services.parsed.pcom.unit_id | text |
PC_ANYWHERE
Path | Type | Docs |
---|---|---|
services.pc_anywhere | object | |
services.pc_anywhere.name | text | Workstation Name, with padding bytes removed |
services.pc_anywhere.nr | text | Full 'NR' query response |
services.pc_anywhere.status | object | |
services.pc_anywhere.status.in_use | boolean | Workstation is In Use if true, Available if false |
services.pc_anywhere.status.raw | text | Full 'ST' query response |
PGBOUNCER
Path | Type | Docs |
---|---|---|
services.parsed.pgbouncer | object | |
services.parsed.pgbouncer.startup_capabilities | object | |
services.parsed.pgbouncer.startup_capabilities.v2 | boolean | |
services.parsed.pgbouncer.startup_capabilities.v3 | boolean | |
services.parsed.pgbouncer.startup_capabilities.v4 | boolean |
POP3
Path | Type | Docs |
---|---|---|
services.pop3 | object | |
services.pop3.banner | text | The POP3 banner. |
services.pop3.start_tls | text | The server's response to the STARTTLS command. |
PORTMAP
Path | Type | Docs |
---|---|---|
services.parsed.portmap | object | |
services.parsed.portmap.portmap_entries_v2 | object | |
services.parsed.portmap.portmap_entries_v2.desc | text | |
services.parsed.portmap.portmap_entries_v2.port | long | |
services.parsed.portmap.portmap_entries_v2.protocol | text | |
services.parsed.portmap.portmap_entries_v2.shorthand | text | |
services.parsed.portmap.portmap_entries_v2.version | long | |
services.parsed.portmap.portmap_entries_v3 | object | |
services.parsed.portmap.portmap_entries_v3.desc | text | |
services.parsed.portmap.portmap_entries_v3.network_id | text | |
services.parsed.portmap.portmap_entries_v3.owner | text | |
services.parsed.portmap.portmap_entries_v3.shorthand | text | |
services.parsed.portmap.portmap_entries_v3.universal_address | text | |
services.parsed.portmap.portmap_entries_v3.version | long |
POSTGRES
Path | Type | Docs |
---|---|---|
services.postgres | object | |
services.postgres.authentication_mode | object | |
services.postgres.authentication_mode.mode | text | |
services.postgres.authentication_mode.payload | text | |
services.postgres.protocol_error | nested | The error received in response to a StartupMessage with an unexpected protocol version. |
services.postgres.protocol_error.key | text | |
services.postgres.protocol_error.value | text | |
services.postgres.startup_error | nested | The error received in response to a StartupMessage without providing the User field. |
services.postgres.startup_error.key | text | |
services.postgres.startup_error.value | text | |
services.postgres.supported_versions | text | |
services.postgres.transaction_status | text |
PPTP
Path | Type | Docs |
---|---|---|
services.pptp | object | |
services.pptp.bearer_message | object | |
services.pptp.bearer_message.code | unsigned_long | |
services.pptp.bearer_message.meaning | text | |
services.pptp.error_message | object | |
services.pptp.error_message.code | unsigned_long | |
services.pptp.error_message.meaning | text | |
services.pptp.firmware | object | |
services.pptp.firmware.major | unsigned_long | |
services.pptp.firmware.minor | unsigned_long | |
services.pptp.framing_message | object | |
services.pptp.framing_message.code | unsigned_long | |
services.pptp.framing_message.meaning | text | |
services.pptp.hostname | text | |
services.pptp.maximum_channels | unsigned_long | |
services.pptp.protocol | object | |
services.pptp.protocol.major | unsigned_long | |
services.pptp.protocol.minor | unsigned_long | |
services.pptp.result_message | object | |
services.pptp.result_message.code | unsigned_long | |
services.pptp.result_message.meaning | text | |
services.pptp.vendor | text |
PROMETHEUS
Path | Type | Docs |
---|---|---|
services.prometheus | object | |
services.prometheus.http_info | object | |
services.prometheus.http_info.headers | nested | |
services.prometheus.http_info.headers.key | text | |
services.prometheus.http_info.headers.value | object | |
services.prometheus.http_info.headers.value.headers | text | The values provided in the corresponding header. |
services.prometheus.http_info.status | text | Status message received from hitting /api/v1/targets. |
services.prometheus.http_info.status_code | unsigned_long | Status code received from hitting /api/v1/targets. |
services.prometheus.response | object | Information Prometheus captured as well as build information. |
services.prometheus.response.active_targets | object | List of active targets. |
services.prometheus.response.active_targets.discovered_labels | object | |
services.prometheus.response.active_targets.discovered_labels.address | text | Address of target. |
services.prometheus.response.active_targets.discovered_labels.job | text | Job of target. |
services.prometheus.response.active_targets.discovered_labels.metrics_path | text | Path to metrics of target. |
services.prometheus.response.active_targets.discovered_labels.scheme | text | URL scheme. |
services.prometheus.response.active_targets.health | text | Whether target is up or down. |
services.prometheus.response.active_targets.labels | object | |
services.prometheus.response.active_targets.labels.instance | text | Instance after relabelling has occurred. |
services.prometheus.response.active_targets.labels.job | text | Job of target after relabelling has occurred. |
services.prometheus.response.active_targets.last_error | text | Last error that occurred within target. |
services.prometheus.response.active_targets.last_scrape | text | Last time Prometheus scraped target. |
services.prometheus.response.active_targets.scrape_url | text | URL that Prometheus scraped. |
services.prometheus.response.all_versions | text | List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc. |
services.prometheus.response.config_exposed | boolean | True when the config endpoint is exposed. |
services.prometheus.response.dropped_targets | object | List of dropped targets. |
services.prometheus.response.dropped_targets.address | text | Address of target. |
services.prometheus.response.dropped_targets.job | text | Job of target. |
services.prometheus.response.dropped_targets.metrics_path | text | Path to metrics of target. |
services.prometheus.response.dropped_targets.scheme | text | URL scheme. |
services.prometheus.response.go_versions | text | List of the versions of Go. |
services.prometheus.response.prometheus_versions | object | |
services.prometheus.response.prometheus_versions.go_version | text | Version of Go used to build Prometheus. |
services.prometheus.response.prometheus_versions.revision | text | Revision of Prometheus. |
services.prometheus.response.prometheus_versions.version | text | Version of Prometheus. |
RDP
Path | Type | Docs |
---|---|---|
services.rdp | object | |
services.rdp.certificate_info | object | |
services.rdp.certificate_info.internal_x509_chain_fps | keyword | |
services.rdp.certificate_info.proprietary_rsa_key | object | |
services.rdp.certificate_info.proprietary_rsa_key.key_length | unsigned_long | |
services.rdp.certificate_info.proprietary_rsa_key.magic | unsigned_long | |
services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen | unsigned_long | |
services.rdp.certificate_info.proprietary_rsa_key.modulus | text | |
services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen | unsigned_long | |
services.rdp.certificate_info.proprietary_rsa_key.public_exponent | unsigned_long | |
services.rdp.certificate_info.proprietary_rsa_key.signature | text | |
services.rdp.connect_response | object | |
services.rdp.connect_response.connect_id | unsigned_long | |
services.rdp.connect_response.domain_parameters | object | |
services.rdp.connect_response.domain_parameters.domain_protocol_version | long | |
services.rdp.connect_response.domain_parameters.max_channel_ids | long | |
services.rdp.connect_response.domain_parameters.max_mcspdu_size | long | |
services.rdp.connect_response.domain_parameters.max_provider_height | long | |
services.rdp.connect_response.domain_parameters.max_token_ids | long | |
services.rdp.connect_response.domain_parameters.max_user_id_channels | long | |
services.rdp.connect_response.domain_parameters.min_throughput | long | |
services.rdp.connect_response.domain_parameters.num_priorities | long | |
services.rdp.protocol_flags | object | |
services.rdp.protocol_flags.dynvc_graphics_pipeline | boolean | |
services.rdp.protocol_flags.extended_client_data_supported | boolean | |
services.rdp.protocol_flags.neg_resp_reserved | boolean | |
services.rdp.protocol_flags.restricted_admin_mode | boolean | |
services.rdp.protocol_flags.restricted_auth_mode | boolean | |
services.rdp.selected_security_protocol | object | |
services.rdp.selected_security_protocol.credssp | boolean | |
services.rdp.selected_security_protocol.credssp_early_auth | boolean | |
services.rdp.selected_security_protocol.error | boolean | |
services.rdp.selected_security_protocol.error_bad_flags | boolean | |
services.rdp.selected_security_protocol.error_hybrid_required | boolean | |
services.rdp.selected_security_protocol.error_ssl_cert_missing | boolean | |
services.rdp.selected_security_protocol.error_ssl_forbidden | boolean | |
services.rdp.selected_security_protocol.error_ssl_required | boolean | |
services.rdp.selected_security_protocol.error_ssl_user_auth_required | boolean | |
services.rdp.selected_security_protocol.error_unknown | boolean | |
services.rdp.selected_security_protocol.raw_value | unsigned_long | |
services.rdp.selected_security_protocol.rdstls | boolean | |
services.rdp.selected_security_protocol.standard_rdp | boolean | |
services.rdp.selected_security_protocol.tls | boolean | |
services.rdp.version | object | |
services.rdp.version.major | integer | |
services.rdp.version.minor | integer | |
services.rdp.version.raw | unsigned_long | Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes. |
services.rdp.x224_cc_pdu_srcref | unsigned_long |
REALPORT
Path | Type | Docs |
---|---|---|
services.parsed.realport | object | |
services.parsed.realport.hw_id | long | |
services.parsed.realport.hw_ver | long | |
services.parsed.realport.num_ports | long | |
services.parsed.realport.product_name | text | |
services.parsed.realport.sw_ver | long | |
services.parsed.realport.unpatched_etherlite | boolean | |
services.parsed.realport.vpd | object |
REDIS
Path | Type | Docs |
---|---|---|
services.redis | object | |
services.redis.arch_bits | text | The architecture bits (32 or 64) the Redis server used to build. |
services.redis.auth_response | text | The response from the AUTH command, if sent. |
services.redis.build_id | text | The Build ID of the Redis server. |
services.redis.commands | text | The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'. |
services.redis.commands_processed | unsigned_long | The total number of commands processed by the server. |
services.redis.connections_received | unsigned_long | The total number of connections accepted by the server. |
services.redis.gcc_version | text | The version of the GCC compiler used to compile the Redis server. |
services.redis.git_sha1 | text | The Sha-1 Git commit hash the Redis server used. |
services.redis.info_response | object | The response from the INFO command. Should be a series of key:value pairs separated by CRLFs. |
services.redis.info_response.key | text | |
services.redis.info_response.value | text | |
services.redis.major | unsigned_long | Major is the version's major number. |
services.redis.mem_allocator | text | The memory allocator. |
services.redis.minor | unsigned_long | Minor is the version's major number. |
services.redis.mode | text | The mode the Redis server is running (standalone or cluster), read from the the info_response (if available). |
services.redis.nonexistent_response | text | The response from the NONEXISTENT command. |
services.redis.os | text | The OS the Redis server is running, read from the the info_response (if available). |
services.redis.patch_level | unsigned_long | Patchlevel is the version's patchlevel number. |
services.redis.ping_response | text | The response from the PING command; should either be "PONG" or an authentication error. |
services.redis.quit_response | text | The response to the QUIT command. |
services.redis.raw_command_output | object | The raw output returned by the server for each command sent; the indices match those of commands. |
services.redis.raw_command_output.output | text | |
services.redis.uptime | unsigned_long | The number of seconds since Redis server start. |
services.redis.used_memory | unsigned_long | The total number of bytes allocated by Redis using its allocator. |
REDLION_CRIMSON
Path | Type | Docs |
---|---|---|
services.parsed.redlion_crimson | object | |
services.parsed.redlion_crimson.configs_exposed | boolean | |
services.parsed.redlion_crimson.control_engine_status | text | |
services.parsed.redlion_crimson.current_software_level | text | |
services.parsed.redlion_crimson.execution_status | text | |
services.parsed.redlion_crimson.manufacturer | text | |
services.parsed.redlion_crimson.model | text |
RIPPLE
Path | Type | Docs |
---|---|---|
services.parsed.ripple | object | |
services.parsed.ripple.ripple_clio | object | |
services.parsed.ripple.ripple_clio.clio_version | text | |
services.parsed.ripple.ripple_clio.rippled_version | text | |
services.parsed.ripple.ripple_clio.validated | boolean | |
services.parsed.ripple.ripple_clio.validation_quorum | long | |
services.parsed.ripple.rippled_peer | object | |
services.parsed.ripple.rippled_peer.build_version | text | |
services.parsed.ripple.rippled_peer.peer_crawler_response_version | long | |
services.parsed.ripple.rippled_peer.peers | object | |
services.parsed.ripple.rippled_peer.peers.ip | text | |
services.parsed.ripple.rippled_peer.peers.port | long | |
services.parsed.ripple.rippled_peer.peers.public_key | text | |
services.parsed.ripple.rippled_peer.peers.type | text | |
services.parsed.ripple.rippled_peer.peers.version | text | |
services.parsed.ripple.rippled_peer.pubkey_node | text | |
services.parsed.ripple.rippled_peer.server_state | text | |
services.parsed.ripple.rippled_peer.validator_sites | text | |
services.parsed.ripple.rippled_public | object | |
services.parsed.ripple.rippled_public.build_version | text | |
services.parsed.ripple.rippled_public.hostid | text | |
services.parsed.ripple.rippled_public.network_id | long | |
services.parsed.ripple.rippled_public.peers | long | |
services.parsed.ripple.rippled_public.ports | object | |
services.parsed.ripple.rippled_public.ports.port | text | |
services.parsed.ripple.rippled_public.ports.protocol | text | |
services.parsed.ripple.rippled_public.pubkey_node | text | |
services.parsed.ripple.rippled_public.server_state | text | |
services.parsed.ripple.rippled_public.validation_quorum | long |
RLOGIN
Path | Type | Docs |
---|---|---|
services.parsed.rlogin | object | |
services.parsed.rlogin.error | text | |
services.parsed.rlogin.os | text | |
services.parsed.rlogin.software | text | |
services.parsed.rlogin.software_version | text |
ROCKETMQ
Path | Type | Docs |
---|---|---|
services.parsed.rocketmq | object | |
services.parsed.rocketmq.cluster_info | object | |
services.parsed.rocketmq.cluster_info.header | object | |
services.parsed.rocketmq.cluster_info.header.code | long | |
services.parsed.rocketmq.cluster_info.header.flag | long | |
services.parsed.rocketmq.cluster_info.header.language | text | |
services.parsed.rocketmq.cluster_info.header.opaque | long | |
services.parsed.rocketmq.cluster_info.header.serialize_type_current_rpc | text | |
services.parsed.rocketmq.cluster_info.header.version | long | |
services.parsed.rocketmq.cluster_info.payload | text | |
services.parsed.rocketmq.topics | object | |
services.parsed.rocketmq.topics.header | object | |
services.parsed.rocketmq.topics.header.code | long | |
services.parsed.rocketmq.topics.header.flag | long | |
services.parsed.rocketmq.topics.header.language | text | |
services.parsed.rocketmq.topics.header.opaque | long | |
services.parsed.rocketmq.topics.header.serialize_type_current_rpc | text | |
services.parsed.rocketmq.topics.header.version | long | |
services.parsed.rocketmq.topics.topic_list | text | |
services.parsed.rocketmq.version | text |
RTSP
Path | Type | Docs |
---|---|---|
services.parsed.rtsp | object | |
services.parsed.rtsp.auth | text | |
services.parsed.rtsp.commands | text | |
services.parsed.rtsp.server | text | |
services.parsed.rtsp.www_auth | text |
S7
Path | Type | Docs |
---|---|---|
services.s7 | object | |
services.s7.copyright | text | |
services.s7.cpu_profile | text | |
services.s7.firmware | text | |
services.s7.hardware | text | |
services.s7.location | text | |
services.s7.memory_serial_number | text | |
services.s7.module | text | |
services.s7.module_id | text | |
services.s7.module_type | text | |
services.s7.oem_id | text | |
services.s7.plant_id | text | |
services.s7.reserved_for_os | text | |
services.s7.serial_number | text | |
services.s7.system | text |
SAP_ROUTER
Path | Type | Docs |
---|---|---|
services.parsed.sap_router | object | |
services.parsed.sap_router.router_info | object | |
services.parsed.sap_router.router_info.connected_clients_info | object | |
services.parsed.sap_router.router_info.connected_clients_info.connected | boolean | |
services.parsed.sap_router.router_info.connected_clients_info.connected_on | date | |
services.parsed.sap_router.router_info.connected_clients_info.id | long | |
services.parsed.sap_router.router_info.connected_clients_info.routed | boolean | |
services.parsed.sap_router.router_info.connected_clients_info.service | text | |
services.parsed.sap_router.router_info.connected_clients_info.traced | boolean | |
services.parsed.sap_router.router_info.num_clients | long | |
services.parsed.sap_router.router_info.parent_pid | long | |
services.parsed.sap_router.router_info.parent_port | long | |
services.parsed.sap_router.router_info.pid | long | |
services.parsed.sap_router.router_info.port | long | |
services.parsed.sap_router.router_info.routtab_relative_directory | text | |
services.parsed.sap_router.router_info.sap_router_absolute_directory | text | |
services.parsed.sap_router.router_info.started_on | date | |
services.parsed.sap_router.router_version_info | object | |
services.parsed.sap_router.router_version_info.description | text | |
services.parsed.sap_router.router_version_info.release | long | |
services.parsed.sap_router.router_version_info.version | long |
SCPI
Path | Type | Docs |
---|---|---|
services.parsed.scpi | object | |
services.parsed.scpi.firmware | text | |
services.parsed.scpi.manufacturer | text | |
services.parsed.scpi.model | text | |
services.parsed.scpi.serial | text |
SER2NET
Path | Type | Docs |
---|---|---|
services.parsed.ser2net | object | |
services.parsed.ser2net.device | text | |
services.parsed.ser2net.os | text | |
services.parsed.ser2net.serial_parameters | object | |
services.parsed.ser2net.serial_parameters.baud_rate | text | |
services.parsed.ser2net.serial_parameters.data_bits | text | |
services.parsed.ser2net.serial_parameters.parity | text | |
services.parsed.ser2net.serial_parameters.stop_bits | text | |
services.parsed.ser2net.software | text | |
services.parsed.ser2net.software_version | text |
SEVEN_DAYS_TO_DIE
Path | Type | Docs |
---|---|---|
services.parsed.seven_days_to_die | object | |
services.parsed.seven_days_to_die.game_name | text | |
services.parsed.seven_days_to_die.game_type | text | |
services.parsed.seven_days_to_die.region | text | |
services.parsed.seven_days_to_die.server_url | text | |
services.parsed.seven_days_to_die.server_version | text | |
services.parsed.seven_days_to_die.steam_id | text | |
services.parsed.seven_days_to_die.version | text |
SIP
Path | Type | Docs |
---|---|---|
services.sip | object | |
services.sip.code | integer | |
services.sip.server | text | Server software reported by service |
services.sip.status | text | |
services.sip.version | text | SIP version |
SMB
Path | Type | Docs |
---|---|---|
services.smb | object | |
services.smb.group_name | text | Default group name |
services.smb.has_ntlm | boolean | Server supports the NTLM authentication method |
services.smb.native_os | text | Server-identified operating system |
services.smb.negotiation_log | object | |
services.smb.negotiation_log.authentication_types | text | |
services.smb.negotiation_log.capabilities | unsigned_long | |
services.smb.negotiation_log.dialect_revision | unsigned_long | |
services.smb.negotiation_log.header_log | object | |
services.smb.negotiation_log.header_log.command | unsigned_long | |
services.smb.negotiation_log.header_log.credits | unsigned_long | |
services.smb.negotiation_log.header_log.flags | unsigned_long | |
services.smb.negotiation_log.header_log.protocol_id | text | |
services.smb.negotiation_log.header_log.status | unsigned_long | |
services.smb.negotiation_log.security_mode | unsigned_long | |
services.smb.negotiation_log.server_guid | text | |
services.smb.negotiation_log.server_start_time | unsigned_long | |
services.smb.negotiation_log.system_time | unsigned_long | |
services.smb.ntlm | text | Native LAN manager |
services.smb.session_setup_log | object | |
services.smb.session_setup_log.header_log | object | |
services.smb.session_setup_log.header_log.command | unsigned_long | |
services.smb.session_setup_log.header_log.credits | unsigned_long | |
services.smb.session_setup_log.header_log.flags | unsigned_long | |
services.smb.session_setup_log.header_log.protocol_id | text | |
services.smb.session_setup_log.header_log.status | unsigned_long | |
services.smb.session_setup_log.negotiate_flags | unsigned_long | |
services.smb.session_setup_log.setup_flags | unsigned_long | |
services.smb.session_setup_log.target_name | text | |
services.smb.smb_capabilities | object | Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4. |
services.smb.smb_capabilities.smb_dfs_support | boolean | Server supports Distributed File System |
services.smb.smb_capabilities.smb_directory_leasing_support | boolean | Server supports directory leasing |
services.smb.smb_capabilities.smb_encryption_support | boolean | Server supports encryption |
services.smb.smb_capabilities.smb_leasing_support | boolean | Server supports Leasing |
services.smb.smb_capabilities.smb_multichan_support | boolean | Server supports multiple channels per session |
services.smb.smb_capabilities.smb_multicredit_support | boolean | Server supports multi-credit operations |
services.smb.smb_capabilities.smb_persistent_handle_support | boolean | Server supports persistent handles |
services.smb.smb_version | object | |
services.smb.smb_version.major | unsigned_long | Major version |
services.smb.smb_version.minor | unsigned_long | Minor version |
services.smb.smb_version.revision | unsigned_long | Protocol Revision |
services.smb.smb_version.version_string | text | Full SMB Version String |
services.smb.smbv1_support | boolean |
SMTP
Path | Type | Docs |
---|---|---|
services.smtp | object | |
services.smtp.banner | text | The STMP banner. |
services.smtp.ehlo | text | The server's response to the EHLO command. |
services.smtp.start_tls | text | The server's response to the STARTTLS command. |
SNMP
Path | Type | Docs |
---|---|---|
services.snmp | object | |
services.snmp.engine | object | |
services.snmp.engine.description | text | |
services.snmp.engine.engine_boots | unsigned_long | |
services.snmp.engine.engine_time | unsigned_long | |
services.snmp.engine.format | text | |
services.snmp.engine.format_data | text | |
services.snmp.engine.organization | text | |
services.snmp.engine.pen | unsigned_long | |
services.snmp.engine.raw_id | text | |
services.snmp.engine.rfc3411 | boolean | |
services.snmp.oid_interfaces | object | 1.3.6.1.2.1.2 - Interfaces |
services.snmp.oid_interfaces.num_ifaces | unsigned_long | 1.3.6.1.2.1.2.1 - Number of network interfaces |
services.snmp.oid_physical | object | 1.3.6.1.2.1.47.1.1.1.1 - Entity Physical |
services.snmp.oid_physical.firmware_rev | text | 1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string |
services.snmp.oid_physical.hardware_rev | text | 1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string |
services.snmp.oid_physical.mfg_name | text | 1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg |
services.snmp.oid_physical.model_name | text | 1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component |
services.snmp.oid_physical.name | text | 1.3.6.1.2.1.47.1.1.1.1.7 - Entity name |
services.snmp.oid_physical.serial_num | text | 1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string |
services.snmp.oid_physical.software_rev | text | 1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string |
services.snmp.oid_system | object | 1.3.6.1.2.1.1 - System Variables |
services.snmp.oid_system.contact | text | 1.3.6.1.2.1.1.4 - Contact info |
services.snmp.oid_system.desc | text | 1.3.6.1.2.1.1.1 - Description of entity |
services.snmp.oid_system.init_time | unsigned_long | 1.3.6.1.2.1.1.3 - 1/100ths of sec |
services.snmp.oid_system.location | text | 1.3.6.1.2.1.1.6 - Physical location |
services.snmp.oid_system.name | text | 1.3.6.1.2.1.1.5 - Name, usually FQDN |
services.snmp.oid_system.object_id | text | 1.3.6.1.2.1.1.2 - Vendor ID |
services.snmp.oid_system.services | object | 1.3.6.1.2.1.1.7 - Set of services offered by entity |
services.snmp.oid_system.services.layer_1 | boolean | Physical (e.g. repeaters) |
services.snmp.oid_system.services.layer_2 | boolean | Datalink/subnetwork (e.g. bridges) |
services.snmp.oid_system.services.layer_3 | boolean | Internet (e.g. IP gateways) |
services.snmp.oid_system.services.layer_4 | boolean | End-to-end (e.g. IP hosts) |
services.snmp.oid_system.services.layer_5 | boolean | OSI layer 5 |
services.snmp.oid_system.services.layer_6 | boolean | OSI layer 6 |
services.snmp.oid_system.services.layer_7 | boolean | Applications (e.g. mail relays) |
services.snmp.versions | text |
SOCKS
Path | Type | Docs |
---|---|---|
services.parsed.socks | object | |
services.parsed.socks.no_authentication_required | boolean | |
services.parsed.socks.preferred_authentication | text | |
services.parsed.socks.preferred_authentication_value | long | |
services.parsed.socks.socks_version | long |
SPICE
Path | Type | Docs |
---|---|---|
services.parsed.spice | object | |
services.parsed.spice.major_version | long | |
services.parsed.spice.minor_version | long | |
services.parsed.spice.tls_only | boolean | |
services.parsed.spice.x509_public_key | text |
SSDP
Path | Type | Docs |
---|---|---|
services.ssdp | object | |
services.ssdp.headers | nested | |
services.ssdp.headers.key | text | |
services.ssdp.headers.value | object | |
services.ssdp.headers.value.headers | text | The values provided in the corresponding header. |
services.ssdp.upnp_url | text |
STEAM_IHS
Path | Type | Docs |
---|---|---|
services.parsed.steam_ihs | object | |
services.parsed.steam_ihs.connect_port | long | |
services.parsed.steam_ihs.enabled_services | long | |
services.parsed.steam_ihs.euniverse | long | |
services.parsed.steam_ihs.games_running | boolean | |
services.parsed.steam_ihs.hostname | text | |
services.parsed.steam_ihs.ip_addresses | text | |
services.parsed.steam_ihs.is64bit | boolean | |
services.parsed.steam_ihs.mac_addresses | text | |
services.parsed.steam_ihs.min_version | long | |
services.parsed.steam_ihs.ostype | long | |
services.parsed.steam_ihs.public_ip_address | text | |
services.parsed.steam_ihs.remoteplay_active | boolean | |
services.parsed.steam_ihs.steam_application_version | text | |
services.parsed.steam_ihs.steam_deck | boolean | |
services.parsed.steam_ihs.steam_version | long | |
services.parsed.steam_ihs.supported_services | long | |
services.parsed.steam_ihs.version | long | |
services.parsed.steam_ihs.vr_active | boolean | |
services.parsed.steam_ihs.vr_link_caps | long |
TACACS_PLUS
Path | Type | Docs |
---|---|---|
services.parsed.tacacs_plus | object | |
services.parsed.tacacs_plus.data_length | long | |
services.parsed.tacacs_plus.flags | long | |
services.parsed.tacacs_plus.obfuscated | text | |
services.parsed.tacacs_plus.seq_num | long | |
services.parsed.tacacs_plus.session_id | long | |
services.parsed.tacacs_plus.type | long | |
services.parsed.tacacs_plus.version | long |
TIBIA
Path | Type | Docs |
---|---|---|
services.parsed.tibia | object | |
services.parsed.tibia.server | object | |
services.parsed.tibia.server.client_version | text | |
services.parsed.tibia.server.ip | text | |
services.parsed.tibia.server.location | text | |
services.parsed.tibia.server.name | text | |
services.parsed.tibia.server.port | text | |
services.parsed.tibia.server.server | text | |
services.parsed.tibia.server.url | text | |
services.parsed.tibia.server.version | text |
TPLINK_KASA
Path | Type | Docs |
---|---|---|
services.parsed.tplink_kasa | object | |
services.parsed.tplink_kasa.active_mode | text | |
services.parsed.tplink_kasa.brightness | long | |
services.parsed.tplink_kasa.dev_name | text | |
services.parsed.tplink_kasa.err_code | long | |
services.parsed.tplink_kasa.feature | text | |
services.parsed.tplink_kasa.hw_ver | text | |
services.parsed.tplink_kasa.icon_hash | text | |
services.parsed.tplink_kasa.led_off | long | |
services.parsed.tplink_kasa.mic_type | text | |
services.parsed.tplink_kasa.model | text | |
services.parsed.tplink_kasa.on_time | long | |
services.parsed.tplink_kasa.relay_state | long | |
services.parsed.tplink_kasa.rssi | long | |
services.parsed.tplink_kasa.sw_ver | text | |
services.parsed.tplink_kasa.updating | long |
UPNP
Path | Type | Docs |
---|---|---|
services.upnp | object | |
services.upnp.devices | object | |
services.upnp.devices.device_type | text | |
services.upnp.devices.friendly_name | text | |
services.upnp.devices.id | integer | Censys-generated IDs representing a device tree |
services.upnp.devices.manufacturer | text | |
services.upnp.devices.manufacturer_url | text | |
services.upnp.devices.model_description | text | |
services.upnp.devices.model_name | text | |
services.upnp.devices.model_number | text | |
services.upnp.devices.model_url | text | |
services.upnp.devices.parent_id | integer | |
services.upnp.devices.presentation_url | text | |
services.upnp.devices.serial_number | text | |
services.upnp.devices.service_list | object | |
services.upnp.devices.service_list.control_url | text | |
services.upnp.devices.service_list.event_sub_url | text | |
services.upnp.devices.service_list.scpd_url | text | |
services.upnp.devices.service_list.service_id | text | |
services.upnp.devices.service_list.service_type | text | |
services.upnp.devices.udn | text | |
services.upnp.devices.upc | text | |
services.upnp.endpoint | text | |
services.upnp.headers | nested | |
services.upnp.headers.key | text | |
services.upnp.headers.value | object | |
services.upnp.headers.value.headers | text | The values provided in the corresponding header. |
services.upnp.spec | object | |
services.upnp.spec.major | text | |
services.upnp.spec.minor | text |
VENTRILO
Path | Type | Docs |
---|---|---|
services.parsed.ventrilo | object | |
services.parsed.ventrilo.attrs | text | |
services.parsed.ventrilo.msgs | object | |
services.parsed.ventrilo.msgs.body | object | |
services.parsed.ventrilo.msgs.body.data | text | |
services.parsed.ventrilo.msgs.error | text | |
services.parsed.ventrilo.msgs.header | object | |
services.parsed.ventrilo.msgs.header.Crc | long | |
services.parsed.ventrilo.msgs.header.PacketLen | long | |
services.parsed.ventrilo.msgs.header.PacketNum | long | |
services.parsed.ventrilo.msgs.header.TotalPackets | long | |
services.parsed.ventrilo.msgs.header.Zero | long | |
services.parsed.ventrilo.msgs.header.cmd | long | |
services.parsed.ventrilo.msgs.header.data_key | long | |
services.parsed.ventrilo.msgs.header.header_key | long | |
services.parsed.ventrilo.msgs.header.id | long | |
services.parsed.ventrilo.msgs.header.total_len | long |
VNC
Path | Type | Docs |
---|---|---|
services.vnc | object | |
services.vnc.connection_failed_reason | text | If server terminates handshake, the reason offered (if any) |
services.vnc.desktop_name | text | Desktop name provided by the server, capped at 255 bytes |
services.vnc.pixel_encoding | object | |
services.vnc.pixel_encoding.name | text | |
services.vnc.pixel_encoding.value | integer | |
services.vnc.screen_info | object | |
services.vnc.screen_info.height | unsigned_long | |
services.vnc.screen_info.name_len | unsigned_long | |
services.vnc.screen_info.pixel_format | object | |
services.vnc.screen_info.pixel_format.big_endian | boolean | If pixel RGB data are in big-endian |
services.vnc.screen_info.pixel_format.bits_per_pixel | unsigned_long | How many bits in a single full pixel datum. Valid values are: 8, 16, 32 |
services.vnc.screen_info.pixel_format.blue_max | unsigned_long | Max value of blue pixel |
services.vnc.screen_info.pixel_format.blue_shift | unsigned_long | How many bits to right shift a pixel datum to get blue bits in lsb |
services.vnc.screen_info.pixel_format.depth | unsigned_long | Color depth |
services.vnc.screen_info.pixel_format.green_max | unsigned_long | Max value of green pixel |
services.vnc.screen_info.pixel_format.green_shift | unsigned_long | How many bits to right shift a pixel datum to get green bits in lsb |
services.vnc.screen_info.pixel_format.padding1 | unsigned_long | |
services.vnc.screen_info.pixel_format.padding2 | unsigned_long | |
services.vnc.screen_info.pixel_format.padding3 | unsigned_long | |
services.vnc.screen_info.pixel_format.red_max | unsigned_long | Max value of red pixel |
services.vnc.screen_info.pixel_format.red_shift | unsigned_long | How many bits to right shift a pixel datum to get red bits in lsb |
services.vnc.screen_info.pixel_format.true_color | boolean | If false, color maps are used |
services.vnc.screen_info.width | unsigned_long | |
services.vnc.security_types | object | server-specified security options |
services.vnc.security_types.name | text | |
services.vnc.security_types.value | integer | |
services.vnc.version | text |
WEBLOGIC_T3
Path | Type | Docs |
---|---|---|
services.parsed.weblogic_t3 | object | |
services.parsed.weblogic_t3.error | text | |
services.parsed.weblogic_t3.error_msg | text | |
services.parsed.weblogic_t3.version | text |
WINRM
Path | Type | Docs |
---|---|---|
services.parsed.winrm | object | |
services.parsed.winrm.auth_types | text | |
services.parsed.winrm.ntlm_info | object | |
services.parsed.winrm.ntlm_info.always_sign_supported | boolean | |
services.parsed.winrm.ntlm_info.challenge_type | long | |
services.parsed.winrm.ntlm_info.dns_domain_name | text | |
services.parsed.winrm.ntlm_info.dns_server_name | text | |
services.parsed.winrm.ntlm_info.dns_tree_name | text | |
services.parsed.winrm.ntlm_info.encryption_128bit_supported | boolean | |
services.parsed.winrm.ntlm_info.encryption_56bit_supported | boolean | |
services.parsed.winrm.ntlm_info.netbios_computer_name | text | |
services.parsed.winrm.ntlm_info.netbios_domain_name | text | |
services.parsed.winrm.ntlm_info.ntlm1_supported | boolean | |
services.parsed.winrm.ntlm_info.ntlm2_supported | boolean | |
services.parsed.winrm.ntlm_info.ntlm_version | long | |
services.parsed.winrm.ntlm_info.os_version | text | |
services.parsed.winrm.ntlm_info.target_name | text |
WS_DISCOVERY
Path | Type | Docs |
---|---|---|
services.parsed.ws_discovery | object | |
services.parsed.ws_discovery.addresses | text | |
services.parsed.ws_discovery.metadata_version | long | |
services.parsed.ws_discovery.scopes | text | |
services.parsed.ws_discovery.types | text |
X11
Path | Type | Docs |
---|---|---|
services.x11 | object | |
services.x11.refusal_reason | text | |
services.x11.requires_authentication | boolean | |
services.x11.vendor | text | |
services.x11.version | text |
ZEROMQ
Path | Type | Docs |
---|---|---|
services.parsed.zeromq | object | |
services.parsed.zeromq.greeting | object | |
services.parsed.zeromq.greeting.as_server | boolean | |
services.parsed.zeromq.greeting.mechanism | text | |
services.parsed.zeromq.greeting.signature | text | |
services.parsed.zeromq.greeting.version_major | long | |
services.parsed.zeromq.greeting.version_minor | long | |
services.parsed.zeromq.handshake | object | |
services.parsed.zeromq.handshake.raw | text | |
services.parsed.zeromq.handshake.ready | boolean | |
services.parsed.zeromq.handshake.socket_type | text | |
services.parsed.zeromq.subscription_match | object | |
services.parsed.zeromq.subscription_match.is_monero_node | boolean |