This page lists every field whose value can be searched within the Hosts dataset.

The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.

Hosts Categories List

Host Information

Path Type Docs
ip ip
last_updated_at date
name text
service_count integer
truncated boolean

Service Information

Path Type Docs
services nested
services.banner text
services.banner_hashes text
services.banner_hex text
services.discovery_method text
services.extended_service_name text
services.parsed object
services.perspective_id text
services.port integer
services.service_name text
services.source_ip ip
services.transport_protocol text
services.truncated boolean

Host DNS

Path Type Docs
dns object
dns.names text Names that resolve to the host
dns.reverse_dns object
dns.reverse_dns.names text
dns.reverse_dns.resolved_at date

Host Location

Path Type Docs
location object
location.city text The English name of the detected city.
location.continent keyword The English name of the detected continent (North America, Europe, Asia, South America, Africa, Oceania, Antarctica).
location.coordinates object The estimated coordinates of the detected location.
location.coordinates.latitude double
location.coordinates.longitude double
location.country text The English name of the detected country.
location.country_code keyword The detected two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.postal_code keyword The postal code (if applicable) of the detected location.
location.province text The state or province name of the detected location.
location.registered_country text The English name of the registered country.
location.registered_country_code keyword The registered country's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
location.timezone text The IANA time zone database name of the detected location.

Host Operating System

Path Type Docs
operating_system object
operating_system.component_uniform_resource_identifiers text URIs of software components related to the identified software.
operating_system.cpe text CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
operating_system.edition text Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
operating_system.language text Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
operating_system.other object Other attributes describing the identified software
operating_system.other.key text
operating_system.other.value text
operating_system.part keyword Defines the class of this software, a for application, o for operating system, h for hardware devices.
operating_system.product text Identifies the most common and recognizable title or name of the product.
operating_system.source text Defines the source that this software information was derived from.
operating_system.sw_edition text Characterizes how the product is tailored to a particular market or class of end users.
operating_system.target_hw text Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
operating_system.target_sw text Characterizes the software computing environment within which the product operates.
operating_system.update text Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
operating_system.vendor text Identifies the person or organization that manufactured or created the product.
operating_system.version text Vendor-Specific alphanumeric strings characterizing the particular release version of the product.

Host Autonomous System

Path Type Docs
autonomous_system object
autonomous_system.asn unsigned_long The ASN (autonomous system number) of the host's autonomous system.
autonomous_system.bgp_prefix ip_range The autonomous system's CIDR.
autonomous_system.country_code keyword The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
autonomous_system.description text Brief description of the autonomous system.
autonomous_system.name text The friendly name of the autonomous system.
autonomous_system.organization text The name of the organization managning the autonomous system.

Host WHOIS

Path Type Docs
whois object
whois.network object
whois.network.allocation_type text
whois.network.cidrs ip_range A set of CIDRs describing the range.
whois.network.created date
whois.network.handle text
whois.network.name text
whois.network.updated date
whois.organization object
whois.organization.abuse_contacts object
whois.organization.abuse_contacts.email text
whois.organization.abuse_contacts.handle text
whois.organization.abuse_contacts.name text
whois.organization.address text
whois.organization.admin_contacts object
whois.organization.admin_contacts.email text
whois.organization.admin_contacts.handle text
whois.organization.admin_contacts.name text
whois.organization.city text
whois.organization.country text
whois.organization.handle text
whois.organization.name text
whois.organization.postal_code text
whois.organization.state text
whois.organization.street text
whois.organization.tech_contacts object
whois.organization.tech_contacts.email text
whois.organization.tech_contacts.handle text
whois.organization.tech_contacts.name text

Software

Path Type Docs
services.software nested
services.software.component_uniform_resource_identifiers text URIs of software components related to the identified software.
services.software.cpe text CPE uri format as defined here: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
services.software.edition text Captures edition-related terms applied by the vendor to the product, deprecated in CPE 2.3, but kept for backwards compatibility with CPE 2.2.
services.software.language text Valid language tag as defined by [RFC5646], and should be used to define the language supported in the user interface of the product being described.
services.software.other object Other attributes describing the identified software
services.software.other.key text
services.software.other.value text
services.software.part keyword Defines the class of this software, a for application, o for operating system, h for hardware devices.
services.software.product text Identifies the most common and recognizable title or name of the product.
services.software.source text Defines the source that this software information was derived from.
services.software.sw_edition text Characterizes how the product is tailored to a particular market or class of end users.
services.software.target_hw text Characterizes the instruction set architecture (e.g., x86) on which the product being described. Bytecode-intermediate languages, such as Java bytecode for the Java Virtual Machine or Microsoft Common Intermediate Language for the Common Language Runtime virtual machine, are be considered instruction set architectures.
services.software.target_sw text Characterizes the software computing environment within which the product operates.
services.software.update text Vendor-Specific alphanumeric strings characterizing the particular update, service pack, or point release of the product.
services.software.vendor text Identifies the person or organization that manufactured or created the product.
services.software.version text Vendor-Specific alphanumeric strings characterizing the particular release version of the product.
services.transport_fingerprint object
services.transport_fingerprint.id integer
services.transport_fingerprint.os text
services.transport_fingerprint.quic object
services.transport_fingerprint.quic.versions unsigned_long Raw versions presented in the QUIC version negotiation packet, if any.
services.transport_fingerprint.raw text

LABELS

Path Type Docs
labels text
services.labels text

TLS

Path Type Docs
services.certificate text
services.jarm object
services.jarm.cipher_and_version_fingerprint text The first 30 byte portion of the Jarm fingerprint.
services.jarm.fingerprint text The 62 byte Jarm fingerprint of the service.
services.jarm.observed_at date The time the service was fingerprinted
services.jarm.tls_extensions_sha256 text The second 32 byte portion of the Jarm fingerprint
services.tls object
services.tls.certificate object
services.tls.certificate.added_at date When the certificate was added to the Censys dataset.
services.tls.certificate.ct object
services.tls.certificate.ct.entries nested
services.tls.certificate.ct.entries.key text
services.tls.certificate.ct.entries.value object
services.tls.certificate.ct.entries.value.added_to_ct_at date An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
services.tls.certificate.ct.entries.value.ct_to_censys_at date An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
services.tls.certificate.ct.entries.value.index long Numerical marker of the certificate's place in the CT log.
services.tls.certificate.ever_seen_in_scan boolean
services.tls.certificate.fingerprint_md5 text The MD-5 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha1 text The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
services.tls.certificate.fingerprint_sha256 text The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
services.tls.certificate.modified_at date When the certificate record was last modified.
services.tls.certificate.names text All the names contained in the certificate from various fields.
services.tls.certificate.parent_spki_subject_fingerprint_sha256 text The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.parse_status text
services.tls.certificate.parsed object A record containing all of the data parsed from the certificate.
services.tls.certificate.parsed.extensions object A record containing parsed X.509 extensions that provide additional identification information or additional cryptographic capabilities.
services.tls.certificate.parsed.extensions.authority_info_access object The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.
services.tls.certificate.parsed.extensions.authority_info_access.issuer_urls text
services.tls.certificate.parsed.extensions.authority_info_access.ocsp_urls text
services.tls.certificate.parsed.extensions.authority_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.extensions.basic_constraints object The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).
services.tls.certificate.parsed.extensions.basic_constraints.is_ca boolean Whether the certificate is permitted to sign other certificates.
services.tls.certificate.parsed.extensions.basic_constraints.max_path_len integer When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
services.tls.certificate.parsed.extensions.cabf_organization_id object CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).
services.tls.certificate.parsed.extensions.cabf_organization_id.country text
services.tls.certificate.parsed.extensions.cabf_organization_id.reference text
services.tls.certificate.parsed.extensions.cabf_organization_id.scheme text
services.tls.certificate.parsed.extensions.cabf_organization_id.state text
services.tls.certificate.parsed.extensions.certificate_policies nested The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).
services.tls.certificate.parsed.extensions.certificate_policies.cps text
services.tls.certificate.parsed.extensions.certificate_policies.id text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice nested
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.explicit_text text
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference object
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers integer
services.tls.certificate.parsed.extensions.certificate_policies.user_notice.notice_reference.organization text
services.tls.certificate.parsed.extensions.crl_distribution_points text The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).
services.tls.certificate.parsed.extensions.ct_poison boolean Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
services.tls.certificate.parsed.extensions.extended_key_usage object The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).
services.tls.certificate.parsed.extensions.extended_key_usage.any boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_development boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_code_signing_third_party boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_development_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_maintenance_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_production_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_test_env boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier0_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier1_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier2_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_crypto_tier3_qos boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_encryption boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_ichat_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_resource_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_software_update_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.apple_system_identity boolean
services.tls.certificate.parsed.extensions.extended_key_usage.client_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.dvcs boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_lan boolean
services.tls.certificate.parsed.extensions.extended_key_usage.eap_over_ppp boolean
services.tls.certificate.parsed.extensions.extended_key_usage.email_protection boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_end_system boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_tunnel boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ipsec_user boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_ca_exchange boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_csp_signature boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_document_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_drm_individualization boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_efs_recovery boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_encrypted_file_system boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_enrollment_agent boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_21 boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_key_recovery_3 boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_license_server boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_licenses boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_lifetime_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_mobile_device_software boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_nt5_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_qualified_subordinate boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_root_list_signer boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_server_gated_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_sgc_serialized boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smart_display boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_smartcard_logon boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_system_health_loophole boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_timestamp_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.microsoft_whql_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.netscape_server_gated_crypto boolean
services.tls.certificate.parsed.extensions.extended_key_usage.ocsp_signing boolean
services.tls.certificate.parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.server_auth boolean
services.tls.certificate.parsed.extensions.extended_key_usage.time_stamping boolean
services.tls.certificate.parsed.extensions.extended_key_usage.unknown text
services.tls.certificate.parsed.extensions.issuer_alt_name object The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names nested The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organization_id text
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.issuer_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.issuer_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names nested The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.issuer_alt_name.edi_party_names.party_name text
services.tls.certificate.parsed.extensions.issuer_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names nested The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.other_names.value text The raw otherName value.
services.tls.certificate.parsed.extensions.issuer_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.issuer_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.key_usage object The parsed id-ce-keyUsage extension (OID: 2.5.29.15).
services.tls.certificate.parsed.extensions.key_usage.certificate_sign boolean Whether the keyCertSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.content_commitment boolean Whether the contentCommitment (formerly called nonRepudiation) bit is set.
services.tls.certificate.parsed.extensions.key_usage.crl_sign boolean Whether the cRLSign bit is set.
services.tls.certificate.parsed.extensions.key_usage.data_encipherment boolean Whether the dataEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.decipher_only boolean Whether the decipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.digital_signature boolean Whether the digitalSignature bit is set.
services.tls.certificate.parsed.extensions.key_usage.encipher_only boolean Whether the encipherOnly bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_agreement boolean Whether the keyAgreement bit is set.
services.tls.certificate.parsed.extensions.key_usage.key_encipherment boolean Whether the keyEncipherment bit is set.
services.tls.certificate.parsed.extensions.key_usage.value unsigned_long The integer value of the bitmask in the extension.
services.tls.certificate.parsed.extensions.name_constraints object The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.
services.tls.certificate.parsed.extensions.name_constraints.critical boolean
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names nested A record providing excluded names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organization_id text
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.excluded_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names nested A record providing excluded names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.name_constraints.excluded_edi_party_names.party_name text
services.tls.certificate.parsed.extensions.name_constraints.excluded_email_addresses text A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses nested A record providing a range of excluded names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.begin text The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.cidr text The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.end text The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.excluded_ip_addresses.mask text The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.excluded_names text A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_registered_ids text A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.excluded_uris text A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names nested A record providing permitted names of the type directoryName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organization_id text
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.name_constraints.permitted_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names nested A record providing permitted names of the type ediPartyName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.name_constraints.permitted_edi_party_names.party_name text
services.tls.certificate.parsed.extensions.name_constraints.permitted_email_addresses text A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses nested A record providing a range of permitted names of the type iPAddress in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.begin text The first IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.cidr text The CIDR specifying the subtree.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.end text The last IP address in the range.
services.tls.certificate.parsed.extensions.name_constraints.permitted_ip_addresses.mask text The subnet mask of the CIDR.
services.tls.certificate.parsed.extensions.name_constraints.permitted_names text A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_registered_ids text A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.name_constraints.permitted_uris text A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.
services.tls.certificate.parsed.extensions.qc_statements object
services.tls.certificate.parsed.extensions.qc_statements.ids text
services.tls.certificate.parsed.extensions.qc_statements.parsed object
services.tls.certificate.parsed.extensions.qc_statements.parsed.etsi_compliance boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.legislation.country_codes text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.amount long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency text
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.currency_number long
services.tls.certificate.parsed.extensions.qc_statements.parsed.limit.exponent long
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.language text
services.tls.certificate.parsed.extensions.qc_statements.parsed.pds_locations.url text
services.tls.certificate.parsed.extensions.qc_statements.parsed.retention_period long
services.tls.certificate.parsed.extensions.qc_statements.parsed.sscd boolean
services.tls.certificate.parsed.extensions.qc_statements.parsed.types nested
services.tls.certificate.parsed.extensions.qc_statements.parsed.types.ids text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps nested
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.log_id text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature object
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm text
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.timestamp date
services.tls.certificate.parsed.extensions.signed_certificate_timestamps.version integer
services.tls.certificate.parsed.extensions.subject_alt_name object The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names nested The parsed directoryName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organization_id text
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.extensions.subject_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.extensions.subject_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names nested The parsed eDIPartyName entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.name_assigner text
services.tls.certificate.parsed.extensions.subject_alt_name.edi_party_names.party_name text
services.tls.certificate.parsed.extensions.subject_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names nested The parsed otherName entries in the GeneralName. An arbitrary binary value identified by an OID.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.other_names.value text The raw otherName value.
services.tls.certificate.parsed.extensions.subject_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
services.tls.certificate.parsed.extensions.subject_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.
services.tls.certificate.parsed.extensions.subject_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
services.tls.certificate.parsed.extensions.tor_service_descriptors nested
services.tls.certificate.parsed.extensions.tor_service_descriptors.algorithm_name text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash text
services.tls.certificate.parsed.extensions.tor_service_descriptors.hash_bits integer
services.tls.certificate.parsed.extensions.tor_service_descriptors.onion text
services.tls.certificate.parsed.issuer object A record containing the parsed contents of the issuer_dn.
services.tls.certificate.parsed.issuer.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.issuer.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.issuer.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.issuer.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.issuer.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.issuer.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.issuer.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.issuer.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.issuer.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.issuer.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.issuer.organization_id text
services.tls.certificate.parsed.issuer.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.issuer.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.issuer.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.issuer.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.issuer.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.issuer.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.issuer_dn text Distinguished Name of the entity that has signed and issued the certificate.
services.tls.certificate.parsed.ja4x text
services.tls.certificate.parsed.redacted boolean
services.tls.certificate.parsed.serial_number text Issuer-specific identifier of the certificate.
services.tls.certificate.parsed.serial_number_hex text Issuer-specific identifier of the certificate, represented as hexadecimal.
services.tls.certificate.parsed.signature object
services.tls.certificate.parsed.signature.self_signed boolean Whether the certificate was signed by its own key.
services.tls.certificate.parsed.signature.signature_algorithm object
services.tls.certificate.parsed.signature.signature_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.signature.signature_algorithm.oid text
services.tls.certificate.parsed.signature.valid boolean Whether the signature is valid.
services.tls.certificate.parsed.signature.value text Contents of the signature.
services.tls.certificate.parsed.subject object A record containing the parsed contents of the subject_dn.
services.tls.certificate.parsed.subject.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
services.tls.certificate.parsed.subject.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
services.tls.certificate.parsed.subject.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
services.tls.certificate.parsed.subject.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
services.tls.certificate.parsed.subject.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
services.tls.certificate.parsed.subject.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
services.tls.certificate.parsed.subject.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
services.tls.certificate.parsed.subject.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
services.tls.certificate.parsed.subject.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
services.tls.certificate.parsed.subject.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
services.tls.certificate.parsed.subject.organization_id text
services.tls.certificate.parsed.subject.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
services.tls.certificate.parsed.subject.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
services.tls.certificate.parsed.subject.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
services.tls.certificate.parsed.subject.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
services.tls.certificate.parsed.subject.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
services.tls.certificate.parsed.subject.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
services.tls.certificate.parsed.subject_dn text Distinguished Name of the entity associated with the public key.
services.tls.certificate.parsed.subject_key_info object Information about the certificate's public key.
services.tls.certificate.parsed.subject_key_info.dsa object A record containing the public portion of a DSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.dsa.g text
services.tls.certificate.parsed.subject_key_info.dsa.p text
services.tls.certificate.parsed.subject_key_info.dsa.q text
services.tls.certificate.parsed.subject_key_info.dsa.y text
services.tls.certificate.parsed.subject_key_info.ecdsa object A record containing the public portion of an ECDSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.ecdsa.b text
services.tls.certificate.parsed.subject_key_info.ecdsa.curve text
services.tls.certificate.parsed.subject_key_info.ecdsa.gx text
services.tls.certificate.parsed.subject_key_info.ecdsa.gy text
services.tls.certificate.parsed.subject_key_info.ecdsa.length long
services.tls.certificate.parsed.subject_key_info.ecdsa.n text
services.tls.certificate.parsed.subject_key_info.ecdsa.p text
services.tls.certificate.parsed.subject_key_info.ecdsa.pub text
services.tls.certificate.parsed.subject_key_info.ecdsa.x text
services.tls.certificate.parsed.subject_key_info.ecdsa.y text
services.tls.certificate.parsed.subject_key_info.fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
services.tls.certificate.parsed.subject_key_info.key_algorithm object A record containing information about the type of subject key algorithm and any relevant parameters.
services.tls.certificate.parsed.subject_key_info.key_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
services.tls.certificate.parsed.subject_key_info.key_algorithm.oid text
services.tls.certificate.parsed.subject_key_info.rsa object A record containing the public portion of an RSA asymmetric key.
services.tls.certificate.parsed.subject_key_info.rsa.exponent long The RSA key's public exponent (e).
services.tls.certificate.parsed.subject_key_info.rsa.length long Bit-length of the RSA modulus.
services.tls.certificate.parsed.subject_key_info.rsa.modulus text The RSA key's modulus (n) in big-endian encoding.
services.tls.certificate.parsed.subject_key_info.unrecognized object A record containing known information about an unrecognized key type.
services.tls.certificate.parsed.subject_key_info.unrecognized.raw text
services.tls.certificate.parsed.unknown_extensions nested
services.tls.certificate.parsed.unknown_extensions.critical boolean
services.tls.certificate.parsed.unknown_extensions.id text
services.tls.certificate.parsed.unknown_extensions.value text
services.tls.certificate.parsed.validity_period object Information about the time for which the certificate is valid.
services.tls.certificate.parsed.validity_period.length_seconds long The duration of the certificate's validity period, in seconds.
services.tls.certificate.parsed.validity_period.not_after date An RFC-3339-formatted timestamp after which the certificate is no longer valid.
services.tls.certificate.parsed.validity_period.not_before date An RFC-3339-formatted timestamp before which the certificate is not valid.
services.tls.certificate.parsed.version integer
services.tls.certificate.precert boolean Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted.
services.tls.certificate.revocation object A record containing revocation information, if the certificate has been revoked.
services.tls.certificate.revocation.crl object
services.tls.certificate.revocation.crl.next_update date
services.tls.certificate.revocation.crl.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.crl.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.crl.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revocation.ocsp object
services.tls.certificate.revocation.ocsp.next_update date
services.tls.certificate.revocation.ocsp.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
services.tls.certificate.revocation.ocsp.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
services.tls.certificate.revocation.ocsp.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
services.tls.certificate.spki_subject_fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
services.tls.certificate.tbs_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate's contents.
services.tls.certificate.tbs_no_ct_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.
services.tls.certificate.validated_at date When the certificate record's trust was last checked.
services.tls.certificate.validation object A record containing information from the maintainers of major root certificate stores related to their trust assessment.
services.tls.certificate.validation.apple object A record containing validation information about the certificate from the Apple root store.
services.tls.certificate.validation.apple.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.apple.chains.sha256fp text
services.tls.certificate.validation.apple.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.apple.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.apple.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.apple.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.apple.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.apple.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.chrome object A record containing validation information about the certificate from the Chrome root store.
services.tls.certificate.validation.chrome.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.chrome.chains.sha256fp text
services.tls.certificate.validation.chrome.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.chrome.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.chrome.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.chrome.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.chrome.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.chrome.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.microsoft object A record containing validation information about the certificate from the Microsoft root store.
services.tls.certificate.validation.microsoft.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.microsoft.chains.sha256fp text
services.tls.certificate.validation.microsoft.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.microsoft.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.microsoft.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.microsoft.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.microsoft.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.microsoft.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation.nss object A record containing validation information about the certificate from the Mozilla NSS root store.
services.tls.certificate.validation.nss.chains nested A path of trusted signing certificates up to a root certificate present in a root store, represented as an ordered list of SHA-256 fingerprints.
services.tls.certificate.validation.nss.chains.sha256fp text
services.tls.certificate.validation.nss.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
services.tls.certificate.validation.nss.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
services.tls.certificate.validation.nss.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
services.tls.certificate.validation.nss.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
services.tls.certificate.validation.nss.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).
services.tls.certificate.validation.nss.type text The certificate's type. Options include root, intermediate, or leaf.
services.tls.certificate.validation_level text The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).
services.tls.certificate.zlint object A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.
services.tls.certificate.zlint.errors_present boolean Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.failed_lints text A list of lint names which failed, if applicable.
services.tls.certificate.zlint.fatals_present boolean Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.notices_present boolean Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
services.tls.certificate.zlint.timestamp date An RFC-3339-formated timestamp indicating when the certificate was linted.
services.tls.certificate.zlint.version long The version of Zlint used to lint the certificate.
services.tls.certificate.zlint.warnings_present boolean Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.
services.tls.certificates object Certificate and certificate chain details.
services.tls.certificates.chain object Certificate chain information.
services.tls.certificates.chain.fingerprint keyword SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.certificates.chain.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.chain.subject_dn text Distinguished name of the entity that the certificate belongs to.
services.tls.certificates.chain_fps_sha_256 keyword DEPRECATED (04/30/2021) - Use `chain` instead.
services.tls.certificates.leaf_data object The TBS Certificate information.
services.tls.certificates.leaf_data.fingerprint keyword SHA256 fingerprint of the TBS certificate.
services.tls.certificates.leaf_data.issuer object Issuer distinguished name attributes.
services.tls.certificates.leaf_data.issuer.common_name text
services.tls.certificates.leaf_data.issuer.country text
services.tls.certificates.leaf_data.issuer.domain_component text
services.tls.certificates.leaf_data.issuer.email_address text
services.tls.certificates.leaf_data.issuer.jurisdiction_country text
services.tls.certificates.leaf_data.issuer.jurisdiction_locality text
services.tls.certificates.leaf_data.issuer.jurisdiction_province text
services.tls.certificates.leaf_data.issuer.locality text
services.tls.certificates.leaf_data.issuer.organization text
services.tls.certificates.leaf_data.issuer.organization_id text
services.tls.certificates.leaf_data.issuer.organizational_unit text
services.tls.certificates.leaf_data.issuer.postal_code keyword
services.tls.certificates.leaf_data.issuer.province text
services.tls.certificates.leaf_data.issuer.serial_number keyword
services.tls.certificates.leaf_data.issuer.street_address text
services.tls.certificates.leaf_data.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.certificates.leaf_data.names text Common names for the entity.
services.tls.certificates.leaf_data.pubkey_algorithm text Algorithm used to create the public key.
services.tls.certificates.leaf_data.pubkey_bit_size integer Size of the public key.
services.tls.certificates.leaf_data.public_key object Subject public key information.
services.tls.certificates.leaf_data.public_key.dsa object
services.tls.certificates.leaf_data.public_key.dsa.g text
services.tls.certificates.leaf_data.public_key.dsa.p text
services.tls.certificates.leaf_data.public_key.dsa.q text
services.tls.certificates.leaf_data.public_key.dsa.y text
services.tls.certificates.leaf_data.public_key.ecdsa object
services.tls.certificates.leaf_data.public_key.ecdsa.b text
services.tls.certificates.leaf_data.public_key.ecdsa.curve keyword
services.tls.certificates.leaf_data.public_key.ecdsa.gx text
services.tls.certificates.leaf_data.public_key.ecdsa.gy text
services.tls.certificates.leaf_data.public_key.ecdsa.length unsigned_long
services.tls.certificates.leaf_data.public_key.ecdsa.n text
services.tls.certificates.leaf_data.public_key.ecdsa.p text
services.tls.certificates.leaf_data.public_key.ecdsa.pub text
services.tls.certificates.leaf_data.public_key.ecdsa.x text
services.tls.certificates.leaf_data.public_key.ecdsa.y text
services.tls.certificates.leaf_data.public_key.fingerprint text
services.tls.certificates.leaf_data.public_key.key_algorithm keyword
services.tls.certificates.leaf_data.public_key.rsa object
services.tls.certificates.leaf_data.public_key.rsa.exponent text
services.tls.certificates.leaf_data.public_key.rsa.length unsigned_long
services.tls.certificates.leaf_data.public_key.rsa.modulus text
services.tls.certificates.leaf_data.signature object Certificate signature information.
services.tls.certificates.leaf_data.signature.self_signed boolean Denotes if the certificate was self signed.
services.tls.certificates.leaf_data.signature.signature_algorithm keyword Cryptographic algorithm used by the CA to sign this certificate.
services.tls.certificates.leaf_data.subject object Subject distinguished name attributes.
services.tls.certificates.leaf_data.subject.common_name text
services.tls.certificates.leaf_data.subject.country text
services.tls.certificates.leaf_data.subject.domain_component text
services.tls.certificates.leaf_data.subject.email_address text
services.tls.certificates.leaf_data.subject.jurisdiction_country text
services.tls.certificates.leaf_data.subject.jurisdiction_locality text
services.tls.certificates.leaf_data.subject.jurisdiction_province text
services.tls.certificates.leaf_data.subject.locality text
services.tls.certificates.leaf_data.subject.organization text
services.tls.certificates.leaf_data.subject.organization_id text
services.tls.certificates.leaf_data.subject.organizational_unit text
services.tls.certificates.leaf_data.subject.postal_code keyword
services.tls.certificates.leaf_data.subject.province text
services.tls.certificates.leaf_data.subject.serial_number keyword
services.tls.certificates.leaf_data.subject.street_address text
services.tls.certificates.leaf_data.subject_dn text Distinguished name of the entity associated with the public key.
services.tls.certificates.leaf_data.tbs_fingerprint keyword Fingerprint of the TBS certificate.
services.tls.certificates.leaf_fp_sha_256 keyword SHA 256 fingerprint of the TBS certificate.
services.tls.cipher_selected text Cipher suite chosen for the exchange.
services.tls.ja3s text The JA3S fingerprint for this service.
services.tls.ja4s text
services.tls.presented_chain object Certificate chain information.
services.tls.presented_chain.fingerprint keyword SHA 256 fingerprint of the certificate in the certificate chain.
services.tls.presented_chain.issuer_dn text Distinguished name of the entity that has signed and issued the certificate.
services.tls.presented_chain.subject_dn text Distinguished name of the entity that the certificate belongs to.
services.tls.server_key_exchange object
services.tls.server_key_exchange.ec_params object Elliptic-Curve key exchange parameters used.
services.tls.server_key_exchange.ec_params.named_curve unsigned_long Elliptic-Curve ID value.
services.tls.server_key_exchange.ec_params.public_key text
services.tls.session_ticket object The new session ticket sent by the server to the client.
services.tls.session_ticket.length unsigned_long
services.tls.session_ticket.lifetime_hint unsigned_long Hint from server about how long the session ticket should be stored.
services.tls.version_selected text Certificate version v1(0), v2(1), v3(2).
services.tls.versions object
services.tls.versions.ja3s text
services.tls.versions.ja4s text
services.tls.versions.tls_version text

HTTP

Path Type Docs
services.http object
services.http.request object
services.http.request.body text The body sent in the HTTP request, always empty.
services.http.request.headers nested The key:value header pairs included in the HTTP request, which always includes a Censys User-Agent.
services.http.request.headers.key text
services.http.request.headers.value object
services.http.request.headers.value.headers text The values provided in the corresponding header.
services.http.request.method text The HTTP method used for the request, always "GET".
services.http.request.uri text The full path used to make the request, which includes the scheme, host, port (when non-standard), and endpoint.
services.http.response object
services.http.response.body text The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.http.response.body_hashes text A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.http.response.body_size integer The length, in bytes, of services.http.response.body; at most, 64KB.
services.http.response.favicons object
services.http.response.favicons.hashes text A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.http.response.favicons.md5_hash keyword The hexadecimal MD5 digest of the favicon.
services.http.response.favicons.name text The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.http.response.favicons.shodan_hash integer A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.http.response.favicons.size integer The size of the favicon retrieved, in bytes.
services.http.response.headers nested The key-value header pairs included in the response.
services.http.response.headers.key text
services.http.response.headers.value object
services.http.response.headers.value.headers text The values provided in the corresponding header.
services.http.response.html_tags text A list of the <title> and <meta> tags from services.http.response.body.
services.http.response.html_title text The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.http.response.protocol text The protocol field of the response, which includes the claimed HTTP version number.
services.http.response.status_code integer A 3-digit integer result code indicating the result of the services.http.request.
services.http.response.status_reason text A human-readable phrase describing the status code.
services.http.supports_http2 boolean Whether a HTTP/2 handshake with the server succeeded.

SSH

Path Type Docs
services.ssh object
services.ssh.algorithm_selection object
services.ssh.algorithm_selection.client_to_server_alg_group object
services.ssh.algorithm_selection.client_to_server_alg_group.cipher text
services.ssh.algorithm_selection.client_to_server_alg_group.compression text
services.ssh.algorithm_selection.client_to_server_alg_group.mac text
services.ssh.algorithm_selection.host_key_algorithm text
services.ssh.algorithm_selection.kex_algorithm text
services.ssh.algorithm_selection.server_to_client_alg_group object
services.ssh.algorithm_selection.server_to_client_alg_group.cipher text
services.ssh.algorithm_selection.server_to_client_alg_group.compression text
services.ssh.algorithm_selection.server_to_client_alg_group.mac text
services.ssh.endpoint_id object
services.ssh.endpoint_id.comment text
services.ssh.endpoint_id.protocol_version text
services.ssh.endpoint_id.raw text
services.ssh.endpoint_id.software_version text
services.ssh.hassh_fingerprint text
services.ssh.kex_init_message object
services.ssh.kex_init_message.client_to_server_ciphers text A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.client_to_server_compression text A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.client_to_server_languages text A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.client_to_server_macs text A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.kex_init_message.first_kex_follows boolean
services.ssh.kex_init_message.host_key_algorithms text Asymmetric key algorithms for the host key supported by the client.
services.ssh.kex_init_message.kex_algorithms text Key exchange algorithms used in the handshake.
services.ssh.kex_init_message.server_to_client_ciphers text A list of ssh cipher algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.
services.ssh.kex_init_message.server_to_client_compression text A list of ssh compression algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.
services.ssh.kex_init_message.server_to_client_languages text A name-list of language tags in order of preference. As Defined in https://www.ietf.org/rfc/rfc3066.txt.
services.ssh.kex_init_message.server_to_client_macs text A list of ssh MAC algorithm identifiers, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.
services.ssh.server_host_key object
services.ssh.server_host_key.certkey_public_key text
services.ssh.server_host_key.dsa_public_key object
services.ssh.server_host_key.dsa_public_key.g text
services.ssh.server_host_key.dsa_public_key.p text
services.ssh.server_host_key.dsa_public_key.q text
services.ssh.server_host_key.dsa_public_key.y text
services.ssh.server_host_key.ecdsa_public_key object
services.ssh.server_host_key.ecdsa_public_key.b text
services.ssh.server_host_key.ecdsa_public_key.curve keyword
services.ssh.server_host_key.ecdsa_public_key.gx text
services.ssh.server_host_key.ecdsa_public_key.gy text
services.ssh.server_host_key.ecdsa_public_key.length unsigned_long
services.ssh.server_host_key.ecdsa_public_key.n text
services.ssh.server_host_key.ecdsa_public_key.p text
services.ssh.server_host_key.ecdsa_public_key.pub text
services.ssh.server_host_key.ecdsa_public_key.x text
services.ssh.server_host_key.ecdsa_public_key.y text
services.ssh.server_host_key.ed25519_public_key object
services.ssh.server_host_key.ed25519_public_key.public_bytes text
services.ssh.server_host_key.fingerprint_sha256 text
services.ssh.server_host_key.rsa_public_key object
services.ssh.server_host_key.rsa_public_key.exponent text
services.ssh.server_host_key.rsa_public_key.length unsigned_long
services.ssh.server_host_key.rsa_public_key.modulus text

TELNET

Path Type Docs
services.telnet object
services.telnet.banner text
services.telnet.do object
services.telnet.do.key unsigned_long
services.telnet.do.value text
services.telnet.dont object
services.telnet.dont.key unsigned_long
services.telnet.dont.value text
services.telnet.will object
services.telnet.will.key unsigned_long
services.telnet.will.value text
services.telnet.wont object
services.telnet.wont.key unsigned_long
services.telnet.wont.value text

FTP

Path Type Docs
services.ftp object
services.ftp.auth_ssl_response text
services.ftp.auth_tls_response text
services.ftp.banner text
services.ftp.implicit_tls boolean
services.ftp.status_code integer
services.ftp.status_meaning text

DNS

Path Type Docs
services.dns object
services.dns.additionals object A list of resource records (RRs) contained in the ADDITIONAL section of the response.
services.dns.additionals.name text The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.additionals.response text The RDATA field of the RR.
services.dns.additionals.type text An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.answers object A list of resource records (RRs) contained in the ANSWER section of the response.
services.dns.answers.name text The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.answers.response text The RDATA field of the RR.
services.dns.answers.type text An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.authorities object A list of resource records (RRs) contained in the AUTHORITIES section of the response.
services.dns.authorities.name text The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.authorities.response text The RDATA field of the RR.
services.dns.authorities.type text An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.edns object
services.dns.edns.do boolean
services.dns.edns.options text
services.dns.edns.udp unsigned_long
services.dns.edns.version unsigned_long
services.dns.questions object A list of resource records (RRs) contained in the QUESTION section of the response, which may echo the request that the server is responding to.
services.dns.questions.name text The Fully Qualified Domain Name (FQDN) this RR is for.
services.dns.questions.response text The RDATA field of the RR.
services.dns.questions.type text An enumerated field indicating what type of data is in the "services.dns.additionals.response" field. For example, "A" signifies that the value in "services.dns.additionals.response" is an IPv4 address for the FQDN in "services.dns.additionals.name".
services.dns.r_code text A enumerated field indicating the result of the request. The most common values are defined in RFC 1035.
services.dns.resolves_correctly boolean Whether the server returns an IP address for ip.parrotdns.com that matches the authoritative server, which is controlled by Censys.
services.dns.server_type text An enumerated value indicating the behavior of the server. An AUTHORITATIVE server fulfills requests for domain names it controls, which are not listed by the server. FORWARDING and RECURSIVE_RESOLVER servers fulfill requests indirectly for domain names they do not control. A RECURSIVE_RESOLVER will query ip.parrotdns.com itself, resulting in its own IP address being present in the dns.answers.response field.
services.dns.version text

ACTIVEMQ

Path Type Docs
services.parsed.activemq object
services.parsed.activemq.cache_enabled boolean
services.parsed.activemq.cache_size long
services.parsed.activemq.max_frame_size long
services.parsed.activemq.max_inactivity_duration long
services.parsed.activemq.platform_details text
services.parsed.activemq.provider_name text
services.parsed.activemq.provider_version text
services.parsed.activemq.size_prefix_disabled boolean
services.parsed.activemq.stack_trace_enabled boolean
services.parsed.activemq.tight_encoding_enabled boolean

AMQP

Path Type Docs
services.amqp object
services.amqp.explicit_tls boolean Connected via a TLS connection after initial handshake
services.amqp.implicit_tls boolean Connected via a TLS wrapped connection (AMQPS)
services.amqp.protocol_id object
services.amqp.protocol_id.id unsigned_long
services.amqp.protocol_id.name text
services.amqp.version object
services.amqp.version.major unsigned_long
services.amqp.version.minor unsigned_long
services.amqp.version.revision unsigned_long

ANY_CONNECT

Path Type Docs
services.any_connect object
services.any_connect.aggregate_auth_version integer Version number indicated by the response for config-auth exchange
services.any_connect.auth_methods text Supported methods for users to enter credentials for this VPN
services.any_connect.groups text List of groups a user can authenticate with to use this VPN
services.any_connect.raw text XML content of the config-auth response
services.any_connect.response_type text Type of the response packet received after initializing the config-auth exchange

BACNET

Path Type Docs
services.bacnet object
services.bacnet.application_software_revision text
services.bacnet.description text
services.bacnet.firmware_revision text
services.bacnet.instance_number unsigned_long
services.bacnet.location text
services.bacnet.model_name text
services.bacnet.object_name text
services.bacnet.vendor_id unsigned_long
services.bacnet.vendor_name text

CHECKPOINT_TOPOLOGY

Path Type Docs
services.parsed.checkpoint_topology object
services.parsed.checkpoint_topology.common_name text
services.parsed.checkpoint_topology.organization text

CHROMECAST

Path Type Docs
services.parsed.chromecast object
services.parsed.chromecast.applications object
services.parsed.chromecast.applications.app_id text
services.parsed.chromecast.applications.app_type text
services.parsed.chromecast.applications.display_name text
services.parsed.chromecast.applications.namespaces object
services.parsed.chromecast.applications.namespaces.name text
services.parsed.chromecast.applications.session_id text
services.parsed.chromecast.applications.transport_id text
services.parsed.chromecast.protocol_version long
services.parsed.chromecast.volume object
services.parsed.chromecast.volume.control_type text
services.parsed.chromecast.volume.level float
services.parsed.chromecast.volume.muted boolean
services.parsed.chromecast.volume.step_interval float

CISCO_IPSLA

Path Type Docs
services.parsed.cisco_ipsla object
services.parsed.cisco_ipsla.handshake object
services.parsed.cisco_ipsla.handshake.header object
services.parsed.cisco_ipsla.handshake.header.length long
services.parsed.cisco_ipsla.handshake.header.seq long
services.parsed.cisco_ipsla.handshake.header.unknown long
services.parsed.cisco_ipsla.handshake.header.version long
services.parsed.cisco_ipsla.handshake.message object
services.parsed.cisco_ipsla.handshake.message.ip text
services.parsed.cisco_ipsla.handshake.message.length long
services.parsed.cisco_ipsla.handshake.message.port long
services.parsed.cisco_ipsla.handshake.message.type long

COAP

Path Type Docs
services.coap object
services.coap.code text
services.coap.message_id unsigned_long
services.coap.message_type text
services.coap.payload text
services.coap.token text
services.coap.version unsigned_long

COBALT_STRIKE

Path Type Docs
services.cobalt_strike object
services.cobalt_strike.x64 object
services.cobalt_strike.x64.cookie_beacon unsigned_long
services.cobalt_strike.x64.crypto_scheme unsigned_long
services.cobalt_strike.x64.dns boolean
services.cobalt_strike.x64.http_get object
services.cobalt_strike.x64.http_get.client text
services.cobalt_strike.x64.http_get.uri text
services.cobalt_strike.x64.http_get.verb text
services.cobalt_strike.x64.http_post object
services.cobalt_strike.x64.http_post.client text
services.cobalt_strike.x64.http_post.uri text
services.cobalt_strike.x64.http_post.verb text
services.cobalt_strike.x64.jitter unsigned_long
services.cobalt_strike.x64.killdate unsigned_long
services.cobalt_strike.x64.post_ex object
services.cobalt_strike.x64.post_ex.x64 text
services.cobalt_strike.x64.post_ex.x86 text
services.cobalt_strike.x64.public_key text
services.cobalt_strike.x64.sleep_time unsigned_long
services.cobalt_strike.x64.ssl boolean
services.cobalt_strike.x64.unknown_bytes object
services.cobalt_strike.x64.unknown_bytes.key unsigned_long
services.cobalt_strike.x64.unknown_bytes.value text
services.cobalt_strike.x64.unknown_int object
services.cobalt_strike.x64.unknown_int.key unsigned_long
services.cobalt_strike.x64.unknown_int.value unsigned_long
services.cobalt_strike.x64.user_agent text
services.cobalt_strike.x64.watermark unsigned_long
services.cobalt_strike.x86 object
services.cobalt_strike.x86.cookie_beacon unsigned_long
services.cobalt_strike.x86.crypto_scheme unsigned_long
services.cobalt_strike.x86.dns boolean
services.cobalt_strike.x86.http_get object
services.cobalt_strike.x86.http_get.client text
services.cobalt_strike.x86.http_get.uri text
services.cobalt_strike.x86.http_get.verb text
services.cobalt_strike.x86.http_post object
services.cobalt_strike.x86.http_post.client text
services.cobalt_strike.x86.http_post.uri text
services.cobalt_strike.x86.http_post.verb text
services.cobalt_strike.x86.jitter unsigned_long
services.cobalt_strike.x86.killdate unsigned_long
services.cobalt_strike.x86.post_ex object
services.cobalt_strike.x86.post_ex.x64 text
services.cobalt_strike.x86.post_ex.x86 text
services.cobalt_strike.x86.public_key text
services.cobalt_strike.x86.sleep_time unsigned_long
services.cobalt_strike.x86.ssl boolean
services.cobalt_strike.x86.unknown_bytes object
services.cobalt_strike.x86.unknown_bytes.key unsigned_long
services.cobalt_strike.x86.unknown_bytes.value text
services.cobalt_strike.x86.unknown_int object
services.cobalt_strike.x86.unknown_int.key unsigned_long
services.cobalt_strike.x86.unknown_int.value unsigned_long
services.cobalt_strike.x86.user_agent text
services.cobalt_strike.x86.watermark unsigned_long

CRESTRON_CP3

Path Type Docs
services.parsed.crestron_cp3 object
services.parsed.crestron_cp3.version_string text

CWMP

Path Type Docs
services.cwmp object
services.cwmp.http_info object
services.cwmp.http_info.body text The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.cwmp.http_info.body_hashes text A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.cwmp.http_info.body_size integer The length, in bytes, of services.http.response.body; at most, 64KB.
services.cwmp.http_info.favicons object
services.cwmp.http_info.favicons.hashes text A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.cwmp.http_info.favicons.md5_hash keyword The hexadecimal MD5 digest of the favicon.
services.cwmp.http_info.favicons.name text The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.cwmp.http_info.favicons.shodan_hash integer A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.cwmp.http_info.favicons.size integer The size of the favicon retrieved, in bytes.
services.cwmp.http_info.headers nested The key-value header pairs included in the response.
services.cwmp.http_info.headers.key text
services.cwmp.http_info.headers.value object
services.cwmp.http_info.headers.value.headers text The values provided in the corresponding header.
services.cwmp.http_info.html_tags text A list of the <title> and <meta> tags from services.http.response.body.
services.cwmp.http_info.html_title text The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.cwmp.http_info.protocol text The protocol field of the response, which includes the claimed HTTP version number.
services.cwmp.http_info.status_code integer A 3-digit integer result code indicating the result of the services.http.request.
services.cwmp.http_info.status_reason text A human-readable phrase describing the status code.
services.parsed.cwmp object
services.parsed.cwmp.auth text
services.parsed.cwmp.cookies text
services.parsed.cwmp.server text

DARKCOMET

Path Type Docs
services.parsed.darkcomet object
services.parsed.darkcomet.version text

DCERPC

Path Type Docs
services.parsed.dcerpc object
services.parsed.dcerpc.could_bind boolean
services.parsed.dcerpc.could_query_epm boolean
services.parsed.dcerpc.endpoints object
services.parsed.dcerpc.endpoints.bindings text
services.parsed.dcerpc.endpoints.executable text
services.parsed.dcerpc.endpoints.explained_uuid text
services.parsed.dcerpc.endpoints.protocol text

DHCPDISCOVER

Path Type Docs
services.parsed.dhcpdiscover object
services.parsed.dhcpdiscover.method text
services.parsed.dhcpdiscover.params object
services.parsed.dhcpdiscover.params.device_info object
services.parsed.dhcpdiscover.params.device_info.alarm_input_channels long
services.parsed.dhcpdiscover.params.device_info.alarm_output_channels long
services.parsed.dhcpdiscover.params.device_info.device_class text
services.parsed.dhcpdiscover.params.device_info.device_id text
services.parsed.dhcpdiscover.params.device_info.device_type text
services.parsed.dhcpdiscover.params.device_info.http_port long
services.parsed.dhcpdiscover.params.device_info.ipv4_address object
services.parsed.dhcpdiscover.params.device_info.ipv4_address.default_gateway text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.dhcp_enable boolean
services.parsed.dhcpdiscover.params.device_info.ipv4_address.ip_address text
services.parsed.dhcpdiscover.params.device_info.ipv4_address.subnetmask text
services.parsed.dhcpdiscover.params.device_info.ipv6_address object
services.parsed.dhcpdiscover.params.device_info.ipv6_address.default_gateway text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.dhcp_enable boolean
services.parsed.dhcpdiscover.params.device_info.ipv6_address.ip_address text
services.parsed.dhcpdiscover.params.device_info.ipv6_address.link_local_address text
services.parsed.dhcpdiscover.params.device_info.machine_group text
services.parsed.dhcpdiscover.params.device_info.machine_name text
services.parsed.dhcpdiscover.params.device_info.manufacturer text
services.parsed.dhcpdiscover.params.device_info.port long
services.parsed.dhcpdiscover.params.device_info.remote_video_input_channels long
services.parsed.dhcpdiscover.params.device_info.serial_no text
services.parsed.dhcpdiscover.params.device_info.unlogin_func_mask long
services.parsed.dhcpdiscover.params.device_info.vendor text
services.parsed.dhcpdiscover.params.device_info.version text
services.parsed.dhcpdiscover.params.device_info.video_input_channels long
services.parsed.dhcpdiscover.params.device_info.video_output_channels long

DNP3

Path Type Docs
services.dnp3 object
services.dnp3.banner text

DVR_IP

Path Type Docs
services.parsed.dvr_ip object
services.parsed.dvr_ip.function_capability text
services.parsed.dvr_ip.function_list text
services.parsed.dvr_ip.hard_drive text
services.parsed.dvr_ip.language_support text
services.parsed.dvr_ip.network_status text
services.parsed.dvr_ip.oem_info text
services.parsed.dvr_ip.partition_capability object
services.parsed.dvr_ip.partition_capability.max_partition_number long
services.parsed.dvr_ip.partition_capability.supported boolean
services.parsed.dvr_ip.serial text
services.parsed.dvr_ip.split_screen_capability text
services.parsed.dvr_ip.version text
services.parsed.dvr_ip.wireless_alarm_capability text

EIP

Path Type Docs
services.parsed.eip object
services.parsed.eip.identity object
services.parsed.eip.identity.device_type text
services.parsed.eip.identity.device_type_code long
services.parsed.eip.identity.product_code long
services.parsed.eip.identity.product_name text
services.parsed.eip.identity.revision text
services.parsed.eip.identity.serial_number long
services.parsed.eip.identity.socket_addr text
services.parsed.eip.identity.socket_port long
services.parsed.eip.identity.state long
services.parsed.eip.identity.status long
services.parsed.eip.identity.vendor_id text
services.parsed.eip.identity.vendor_name text
services.parsed.eip.interfaces object
services.parsed.eip.interfaces.index long
services.parsed.eip.interfaces.name text
services.parsed.eip.services object
services.parsed.eip.services.capabilities long
services.parsed.eip.services.service_name text
services.parsed.eip.services.supports_tcp boolean
services.parsed.eip.services.supports_udp boolean

ELASTICSEARCH

Path Type Docs
services.elasticsearch object
services.elasticsearch.http_info object Information about the underlying HTTP connection.
services.elasticsearch.http_info.headers nested The key-value header pairs included in the response to the request for the root endpoint (/).
services.elasticsearch.http_info.headers.key text
services.elasticsearch.http_info.headers.value object
services.elasticsearch.http_info.headers.value.headers text The values provided in the corresponding header.
services.elasticsearch.http_info.status text A human-readable phrase describing the status code.
services.elasticsearch.http_info.status_code integer A 3-digit integer result code indicating the response to a request for the root endpoint (/).
services.elasticsearch.node_info object
services.elasticsearch.node_info.cluster_combined_info object
services.elasticsearch.node_info.cluster_combined_info.filesystem object
services.elasticsearch.node_info.cluster_combined_info.filesystem.available text The amount of free disk space that the node can utilize, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.available_in_bytes unsigned_long The amount of free disk space that the node can utilize, in bytes.
services.elasticsearch.node_info.cluster_combined_info.filesystem.free text The total amount of unallocated disk space on the node, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.free_in_bytes unsigned_long The total amount of unallocated disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.filesystem.total text The total amount of disk space on the node, in an easy-to-read format.
services.elasticsearch.node_info.cluster_combined_info.filesystem.total_in_bytes unsigned_long The total amount of disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.indices object
services.elasticsearch.node_info.cluster_combined_info.indices.count unsigned_long The number of indices on the node.
services.elasticsearch.node_info.cluster_combined_info.indices.docs object
services.elasticsearch.node_info.cluster_combined_info.indices.docs.count unsigned_long The total number of documents across all indices on this node.
services.elasticsearch.node_info.cluster_combined_info.indices.docs.deleted unsigned_long The total number of deleted documents across all indices on this node.
services.elasticsearch.node_info.cluster_combined_info.indices.store object
services.elasticsearch.node_info.cluster_combined_info.indices.store.reserved_in_bytes unsigned_long A prediction, in bytes, of how much larger the shard stores will eventually grow due to ongoing peer recoveries, restoring snapshots, and similar activities.
services.elasticsearch.node_info.cluster_combined_info.indices.store.size_in_bytes unsigned_long The total amount of disk space on the node, in bytes.
services.elasticsearch.node_info.cluster_combined_info.name text
services.elasticsearch.node_info.cluster_combined_info.status text An enumerated value representing the health status of the cluster. Green signifies no issues, yellow signifies that at least one replica shard is unassigned, and red signifies that at least one primary shard is unassigned.
services.elasticsearch.node_info.cluster_combined_info.timestamp unsigned_long The last time the cluster statistics were refreshed, in unix milliseconds.
services.elasticsearch.node_info.cluster_combined_info.uuid text The unique identifier for the cluster.
services.elasticsearch.node_info.nodes object
services.elasticsearch.node_info.nodes.node_data object
services.elasticsearch.node_info.nodes.node_data.build_flavor text An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown".
services.elasticsearch.node_info.nodes.node_data.build_hash text The short hash of the git commit used to compile this version of the software.
services.elasticsearch.node_info.nodes.node_data.build_type text An enumerated value indicating the file format in which the Elasticsearch executable was retrieved.
services.elasticsearch.node_info.nodes.node_data.host text The self-reported identifier of the node.
services.elasticsearch.node_info.nodes.node_data.ingest_processors text A list of the types of data processors the node has available.
services.elasticsearch.node_info.nodes.node_data.ip ip The IP address of the node.
services.elasticsearch.node_info.nodes.node_data.jvm object Information about the node's Java Virtual Machine configuration.
services.elasticsearch.node_info.nodes.node_data.jvm.gc text A list of the garbage-collection algorithms in use.
services.elasticsearch.node_info.nodes.node_data.jvm.input_args text The command-line arguments provided to the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.jvm.memory_pools text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time text
services.elasticsearch.node_info.nodes.node_data.jvm.start_time_ms unsigned_long The time the Java Virtual Machine was started, in unix milliseconds.
services.elasticsearch.node_info.nodes.node_data.jvm.version text The version of Java the Java Virtual Machine is using.
services.elasticsearch.node_info.nodes.node_data.jvm.vm_name text The name of the Java Virtual Machine the node is using (e.g. OpenJDK).
services.elasticsearch.node_info.nodes.node_data.jvm.vm_vendor text The name of the person or organization that created or maintains the version of the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.jvm.vm_version text The version of the Java Virtual Machine the node is using.
services.elasticsearch.node_info.nodes.node_data.modules object
services.elasticsearch.node_info.nodes.node_data.modules.class_name text
services.elasticsearch.node_info.nodes.node_data.modules.desc text
services.elasticsearch.node_info.nodes.node_data.modules.elastic_version text
services.elasticsearch.node_info.nodes.node_data.modules.ext_plugins text
services.elasticsearch.node_info.nodes.node_data.modules.has_native_ctrl boolean
services.elasticsearch.node_info.nodes.node_data.modules.java_version text
services.elasticsearch.node_info.nodes.node_data.modules.name text
services.elasticsearch.node_info.nodes.node_data.modules.version text
services.elasticsearch.node_info.nodes.node_data.name text
services.elasticsearch.node_info.nodes.node_data.os object
services.elasticsearch.node_info.nodes.node_data.os.allocated_proc integer The number of processors used by the node to calculate its thread pool size.
services.elasticsearch.node_info.nodes.node_data.os.arch text The name of the Java Virtual Machine architecture used by the node.
services.elasticsearch.node_info.nodes.node_data.os.available_proc integer The number of processors available to the Java Virtual Machine.
services.elasticsearch.node_info.nodes.node_data.os.name text The simplified name of the operating system used by the node.
services.elasticsearch.node_info.nodes.node_data.os.pretty_name text The full name of the operating system used by the node, which may include the distribution and version number.
services.elasticsearch.node_info.nodes.node_data.os.refresh_interval_ms unsigned_long How often the node's processor statistics are refreshed, in milliseconds.
services.elasticsearch.node_info.nodes.node_data.os.version text
services.elasticsearch.node_info.nodes.node_data.roles text
services.elasticsearch.node_info.nodes.node_data.settings object
services.elasticsearch.node_info.nodes.node_data.settings.cluster_name text The name of the cluster the node belongs to.
services.elasticsearch.node_info.nodes.node_data.settings.node object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml object
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.enabled text Whether the Elasticsearch machine-learning APIs are enabled on the node.
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.machine_memory text
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.ml.max_open_jobs text The maximum number of jobs that can run simultaneously on a node.
services.elasticsearch.node_info.nodes.node_data.settings.node.attr.xpack_installed text Whether X-Pack, an Elasticsearch expansion included by default, is installed.
services.elasticsearch.node_info.nodes.node_data.settings.node.name text The name of the node.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list object
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.keep_alive text How long an idle thread should remain in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.max integer The maximum number of threads in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.min integer The minimum number of threads in the thread pool.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.queue_size integer When applicable, the number of incoming requests to queue if there is not a thread available to execute them.
services.elasticsearch.node_info.nodes.node_data.thread_pool_list.type text The strategy used to assign incoming requests to an execution thread.
services.elasticsearch.node_info.nodes.node_data.total_indexing_buffer unsigned_long The amount of memory used to hold recently indexed documents before writing them to disk, in bytes.
services.elasticsearch.node_info.nodes.node_data.version text The Elasticsearch version running on this node.
services.elasticsearch.node_info.nodes.node_name text The name of the node.
services.elasticsearch.system_info object
services.elasticsearch.system_info.cluster_uuid text The unique identifier for the cluster.
services.elasticsearch.system_info.name text The name of the cluster.
services.elasticsearch.system_info.tagline text A snippet describing the server. By default, it is "You Know, for Search"
services.elasticsearch.system_info.version object Version information and accompanying metadata, such as the build date and compatibility information.
services.elasticsearch.system_info.version.build_date text The date this version of the software was compiled.
services.elasticsearch.system_info.version.build_flavor text An enumerated value describing the Elasticsearch variety in use, either "default" (signifying the closed-source version of Elasticsearch), "oss" (signifying the open-source version of Elasticsearch), or "unknown".
services.elasticsearch.system_info.version.build_hash text The short hash of the git commit used to compile this version of the software.
services.elasticsearch.system_info.version.build_snapshot boolean Whether the server is running a snapshot version.
services.elasticsearch.system_info.version.build_type text An enumerated value indicating the file format in which the Elasticsearch executable was retrieved.
services.elasticsearch.system_info.version.lucene_version text The version of Lucene used by the server.
services.elasticsearch.system_info.version.min_idx_compat_ver text The minimum version of the Elasticsearch wire protocol compatible with the server.
services.elasticsearch.system_info.version.min_wire_compat_ver text The minimum version of indices that the server supports.
services.elasticsearch.system_info.version.number text The version number.

ELF_FILE

Path Type Docs
services.parsed.elf_file object
services.parsed.elf_file.class text
services.parsed.elf_file.data text
services.parsed.elf_file.machine text
services.parsed.elf_file.os_abi text
services.parsed.elf_file.type text

EPMD

Path Type Docs
services.parsed.epmd object
services.parsed.epmd.names text

ETCD

Path Type Docs
services.parsed.etcd object
services.parsed.etcd.tls boolean
services.parsed.etcd.v2 object
services.parsed.etcd.v2.auth object
services.parsed.etcd.v2.auth.enabled boolean
services.parsed.etcd.v2.members object
services.parsed.etcd.v2.members.client_urls text
services.parsed.etcd.v2.members.id text
services.parsed.etcd.v2.members.name text
services.parsed.etcd.v2.members.peer_urls text
services.parsed.etcd.v3 object
services.parsed.etcd.v3.auth object
services.parsed.etcd.v3.auth.enabled boolean
services.parsed.etcd.v3.members object
services.parsed.etcd.v3.members.client_urls text
services.parsed.etcd.v3.members.id text
services.parsed.etcd.v3.members.name text
services.parsed.etcd.v3.members.peer_urls text
services.parsed.etcd.v3.total_keys long
services.parsed.etcd.version object
services.parsed.etcd.version.etcdcluster text
services.parsed.etcd.version.etcdserver text

ETHEREUM

Path Type Docs
services.parsed.ethereum object
services.parsed.ethereum.accounts text
services.parsed.ethereum.hashrate text
services.parsed.ethereum.version object
services.parsed.ethereum.version.client text
services.parsed.ethereum.version.compiler text
services.parsed.ethereum.version.platform text
services.parsed.ethereum.version.trailing text
services.parsed.ethereum.version.version text

FORTIGATE

Path Type Docs
services.fortigate object
services.fortigate.api_version text
services.fortigate.build integer
services.fortigate.http_info object
services.fortigate.http_info.headers nested
services.fortigate.http_info.headers.key text
services.fortigate.http_info.headers.value object
services.fortigate.http_info.headers.value.headers text The values provided in the corresponding header.
services.fortigate.http_info.status text Status message received from hitting 404 /censys.inspect.
services.fortigate.http_info.status_code unsigned_long Status code received from hitting /censys.inspect.
services.fortigate.serial text
services.fortigate.status_code integer
services.fortigate.status_msg text
services.fortigate.version text

FOX

Path Type Docs
services.fox object
services.fox.app_name text
services.fox.app_version text
services.fox.auth_agent_type text
services.fox.brand_id text
services.fox.host_address text
services.fox.hostid text
services.fox.hostname text
services.fox.id unsigned_long
services.fox.language text
services.fox.os_name text
services.fox.os_version text
services.fox.station_name text
services.fox.sys_info text
services.fox.time_zone text
services.fox.version text
services.fox.vm_name text
services.fox.vm_uuid text
services.fox.vm_version text

GEARMAN

Path Type Docs
services.parsed.gearman object
services.parsed.gearman.status object
services.parsed.gearman.status.available_workers long
services.parsed.gearman.status.function text
services.parsed.gearman.status.running long
services.parsed.gearman.status.total long
services.parsed.gearman.version text
services.parsed.gearman.workers object
services.parsed.gearman.workers.client_id text
services.parsed.gearman.workers.fd text
services.parsed.gearman.workers.functions text
services.parsed.gearman.workers.ip text

HID_VERTX

Path Type Docs
services.parsed.hid_vertx object
services.parsed.hid_vertx.firmware_date text
services.parsed.hid_vertx.id text
services.parsed.hid_vertx.ip text
services.parsed.hid_vertx.mac_address text
services.parsed.hid_vertx.make_model text
services.parsed.hid_vertx.model text
services.parsed.hid_vertx.version text

HIKVISION

Path Type Docs
services.parsed.hikvision object
services.parsed.hikvision.custom_version text
services.parsed.hikvision.platforms object
services.parsed.hikvision.platforms.libraries object
services.parsed.hikvision.platforms.libraries.name text
services.parsed.hikvision.platforms.libraries.version text
services.parsed.hikvision.platforms.name text
services.parsed.hikvision.plugin_version text
services.parsed.hikvision.web_version text

IBMNJE

Path Type Docs
services.parsed.ibmnje object
services.parsed.ibmnje.ohost text
services.parsed.ibmnje.oip text
services.parsed.ibmnje.r long
services.parsed.ibmnje.rhost text
services.parsed.ibmnje.rip text
services.parsed.ibmnje.type text

IKE

Path Type Docs
services.ike object
services.ike.v1 object
services.ike.v1.accepted_proposal boolean Did the host accept our security proposal? When false, the host responded with an error.
services.ike.v1.notify_message_types unsigned_long Which types of NOTIFY messages did the host send us?
services.ike.v1.vendor_ids text The list of Vendor ID "extensions" the host claimed to support in its handshake
services.ike.v2 object
services.ike.v2.accepted_proposal boolean
services.ike.v2.notify_message_types unsigned_long
services.ike.v2.vendor_ids text

IMAP

Path Type Docs
services.imap object
services.imap.banner text The IMAP banner.
services.imap.start_tls text The server's response to the STARTTLS command.

IOTA

Path Type Docs
services.parsed.iota object
services.parsed.iota.v0_info object
services.parsed.iota.v0_info.features text
services.parsed.iota.v0_info.is_healthy boolean
services.parsed.iota.v0_info.latest_milestone long
services.parsed.iota.v0_info.latest_uncommitted_milestone long
services.parsed.iota.v0_info.name text
services.parsed.iota.v0_info.neighbors long
services.parsed.iota.v0_info.tips long
services.parsed.iota.v0_info.version text
services.parsed.iota.v1_info object
services.parsed.iota.v1_info.confirmed_milestone_index long
services.parsed.iota.v1_info.features text
services.parsed.iota.v1_info.is_healthy boolean
services.parsed.iota.v1_info.latest_milestone_index long
services.parsed.iota.v1_info.name text
services.parsed.iota.v1_info.network_id text
services.parsed.iota.v1_info.version text
services.parsed.iota.v2_info object
services.parsed.iota.v2_info.decimals long
services.parsed.iota.v2_info.features text
services.parsed.iota.v2_info.is_healthy boolean
services.parsed.iota.v2_info.latest_milestone long
services.parsed.iota.v2_info.latest_uncommitted_milestone long
services.parsed.iota.v2_info.network_name text
services.parsed.iota.v2_info.subunit text
services.parsed.iota.v2_info.supported_protocol_versions long
services.parsed.iota.v2_info.ticker_symbol text
services.parsed.iota.v2_info.token_supply text
services.parsed.iota.v2_info.unit text

IPMI

Path Type Docs
services.ipmi object
services.ipmi.capabilities object The Get Channel Authentication Capabilities response (section 22.13)
services.ipmi.capabilities.auth_status object The authentication status
services.ipmi.capabilities.auth_status.anonymous_login_enabled boolean If true, the server allows anonymous login.
services.ipmi.capabilities.auth_status.auth_each_message boolean If true, each message must be authenticated.
services.ipmi.capabilities.auth_status.has_anonymous_users boolean If true, the server has anonymous users.
services.ipmi.capabilities.auth_status.has_named_users boolean If true, the server supports named users.
services.ipmi.capabilities.auth_status.two_key_login_required boolean The KG field.
services.ipmi.capabilities.auth_status.user_auth_disabled boolean If true, user authentication is disabled.
services.ipmi.capabilities.channel_number integer The response channel number
services.ipmi.capabilities.completion_code object The status code of the response
services.ipmi.capabilities.completion_code.name text The human-readable name of the code
services.ipmi.capabilities.completion_code.raw integer The raw completion code
services.ipmi.capabilities.extended_capabilities object Extended auth capabilities (if present)
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v1_5 boolean True if IPMI v1.5 is supported
services.ipmi.capabilities.extended_capabilities.supports_ipmi_v2_0 boolean True if IPMI v2.0 is supported
services.ipmi.capabilities.oem_data integer The OEM-specific data
services.ipmi.capabilities.oem_id text The 3-byte OEM identifier
services.ipmi.capabilities.supported_auth_types object The auth types supported by the server
services.ipmi.capabilities.supported_auth_types.extended boolean If true, the extended capabilities are present.
services.ipmi.capabilities.supported_auth_types.md2 boolean True if the MD2 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.md5 boolean True if the MD5 AuthType is supported.
services.ipmi.capabilities.supported_auth_types.none boolean True if the None AuthType is supported.
services.ipmi.capabilities.supported_auth_types.oem_proprietary boolean True if the OEM Proprietary AuthType is supported
services.ipmi.capabilities.supported_auth_types.password boolean True if the Password AuthType is supported.
services.ipmi.capabilities.supported_auth_types.raw integer The raw byte, with the bit mask etc
services.ipmi.command_payload object The IPMI command payload
services.ipmi.command_payload.checksum_error boolean This is set to true if the values of chk1 / chk2 do not match the command data
services.ipmi.command_payload.data text The raw data. On success, this should be the value of the GetAuthenticationCapabilities resopnse
services.ipmi.command_payload.ipmi_command_number object The parsed IPMI command number
services.ipmi.command_payload.ipmi_command_number.name text The human-readable name of the cmd + NetFn
services.ipmi.command_payload.ipmi_command_number.raw integer The raw value of the cmd value
services.ipmi.command_payload.network_function_code object The NetFn and LUN
services.ipmi.command_payload.network_function_code.logical_unit_number object The parsed LUN (logical unit number -- the lower 2 bits of raw)
services.ipmi.command_payload.network_function_code.logical_unit_number.name text The human-readable name of the LUN
services.ipmi.command_payload.network_function_code.logical_unit_number.raw integer The value of the LUN (3 bits)
services.ipmi.command_payload.network_function_code.net_fn object The parsed NetFn value (the upper 6 bits of raw)
services.ipmi.command_payload.network_function_code.net_fn.is_request boolean True if the least-significant bit is zero
services.ipmi.command_payload.network_function_code.net_fn.is_response boolean True if the least-significant bit is one
services.ipmi.command_payload.network_function_code.net_fn.name text The human-readable name of the NetFn
services.ipmi.command_payload.network_function_code.net_fn.raw integer The raw value of the NetFn (6 bits, least significant indicates request/response)
services.ipmi.command_payload.network_function_code.net_fn.value integer The normalized value of the NetFn (i.e. raw & 0xfe, so it is always even)
services.ipmi.command_payload.network_function_code.raw integer The raw value of the (NetFn << 2) | LUN
services.ipmi.command_payload.requestor_sequence_number integer The request sequence number.
services.ipmi.raw text The raw data returned by the server
services.ipmi.rmcp_header object The RMCP header of the response, (section 13.1.3)
services.ipmi.rmcp_header.message_class object The class of the message.
services.ipmi.rmcp_header.message_class.class integer Just the class part of the byte (lower 5 bits of raw)
services.ipmi.rmcp_header.message_class.is_ack boolean True if the message is an acknowledgment to a previous message.
services.ipmi.rmcp_header.message_class.name text The human-readable name of the message class
services.ipmi.rmcp_header.message_class.raw integer The raw message class byte.
services.ipmi.rmcp_header.sequence_number integer Sequence number of this packet in the session.
services.ipmi.rmcp_header.version integer The version. This scanner supports version 6.
services.ipmi.session_header object The IPMI sesssion header of the response
services.ipmi.session_header.auth_code text The 16-byte authentication code; not present if auth_type is None.
services.ipmi.session_header.auth_type object The authentication type for this request (see section 13.6)
services.ipmi.session_header.auth_type.name text The raw value of the auth_type
services.ipmi.session_header.auth_type.raw integer The raw value of the auth_type
services.ipmi.session_header.auth_type.type integer Just the auth type (reserved bits omitted)
services.ipmi.session_header.session_id long The ID of this sessiod.
services.ipmi.session_header.session_sequence_number long The session sequence number of this packet in the session

IPP

Path Type Docs
services.ipp object
services.ipp.attribute_cups_version text The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.
services.ipp.attribute_ipp_versions text Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.
services.ipp.attribute_printer_uris text Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.
services.ipp.attributes object All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted.
services.ipp.attributes.name text
services.ipp.attributes.value_tag unsigned_long
services.ipp.cups_response object
services.ipp.cups_response.body text The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.ipp.cups_response.body_hashes text A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.cups_response.body_size integer The length, in bytes, of services.http.response.body; at most, 64KB.
services.ipp.cups_response.favicons object
services.ipp.cups_response.favicons.hashes text A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.cups_response.favicons.md5_hash keyword The hexadecimal MD5 digest of the favicon.
services.ipp.cups_response.favicons.name text The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.ipp.cups_response.favicons.shodan_hash integer A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.ipp.cups_response.favicons.size integer The size of the favicon retrieved, in bytes.
services.ipp.cups_response.headers nested The key-value header pairs included in the response.
services.ipp.cups_response.headers.key text
services.ipp.cups_response.headers.value object
services.ipp.cups_response.headers.value.headers text The values provided in the corresponding header.
services.ipp.cups_response.html_tags text A list of the <title> and <meta> tags from services.http.response.body.
services.ipp.cups_response.html_title text The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.ipp.cups_response.protocol text The protocol field of the response, which includes the claimed HTTP version number.
services.ipp.cups_response.status_code integer A 3-digit integer result code indicating the result of the services.http.request.
services.ipp.cups_response.status_reason text A human-readable phrase describing the status code.
services.ipp.cups_version text The CUPS version, if any, specified in the Server header of an IPP get-attributes response.
services.ipp.major_version unsigned_long Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.minor_version unsigned_long Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request.
services.ipp.response object
services.ipp.response.body text The body of the HTTP response. For hosts without a name, the first 64KB are available. For hosts with a name, only 6KB are available.
services.ipp.response.body_hashes text A hashing algorithm and the hexadecimal digest produced by applying it to services.http.response.body, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.response.body_size integer The length, in bytes, of services.http.response.body; at most, 64KB.
services.ipp.response.favicons object
services.ipp.response.favicons.hashes text A hashing algorithm and the hexadecimal digest produced by applying it to favicon, separated by a colon (":") character. For example, "sha256:446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f".
services.ipp.response.favicons.md5_hash keyword The hexadecimal MD5 digest of the favicon.
services.ipp.response.favicons.name text The URI used to retrieve the favicon, which most commonly use the http(s) or data schemes. URIs using the data scheme are truncated: the first 48 and last 24 characters are preserved.
services.ipp.response.favicons.shodan_hash integer A hash expressed as a signed decimal integer, provided for compatability with Shodan search.
services.ipp.response.favicons.size integer The size of the favicon retrieved, in bytes.
services.ipp.response.headers nested The key-value header pairs included in the response.
services.ipp.response.headers.key text
services.ipp.response.headers.value object
services.ipp.response.headers.value.headers text The values provided in the corresponding header.
services.ipp.response.html_tags text A list of the <title> and <meta> tags from services.http.response.body.
services.ipp.response.html_title text The title of the HTML page: the inner contents of the <title> tag in services.http.response.body, if present.
services.ipp.response.protocol text The protocol field of the response, which includes the claimed HTTP version number.
services.ipp.response.status_code integer A 3-digit integer result code indicating the result of the services.http.request.
services.ipp.response.status_reason text A human-readable phrase describing the status code.
services.ipp.version_string text The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'

ISCSI

Path Type Docs
services.parsed.iscsi object
services.parsed.iscsi.connection object
services.parsed.iscsi.connection.ahs_length long
services.parsed.iscsi.connection.isid long
services.parsed.iscsi.connection.keyval_pairs text
services.parsed.iscsi.connection.max_new_cmds long
services.parsed.iscsi.connection.starting_seq long
services.parsed.iscsi.connection.status long
services.parsed.iscsi.connection.tsih long
services.parsed.iscsi.connection.version_active long
services.parsed.iscsi.connection.version_max long
services.parsed.iscsi.error text
services.parsed.iscsi.targets object
services.parsed.iscsi.targets.alias text
services.parsed.iscsi.targets.auths text
services.parsed.iscsi.targets.error text
services.parsed.iscsi.targets.name text
services.parsed.iscsi.targets.private text
services.parsed.iscsi.targets.public text

KRPC

Path Type Docs
services.parsed.krpc object
services.parsed.krpc.ping_response_id text

KUBERNETES

Path Type Docs
services.kubernetes object
services.kubernetes.endpoints object
services.kubernetes.endpoints.name text
services.kubernetes.endpoints.self_link text
services.kubernetes.endpoints.subsets object
services.kubernetes.endpoints.subsets.addresses object
services.kubernetes.endpoints.subsets.addresses.hostname text
services.kubernetes.endpoints.subsets.addresses.ip ip
services.kubernetes.endpoints.subsets.addresses.node_name text
services.kubernetes.endpoints.subsets.ports object
services.kubernetes.endpoints.subsets.ports.name text
services.kubernetes.endpoints.subsets.ports.port unsigned_long
services.kubernetes.endpoints.subsets.ports.protocol text
services.kubernetes.kubernetes_dashboard_found boolean True if the dashboard is running and accessible
services.kubernetes.nodes object
services.kubernetes.nodes.addresses object
services.kubernetes.nodes.addresses.address keyword Node address, IP/URL.
services.kubernetes.nodes.addresses.address_type text Node address type, one of Hostname, ExternalIP or InternalIP.
services.kubernetes.nodes.architecture text The Architecture reported by the node.
services.kubernetes.nodes.container_runtime_version text ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
services.kubernetes.nodes.images text List of container images on this node
services.kubernetes.nodes.kernel_version text Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
services.kubernetes.nodes.kube_proxy_version text KubeProxy Version reported by the node.
services.kubernetes.nodes.kubelet_version text Kubelet Version reported by the node.
services.kubernetes.nodes.name text
services.kubernetes.nodes.operating_system text The Operating System reported by the node.
services.kubernetes.nodes.os_image text OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
services.kubernetes.pod_names text
services.kubernetes.roles object
services.kubernetes.roles.name text
services.kubernetes.roles.rules object Rules set for this role.
services.kubernetes.roles.rules.api_groups text APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
services.kubernetes.roles.rules.resources text Resources is a list of resources this rule applies to. ResourceAll represents all resources
services.kubernetes.roles.rules.verbs text Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
services.kubernetes.version_info object
services.kubernetes.version_info.build_date text Date version was built.
services.kubernetes.version_info.compiler text Go Compiler used
services.kubernetes.version_info.git_commit text Git commit version built from.
services.kubernetes.version_info.git_tree_state text State of the tree when built.
services.kubernetes.version_info.git_version text
services.kubernetes.version_info.go_version text Version of GO used to build version.
services.kubernetes.version_info.major text Kubernetes major version
services.kubernetes.version_info.minor text Kubernetes minor version
services.kubernetes.version_info.platform text Platform compiled for

L2TP

Path Type Docs
services.parsed.l2tp object
services.parsed.l2tp.hello_received boolean
services.parsed.l2tp.ordered_messages_raw text
services.parsed.l2tp.sccn_received boolean
services.parsed.l2tp.sccrp object
services.parsed.l2tp.sccrp.attribute_values object
services.parsed.l2tp.sccrp.attribute_values.error_code long
services.parsed.l2tp.sccrp.attribute_values.error_message text
services.parsed.l2tp.sccrp.attribute_values.firmware_revision long
services.parsed.l2tp.sccrp.attribute_values.hostname text
services.parsed.l2tp.sccrp.attribute_values.protocol_revision long
services.parsed.l2tp.sccrp.attribute_values.protocol_version long
services.parsed.l2tp.sccrp.attribute_values.result_code long
services.parsed.l2tp.sccrp.attribute_values.vendor_name text
services.parsed.l2tp.sccrp_received boolean
services.parsed.l2tp.sccrq_received boolean
services.parsed.l2tp.stop_sccn object
services.parsed.l2tp.stop_sccn.attribute_values object
services.parsed.l2tp.stop_sccn.attribute_values.error_code long
services.parsed.l2tp.stop_sccn.attribute_values.error_meaning text
services.parsed.l2tp.stop_sccn.attribute_values.error_message text
services.parsed.l2tp.stop_sccn.attribute_values.result_code long
services.parsed.l2tp.stop_sccn.attribute_values.result_meaning text
services.parsed.l2tp.stop_sccn_received boolean
services.parsed.l2tp.zlb_received boolean

LDAP

Path Type Docs
services.ldap object
services.ldap.allows_anonymous_bind boolean Ability to connect with anonymous bind (empty username and password)
services.ldap.attributes object All root DN attributes available via anonymous bind
services.ldap.attributes.name text Name of the LDAP attribute in the root DN
services.ldap.attributes.values text Values for the respective LDAP attribute
services.ldap.resultcode unsigned_long Result or error code returned by LDAP instance upon bind

LPD

Path Type Docs
services.parsed.lpd object
services.parsed.lpd.jobs object
services.parsed.lpd.jobs.body text
services.parsed.lpd.jobs.status long
services.parsed.lpd.long_state text
services.parsed.lpd.lp object
services.parsed.lpd.lp.body text
services.parsed.lpd.lp.status long
services.parsed.lpd.printer text
services.parsed.lpd.raw text
services.parsed.lpd.short_state text
services.parsed.lpd.text text

MDNS

Path Type Docs
services.parsed.mdns object
services.parsed.mdns.multiple_responses boolean
services.parsed.mdns.names text
services.parsed.mdns.results object
services.parsed.mdns.results.addresses text
services.parsed.mdns.results.full_name text
services.parsed.mdns.results.port long
services.parsed.mdns.results.priority long
services.parsed.mdns.results.target text
services.parsed.mdns.results.texts text
services.parsed.mdns.results.weight long

MEMCACHED

Path Type Docs
services.memcached object
services.memcached.ascii_binding_protocol_enabled boolean Whether server responds to a handshake using the ASCII wire format of the protocol.
services.memcached.binary_binding_protocol_enabled boolean Whether server responds to a handshake using the binary wire format of the protocol.
services.memcached.responds_to_udp boolean Whether the server on the UDP port with the same number responds to a handshake using the ASCII wire format of the protocol.
services.memcached.stats nested Server information returned in response to the stats command, as a set of key:value pairs.
services.memcached.stats.key text
services.memcached.stats.value text
services.memcached.version text The Memcached version indicated in the server's response.

MINECRAFT

Path Type Docs
services.parsed.minecraft object
services.parsed.minecraft.motd text
services.parsed.minecraft.players_max long
services.parsed.minecraft.players_online long
services.parsed.minecraft.protocol_version text
services.parsed.minecraft.server_version text

MMS

Path Type Docs
services.mms object
services.mms.model text
services.mms.revision text
services.mms.vendor text

MODBUS

Path Type Docs
services.modbus object
services.modbus.exception_response object
services.modbus.exception_response.exception_function unsigned_long
services.modbus.exception_response.exception_type unsigned_long
services.modbus.function unsigned_long
services.modbus.mei_response object
services.modbus.mei_response.conformity_level long
services.modbus.mei_response.more_follows boolean
services.modbus.mei_response.objects nested
services.modbus.mei_response.objects.key text
services.modbus.mei_response.objects.value text
services.modbus.unit_id long

MONERO_P2P

Path Type Docs
services.parsed.monero_p2p object
services.parsed.monero_p2p.ping_response object
services.parsed.monero_p2p.ping_response.payload object
services.parsed.monero_p2p.ping_response.payload.entries object
services.parsed.monero_p2p.ping_response.payload.entries.data text
services.parsed.monero_p2p.ping_response.payload.entries.name text
services.parsed.monero_p2p.ping_response.response_header object
services.parsed.monero_p2p.ping_response.response_header.command long
services.parsed.monero_p2p.ping_response.response_header.expects_response boolean
services.parsed.monero_p2p.ping_response.response_header.flags long
services.parsed.monero_p2p.ping_response.response_header.length long
services.parsed.monero_p2p.ping_response.response_header.return_code long
services.parsed.monero_p2p.ping_response.response_header.signature long
services.parsed.monero_p2p.ping_response.response_header.version long

MONGODB

Path Type Docs
services.mongodb object
services.mongodb.build_info object
services.mongodb.build_info.build_environment object
services.mongodb.build_info.build_environment.cc text
services.mongodb.build_info.build_environment.cc_flags text
services.mongodb.build_info.build_environment.cxx text
services.mongodb.build_info.build_environment.cxx_flags text
services.mongodb.build_info.build_environment.dist_arch text
services.mongodb.build_info.build_environment.dist_mod text
services.mongodb.build_info.build_environment.link_flags text
services.mongodb.build_info.build_environment.target_arch text
services.mongodb.build_info.build_environment.target_os text
services.mongodb.build_info.git_version text Version of mongodb server
services.mongodb.build_info.version text Version of mongodb server
services.mongodb.is_master object
services.mongodb.is_master.is_master boolean
services.mongodb.is_master.logical_session_timeout_minutes integer
services.mongodb.is_master.max_bson_object_size integer
services.mongodb.is_master.max_message_size_bytes integer
services.mongodb.is_master.max_wire_version integer
services.mongodb.is_master.max_write_batch_size integer
services.mongodb.is_master.min_wire_version integer
services.mongodb.is_master.read_only boolean

MQTT

Path Type Docs
services.mqtt object
services.mqtt.connection_ack_raw text Raw CONNACK response packet
services.mqtt.connection_ack_return object
services.mqtt.connection_ack_return.raw unsigned_long Raw connect status value
services.mqtt.connection_ack_return.return_value text Connection status
services.mqtt.subscription_ack_return object
services.mqtt.subscription_ack_return.raw unsigned_long Raw subscription response value
services.mqtt.subscription_ack_return.return_value text Subscription response

MSSQL

Path Type Docs
services.mssql object
services.mssql.encrypt_mode text The negotiated ENCRYPT_MODE with the server
services.mssql.instance_name text
services.mssql.prelogin_options object
services.mssql.prelogin_options.encrypt_mode text
services.mssql.prelogin_options.fed_auth_required boolean
services.mssql.prelogin_options.instance text
services.mssql.prelogin_options.mars boolean
services.mssql.prelogin_options.nonce text
services.mssql.prelogin_options.server_version object
services.mssql.prelogin_options.server_version.build_number unsigned_long
services.mssql.prelogin_options.server_version.major unsigned_long
services.mssql.prelogin_options.server_version.minor unsigned_long
services.mssql.prelogin_options.thread_id unsigned_long
services.mssql.prelogin_options.trace_id text
services.mssql.prelogin_options.unknown object
services.mssql.prelogin_options.unknown.key unsigned_long
services.mssql.prelogin_options.unknown.value text
services.mssql.version text

MURMUR

Path Type Docs
services.parsed.murmur object
services.parsed.murmur.channels long
services.parsed.murmur.crypto object
services.parsed.murmur.crypto.client_nonce text
services.parsed.murmur.crypto.key text
services.parsed.murmur.crypto.server_nonce text
services.parsed.murmur.messages object
services.parsed.murmur.messages.body text
services.parsed.murmur.messages.type text
services.parsed.murmur.reject object
services.parsed.murmur.reject.reason text
services.parsed.murmur.reject.type long
services.parsed.murmur.text_messages object
services.parsed.murmur.text_messages.message text
services.parsed.murmur.text_messages.session long
services.parsed.murmur.users long
services.parsed.murmur.version object
services.parsed.murmur.version.build long
services.parsed.murmur.version.major long
services.parsed.murmur.version.minor long
services.parsed.murmur.version.os text
services.parsed.murmur.version.os_version text
services.parsed.murmur.version.version_string text

MYSQL

Path Type Docs
services.mysql object
services.mysql.auth_plugin_data text Optional plugin-specific data, whose meaning depends on the value of auth_plugin_name. Returned in the initial HandshakePacket.
services.mysql.auth_plugin_name text The name of the authentication plugin, returned in the initial HandshakePacket.
services.mysql.capability_flags nested The set of capability flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.capability_flags.key text
services.mysql.capability_flags.value boolean
services.mysql.character_set unsigned_long The identifier for the character set the server is using. Returned in the initial HandshakePacket.
services.mysql.connection_id unsigned_long The server's internal identifier for this client's connection, sent in the initial HandshakePacket.
services.mysql.error_code long Only set if there is an error returned by the server, for example if the scanner is not on the allowed hosts list.
services.mysql.error_id text The friendly name for the error code as defined at https://dev.mysql.com/doc/refman/8.0/en/error-messages-server.html, or UNKNOWN
services.mysql.error_message text Optional string describing the error. Only set if there is an error.
services.mysql.protocol_version unsigned_long 8-bit unsigned integer representing the server's protocol version sent in the initial HandshakePacket from the server.
services.mysql.server_version text The specific server version returned in the initial HandshakePacket. Often in the form x.y.z, but not always.
services.mysql.status_flags nested The set of status flags the server returned in the initial HandshakePacket. Each entry corresponds to a bit being set in the flags; key names correspond to the #defines in the MySQL docs.
services.mysql.status_flags.key text
services.mysql.status_flags.value boolean

NBD

Path Type Docs
services.parsed.nbd object
services.parsed.nbd.exports object
services.parsed.nbd.exports.max_payload_size long
services.parsed.nbd.exports.min_block_size long
services.parsed.nbd.exports.name text
services.parsed.nbd.exports.preferred_block_size long
services.parsed.nbd.exports.size long
services.parsed.nbd.exports.transmit_flags text
services.parsed.nbd.handshake_style text
services.parsed.nbd.policies text

NMEA

Path Type Docs
services.parsed.nmea object
services.parsed.nmea.messages object
services.parsed.nmea.messages.fields text
services.parsed.nmea.messages.sentence_id text
services.parsed.nmea.messages.talker_id text
services.parsed.nmea.messages.talker_name text

NTP

Path Type Docs
services.ntp object
services.ntp.get_time_header object The header of the server's response to a GetTime request.
services.ntp.get_time_header.leap_indicator unsigned_long An enumerated value from 0 to 3 signifying whether a leap second will occur at the end of the current month. 0 signifies no leap second, 1 signifies an additive leap second, 2 signifies a subtractive leap second, and 3 signifies the state is unknown.
services.ntp.get_time_header.mode unsigned_long An enumerated value from 0 to 7 signifying the operational mode of the server.
services.ntp.get_time_header.poll integer The interval within which the server will expect a subsequent synchronization message, in log2 seconds.
services.ntp.get_time_header.precision integer The precision of the system's clock, in log2 seconds.
services.ntp.get_time_header.reference_id text The identifier of the reference clock. For servers in stratum 1, one of an IANA-maintained list of sources. For servers in stratum 2, the ID of the stratum 1 server from which the time was retrieved (usually, its IP address), etc.
services.ntp.get_time_header.stratum unsigned_long The number of servers between a client and a non-NTP time source. 1 signifies that the server is authoritative, having direct access to a sensor. 2 signifies that the server got its time from a "stratum 1" server, etc. 16 means the clock is unsynchronized.
services.ntp.get_time_header.version unsigned_long The NTP version indicated in the server's response.

NTRIP

Path Type Docs
services.parsed.ntrip object
services.parsed.ntrip.data_streams object
services.parsed.ntrip.data_streams.authentication text
services.parsed.ntrip.data_streams.bitrate long
services.parsed.ntrip.data_streams.carrier_info text
services.parsed.ntrip.data_streams.caster_mount_point text
services.parsed.ntrip.data_streams.compression_or_encryption text
services.parsed.ntrip.data_streams.country_code text
services.parsed.ntrip.data_streams.data_format text
services.parsed.ntrip.data_streams.fee boolean
services.parsed.ntrip.data_streams.format_details text
services.parsed.ntrip.data_streams.generator text
services.parsed.ntrip.data_streams.latitude text
services.parsed.ntrip.data_streams.longitude text
services.parsed.ntrip.data_streams.misc text
services.parsed.ntrip.data_streams.nav_system text
services.parsed.ntrip.data_streams.network text
services.parsed.ntrip.data_streams.nmea boolean
services.parsed.ntrip.data_streams.solution text
services.parsed.ntrip.data_streams.source_identifier text
services.parsed.ntrip.server text
services.parsed.ntrip.version text

ONVIF

Path Type Docs
services.parsed.onvif object
services.parsed.onvif.hostname object
services.parsed.onvif.hostname.from_dhcp boolean
services.parsed.onvif.hostname.name text
services.parsed.onvif.services object
services.parsed.onvif.services.capabilities object
services.parsed.onvif.services.capabilities.analytics object
services.parsed.onvif.services.capabilities.analytics.analytics_module_support boolean
services.parsed.onvif.services.capabilities.analytics.cell_based_scene_description_supported boolean
services.parsed.onvif.services.capabilities.analytics.rule_options_suported boolean
services.parsed.onvif.services.capabilities.analytics.rule_support boolean
services.parsed.onvif.services.capabilities.device object
services.parsed.onvif.services.capabilities.device.network object
services.parsed.onvif.services.capabilities.device.network.dhcp_v6 boolean
services.parsed.onvif.services.capabilities.device.network.dot11_configuration boolean
services.parsed.onvif.services.capabilities.device.network.dot1x_configurations long
services.parsed.onvif.services.capabilities.device.network.dynamic_dns boolean
services.parsed.onvif.services.capabilities.device.network.hostname_from_dhcp boolean
services.parsed.onvif.services.capabilities.device.network.ip_filter boolean
services.parsed.onvif.services.capabilities.device.network.ipv6 boolean
services.parsed.onvif.services.capabilities.device.network.ntp long
services.parsed.onvif.services.capabilities.device.network.zero_configuration boolean
services.parsed.onvif.services.capabilities.device.security object
services.parsed.onvif.services.capabilities.device.security.access_policy_config boolean
services.parsed.onvif.services.capabilities.device.security.dot_1x boolean
services.parsed.onvif.services.capabilities.device.security.http_digest boolean
services.parsed.onvif.services.capabilities.device.security.kerberos_token boolean
services.parsed.onvif.services.capabilities.device.security.max_password_length long
services.parsed.onvif.services.capabilities.device.security.max_username_length long
services.parsed.onvif.services.capabilities.device.security.max_users long
services.parsed.onvif.services.capabilities.device.security.onboard_key_generation boolean
services.parsed.onvif.services.capabilities.device.security.rel_token boolean
services.parsed.onvif.services.capabilities.device.security.remote_user_handling boolean
services.parsed.onvif.services.capabilities.device.security.saml_token boolean
services.parsed.onvif.services.capabilities.device.security.supported_eap_methods long
services.parsed.onvif.services.capabilities.device.security.tls_1 object
services.parsed.onvif.services.capabilities.device.security.tls_1.0 boolean
services.parsed.onvif.services.capabilities.device.security.tls_1.1 boolean
services.parsed.onvif.services.capabilities.device.security.tls_1.2 boolean
services.parsed.onvif.services.capabilities.device.security.username_token boolean
services.parsed.onvif.services.capabilities.device.security.x509_token boolean
services.parsed.onvif.services.capabilities.device.system object
services.parsed.onvif.services.capabilities.device.system.discovery_bye boolean
services.parsed.onvif.services.capabilities.device.system.discovery_resolve boolean
services.parsed.onvif.services.capabilities.device.system.firmware_upgrade boolean
services.parsed.onvif.services.capabilities.device.system.http_firmware_upgrade boolean
services.parsed.onvif.services.capabilities.device.system.http_support_information boolean
services.parsed.onvif.services.capabilities.device.system.http_system_backup boolean
services.parsed.onvif.services.capabilities.device.system.http_systme_logging boolean
services.parsed.onvif.services.capabilities.device.system.remote_discovery boolean
services.parsed.onvif.services.capabilities.device.system.storage_configuration boolean
services.parsed.onvif.services.capabilities.device.system.system_backup boolean
services.parsed.onvif.services.capabilities.device.system.system_logging boolean
services.parsed.onvif.services.capabilities.device_io object
services.parsed.onvif.services.capabilities.device_io.audio_outputs long
services.parsed.onvif.services.capabilities.device_io.audio_sources long
services.parsed.onvif.services.capabilities.device_io.digital_inputs long
services.parsed.onvif.services.capabilities.device_io.relay_outputs long
services.parsed.onvif.services.capabilities.device_io.serial_ports long
services.parsed.onvif.services.capabilities.device_io.video_outputs long
services.parsed.onvif.services.capabilities.events object
services.parsed.onvif.services.capabilities.events.max_notification_producers long
services.parsed.onvif.services.capabilities.events.max_pull_points long
services.parsed.onvif.services.capabilities.events.ws_pausable_subscription_manager_interface_support boolean
services.parsed.onvif.services.capabilities.events.ws_pull_point_support boolean
services.parsed.onvif.services.capabilities.events.ws_subscription_policy_support boolean
services.parsed.onvif.services.capabilities.image object
services.parsed.onvif.services.capabilities.image.image_stabilization boolean
services.parsed.onvif.services.capabilities.media object
services.parsed.onvif.services.capabilities.media.osd boolean
services.parsed.onvif.services.capabilities.media.profile object
services.parsed.onvif.services.capabilities.media.profile.max_profile_count long
services.parsed.onvif.services.capabilities.media.rotation boolean
services.parsed.onvif.services.capabilities.media.snapshot_uri boolean
services.parsed.onvif.services.capabilities.media.streaming object
services.parsed.onvif.services.capabilities.media.streaming.non_aggregate_control boolean
services.parsed.onvif.services.capabilities.media.streaming.rtp_multicast boolean
services.parsed.onvif.services.capabilities.media.streaming.rtp_rtsp_tcp boolean
services.parsed.onvif.services.capabilities.media.streaming.rtp_tcp boolean
services.parsed.onvif.services.capabilities.media.video_source_mode boolean
services.parsed.onvif.services.capabilities.pan_tilt_zoom object
services.parsed.onvif.services.capabilities.pan_tilt_zoom.eflip boolean
services.parsed.onvif.services.capabilities.pan_tilt_zoom.get_compatible_configurations boolean
services.parsed.onvif.services.capabilities.pan_tilt_zoom.move_status boolean
services.parsed.onvif.services.capabilities.pan_tilt_zoom.reverse boolean
services.parsed.onvif.services.capabilities.pan_tilt_zoom.status_position boolean
services.parsed.onvif.services.namespace text
services.parsed.onvif.services.service_version_major long
services.parsed.onvif.services.service_version_minor long
services.parsed.onvif.services.xaddr text

OPC_UA

Path Type Docs
services.parsed.opc_ua object
services.parsed.opc_ua.endpoints object
services.parsed.opc_ua.endpoints.endpoint_url text
services.parsed.opc_ua.endpoints.security_level long
services.parsed.opc_ua.endpoints.security_mode text
services.parsed.opc_ua.endpoints.security_policy_uri text
services.parsed.opc_ua.endpoints.server object
services.parsed.opc_ua.endpoints.server.application_name object
services.parsed.opc_ua.endpoints.server.application_name.flags long
services.parsed.opc_ua.endpoints.server.application_name.locale text
services.parsed.opc_ua.endpoints.server.application_name.text text
services.parsed.opc_ua.endpoints.server.application_type text
services.parsed.opc_ua.endpoints.server.application_uri text
services.parsed.opc_ua.endpoints.server.discovery_profile_uri text
services.parsed.opc_ua.endpoints.server.product_uri text
services.parsed.opc_ua.endpoints.server_cert text
services.parsed.opc_ua.endpoints.transport_profile_uri text
services.parsed.opc_ua.max_chunk_size long
services.parsed.opc_ua.max_message_size long
services.parsed.opc_ua.protocol_version long
services.parsed.opc_ua.receive_buffer_size long
services.parsed.opc_ua.send_buffer_size long

OPENVPN

Path Type Docs
services.openvpn object
services.openvpn.accepts_v1 boolean
services.openvpn.accepts_v2 boolean

ORACLE

Path Type Docs
services.oracle object
services.oracle.accept_version unsigned_long The version declared by the service when it accepts the handshake, if applicable.
services.oracle.connect_flags0 nested The first set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags0.key text
services.oracle.connect_flags0.value boolean
services.oracle.connect_flags1 nested The second set of ConnectFlags returned in the Accept packet.
services.oracle.connect_flags1.key text
services.oracle.connect_flags1.value boolean
services.oracle.did_resend boolean Whether the server requested that the scanner resend its initial connection packet.
services.oracle.global_service_options nested Set of flags that the server returns in the Accept packet.
services.oracle.global_service_options.key text
services.oracle.global_service_options.value boolean
services.oracle.nsn_service_versions nested A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet.
services.oracle.nsn_service_versions.key text
services.oracle.nsn_service_versions.value text
services.oracle.nsn_version text The version string in the root of the native service negotiation packet, if applicable.
services.oracle.redirect_target object The parsed connect descriptor returned by the server in the redirect packet, if one is sent.
services.oracle.redirect_target.key text The dot-delimited path to the parsed value from the error received when the initial handshake is refused.
services.oracle.redirect_target.value text The parsed value from the error received when the initial handshake is refused.
services.oracle.redirect_target_raw text The connect descriptor returned by the server in the Redirect packet, if one is sent.
services.oracle.refuse_error object The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE
services.oracle.refuse_error.key text The dot-delimited path to the parsed value from the error received when the initial handshake is refused.
services.oracle.refuse_error.value text The parsed value from the error received when the initial handshake is refused.
services.oracle.refuse_error_raw text The unparsed error received when the initial handshake is refused.
services.oracle.refuse_reason_app text The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_reason_sys text The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string.
services.oracle.refuse_version text The version declared by the service when it refuses the handshake, if applicable.

PCOM

Path Type Docs
services.parsed.pcom object
services.parsed.pcom.buffer_size text
services.parsed.pcom.hardware_version text
services.parsed.pcom.model text
services.parsed.pcom.model_executor text
services.parsed.pcom.model_op_executor text
services.parsed.pcom.name text
services.parsed.pcom.os_build text
services.parsed.pcom.os_version text
services.parsed.pcom.unique_id long
services.parsed.pcom.unit_id text

PC_ANYWHERE

Path Type Docs
services.pc_anywhere object
services.pc_anywhere.name text Workstation Name, with padding bytes removed
services.pc_anywhere.nr text Full 'NR' query response
services.pc_anywhere.status object
services.pc_anywhere.status.in_use boolean Workstation is In Use if true, Available if false
services.pc_anywhere.status.raw text Full 'ST' query response

PENDING_REMOVAL_SINCE

Path Type Docs
services.pending_removal_since date

PGBOUNCER

Path Type Docs
services.parsed.pgbouncer object
services.parsed.pgbouncer.startup_capabilities object
services.parsed.pgbouncer.startup_capabilities.v2 boolean
services.parsed.pgbouncer.startup_capabilities.v3 boolean
services.parsed.pgbouncer.startup_capabilities.v4 boolean

POP3

Path Type Docs
services.pop3 object
services.pop3.banner text The POP3 banner.
services.pop3.start_tls text The server's response to the STARTTLS command.

PORTMAP

Path Type Docs
services.parsed.portmap object
services.parsed.portmap.portmap_entries_v2 object
services.parsed.portmap.portmap_entries_v2.desc text
services.parsed.portmap.portmap_entries_v2.port long
services.parsed.portmap.portmap_entries_v2.protocol text
services.parsed.portmap.portmap_entries_v2.shorthand text
services.parsed.portmap.portmap_entries_v2.version long
services.parsed.portmap.portmap_entries_v3 object
services.parsed.portmap.portmap_entries_v3.desc text
services.parsed.portmap.portmap_entries_v3.network_id text
services.parsed.portmap.portmap_entries_v3.owner text
services.parsed.portmap.portmap_entries_v3.shorthand text
services.parsed.portmap.portmap_entries_v3.universal_address text
services.parsed.portmap.portmap_entries_v3.version long

POSTGRES

Path Type Docs
services.postgres object
services.postgres.authentication_mode object
services.postgres.authentication_mode.mode text
services.postgres.authentication_mode.payload text
services.postgres.protocol_error nested The error received in response to a StartupMessage with an unexpected protocol version.
services.postgres.protocol_error.key text
services.postgres.protocol_error.value text
services.postgres.startup_error nested The error received in response to a StartupMessage without providing the User field.
services.postgres.startup_error.key text
services.postgres.startup_error.value text
services.postgres.supported_versions text
services.postgres.transaction_status text

PPTP

Path Type Docs
services.pptp object
services.pptp.bearer_message object
services.pptp.bearer_message.code unsigned_long
services.pptp.bearer_message.meaning text
services.pptp.error_message object
services.pptp.error_message.code unsigned_long
services.pptp.error_message.meaning text
services.pptp.firmware object
services.pptp.firmware.major unsigned_long
services.pptp.firmware.minor unsigned_long
services.pptp.framing_message object
services.pptp.framing_message.code unsigned_long
services.pptp.framing_message.meaning text
services.pptp.hostname text
services.pptp.maximum_channels unsigned_long
services.pptp.protocol object
services.pptp.protocol.major unsigned_long
services.pptp.protocol.minor unsigned_long
services.pptp.result_message object
services.pptp.result_message.code unsigned_long
services.pptp.result_message.meaning text
services.pptp.vendor text

PROMETHEUS

Path Type Docs
services.prometheus object
services.prometheus.http_info object
services.prometheus.http_info.headers nested
services.prometheus.http_info.headers.key text
services.prometheus.http_info.headers.value object
services.prometheus.http_info.headers.value.headers text The values provided in the corresponding header.
services.prometheus.http_info.status text Status message received from hitting /api/v1/targets.
services.prometheus.http_info.status_code unsigned_long Status code received from hitting /api/v1/targets.
services.prometheus.response object Information Prometheus captured as well as build information.
services.prometheus.response.active_targets object List of active targets.
services.prometheus.response.active_targets.discovered_labels object
services.prometheus.response.active_targets.discovered_labels.address text Address of target.
services.prometheus.response.active_targets.discovered_labels.job text Job of target.
services.prometheus.response.active_targets.discovered_labels.metrics_path text Path to metrics of target.
services.prometheus.response.active_targets.discovered_labels.scheme text URL scheme.
services.prometheus.response.active_targets.health text Whether target is up or down.
services.prometheus.response.active_targets.labels object
services.prometheus.response.active_targets.labels.instance text Instance after relabelling has occurred.
services.prometheus.response.active_targets.labels.job text Job of target after relabelling has occurred.
services.prometheus.response.active_targets.last_error text Last error that occurred within target.
services.prometheus.response.active_targets.last_scrape text Last time Prometheus scraped target.
services.prometheus.response.active_targets.scrape_url text URL that Prometheus scraped.
services.prometheus.response.all_versions text List of the versions of everything that Prometheus finds i.e., version of Prometheus, Go, Node, cAdvisor, etc.
services.prometheus.response.config_exposed boolean True when the config endpoint is exposed.
services.prometheus.response.dropped_targets object List of dropped targets.
services.prometheus.response.dropped_targets.address text Address of target.
services.prometheus.response.dropped_targets.job text Job of target.
services.prometheus.response.dropped_targets.metrics_path text Path to metrics of target.
services.prometheus.response.dropped_targets.scheme text URL scheme.
services.prometheus.response.go_versions text List of the versions of Go.
services.prometheus.response.prometheus_versions object
services.prometheus.response.prometheus_versions.go_version text Version of Go used to build Prometheus.
services.prometheus.response.prometheus_versions.revision text Revision of Prometheus.
services.prometheus.response.prometheus_versions.version text Version of Prometheus.

RDATE

Path Type Docs
services.parsed.rdate object
services.parsed.rdate.date text

RDP

Path Type Docs
services.rdp object
services.rdp.certificate_info object
services.rdp.certificate_info.internal_x509_chain_fps keyword
services.rdp.certificate_info.proprietary_rsa_key object
services.rdp.certificate_info.proprietary_rsa_key.key_length unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.magic unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.max_bytes_datalen unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.modulus text
services.rdp.certificate_info.proprietary_rsa_key.modulus_bitlen unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.public_exponent unsigned_long
services.rdp.certificate_info.proprietary_rsa_key.signature text
services.rdp.connect_response object
services.rdp.connect_response.connect_id unsigned_long
services.rdp.connect_response.domain_parameters object
services.rdp.connect_response.domain_parameters.domain_protocol_version long
services.rdp.connect_response.domain_parameters.max_channel_ids long
services.rdp.connect_response.domain_parameters.max_mcspdu_size long
services.rdp.connect_response.domain_parameters.max_provider_height long
services.rdp.connect_response.domain_parameters.max_token_ids long
services.rdp.connect_response.domain_parameters.max_user_id_channels long
services.rdp.connect_response.domain_parameters.min_throughput long
services.rdp.connect_response.domain_parameters.num_priorities long
services.rdp.protocol_flags object
services.rdp.protocol_flags.dynvc_graphics_pipeline boolean
services.rdp.protocol_flags.extended_client_data_supported boolean
services.rdp.protocol_flags.neg_resp_reserved boolean
services.rdp.protocol_flags.restricted_admin_mode boolean
services.rdp.protocol_flags.restricted_auth_mode boolean
services.rdp.selected_security_protocol object
services.rdp.selected_security_protocol.credssp boolean
services.rdp.selected_security_protocol.credssp_early_auth boolean
services.rdp.selected_security_protocol.error boolean
services.rdp.selected_security_protocol.error_bad_flags boolean
services.rdp.selected_security_protocol.error_hybrid_required boolean
services.rdp.selected_security_protocol.error_ssl_cert_missing boolean
services.rdp.selected_security_protocol.error_ssl_forbidden boolean
services.rdp.selected_security_protocol.error_ssl_required boolean
services.rdp.selected_security_protocol.error_ssl_user_auth_required boolean
services.rdp.selected_security_protocol.error_unknown boolean
services.rdp.selected_security_protocol.raw_value unsigned_long
services.rdp.selected_security_protocol.rdstls boolean
services.rdp.selected_security_protocol.standard_rdp boolean
services.rdp.selected_security_protocol.tls boolean
services.rdp.version object
services.rdp.version.major integer
services.rdp.version.minor integer
services.rdp.version.raw unsigned_long Raw Version Response, Major version is stored in upper 2 bytes, minor in lower 2 bytes.
services.rdp.x224_cc_pdu_srcref unsigned_long

REALPORT

Path Type Docs
services.parsed.realport object
services.parsed.realport.hw_id long
services.parsed.realport.hw_ver long
services.parsed.realport.num_ports long
services.parsed.realport.product_name text
services.parsed.realport.sw_ver long
services.parsed.realport.unpatched_etherlite boolean
services.parsed.realport.vpd object

REDIS

Path Type Docs
services.redis object
services.redis.arch_bits text The architecture bits (32 or 64) the Redis server used to build.
services.redis.auth_response text The response from the AUTH command, if sent.
services.redis.build_id text The Build ID of the Redis server.
services.redis.commands text The list of commands actually sent to the server, serialized in inline format, like 'PING' or 'AUTH somePassword'.
services.redis.commands_processed unsigned_long The total number of commands processed by the server.
services.redis.connections_received unsigned_long The total number of connections accepted by the server.
services.redis.gcc_version text The version of the GCC compiler used to compile the Redis server.
services.redis.git_sha1 text The Sha-1 Git commit hash the Redis server used.
services.redis.info_response object The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.
services.redis.info_response.key text
services.redis.info_response.value text
services.redis.major unsigned_long Major is the version's major number.
services.redis.mem_allocator text The memory allocator.
services.redis.minor unsigned_long Minor is the version's major number.
services.redis.mode text The mode the Redis server is running (standalone or cluster), read from the the info_response (if available).
services.redis.nonexistent_response text The response from the NONEXISTENT command.
services.redis.os text The OS the Redis server is running, read from the the info_response (if available).
services.redis.patch_level unsigned_long Patchlevel is the version's patchlevel number.
services.redis.ping_response text The response from the PING command; should either be "PONG" or an authentication error.
services.redis.quit_response text The response to the QUIT command.
services.redis.raw_command_output object The raw output returned by the server for each command sent; the indices match those of commands.
services.redis.raw_command_output.output text
services.redis.uptime unsigned_long The number of seconds since Redis server start.
services.redis.used_memory unsigned_long The total number of bytes allocated by Redis using its allocator.

REDLION_CRIMSON

Path Type Docs
services.parsed.redlion_crimson object
services.parsed.redlion_crimson.configs_exposed boolean
services.parsed.redlion_crimson.control_engine_status text
services.parsed.redlion_crimson.current_software_level text
services.parsed.redlion_crimson.execution_status text
services.parsed.redlion_crimson.manufacturer text
services.parsed.redlion_crimson.model text

RIFATRON

Path Type Docs
services.parsed.rifatron object
services.parsed.rifatron.model text

RIPPLE

Path Type Docs
services.parsed.ripple object
services.parsed.ripple.ripple_clio object
services.parsed.ripple.ripple_clio.clio_version text
services.parsed.ripple.ripple_clio.rippled_version text
services.parsed.ripple.ripple_clio.validated boolean
services.parsed.ripple.ripple_clio.validation_quorum long
services.parsed.ripple.rippled_peer object
services.parsed.ripple.rippled_peer.build_version text
services.parsed.ripple.rippled_peer.peer_crawler_response_version long
services.parsed.ripple.rippled_peer.peers object
services.parsed.ripple.rippled_peer.peers.ip text
services.parsed.ripple.rippled_peer.peers.port long
services.parsed.ripple.rippled_peer.peers.public_key text
services.parsed.ripple.rippled_peer.peers.type text
services.parsed.ripple.rippled_peer.peers.version text
services.parsed.ripple.rippled_peer.pubkey_node text
services.parsed.ripple.rippled_peer.server_state text
services.parsed.ripple.rippled_peer.validator_sites text
services.parsed.ripple.rippled_public object
services.parsed.ripple.rippled_public.build_version text
services.parsed.ripple.rippled_public.hostid text
services.parsed.ripple.rippled_public.network_id long
services.parsed.ripple.rippled_public.peers long
services.parsed.ripple.rippled_public.ports object
services.parsed.ripple.rippled_public.ports.port text
services.parsed.ripple.rippled_public.ports.protocol text
services.parsed.ripple.rippled_public.pubkey_node text
services.parsed.ripple.rippled_public.server_state text
services.parsed.ripple.rippled_public.validation_quorum long

RLOGIN

Path Type Docs
services.parsed.rlogin object
services.parsed.rlogin.error text
services.parsed.rlogin.os text
services.parsed.rlogin.software text
services.parsed.rlogin.software_version text

ROCKETMQ

Path Type Docs
services.parsed.rocketmq object
services.parsed.rocketmq.cluster_info object
services.parsed.rocketmq.cluster_info.header object
services.parsed.rocketmq.cluster_info.header.code long
services.parsed.rocketmq.cluster_info.header.flag long
services.parsed.rocketmq.cluster_info.header.language text
services.parsed.rocketmq.cluster_info.header.opaque long
services.parsed.rocketmq.cluster_info.header.serialize_type_current_rpc text
services.parsed.rocketmq.cluster_info.header.version long
services.parsed.rocketmq.cluster_info.payload text
services.parsed.rocketmq.topics object
services.parsed.rocketmq.topics.header object
services.parsed.rocketmq.topics.header.code long
services.parsed.rocketmq.topics.header.flag long
services.parsed.rocketmq.topics.header.language text
services.parsed.rocketmq.topics.header.opaque long
services.parsed.rocketmq.topics.header.serialize_type_current_rpc text
services.parsed.rocketmq.topics.header.version long
services.parsed.rocketmq.topics.topic_list text
services.parsed.rocketmq.version text

RTSP

Path Type Docs
services.parsed.rtsp object
services.parsed.rtsp.auth text
services.parsed.rtsp.commands text
services.parsed.rtsp.server text
services.parsed.rtsp.www_auth text

S7

Path Type Docs
services.s7 object
services.s7.copyright text
services.s7.cpu_profile text
services.s7.firmware text
services.s7.hardware text
services.s7.location text
services.s7.memory_serial_number text
services.s7.module text
services.s7.module_id text
services.s7.module_type text
services.s7.oem_id text
services.s7.plant_id text
services.s7.reserved_for_os text
services.s7.serial_number text
services.s7.system text

SAP_ROUTER

Path Type Docs
services.parsed.sap_router object
services.parsed.sap_router.router_info object
services.parsed.sap_router.router_info.connected_clients_info object
services.parsed.sap_router.router_info.connected_clients_info.connected boolean
services.parsed.sap_router.router_info.connected_clients_info.connected_on date
services.parsed.sap_router.router_info.connected_clients_info.id long
services.parsed.sap_router.router_info.connected_clients_info.routed boolean
services.parsed.sap_router.router_info.connected_clients_info.service text
services.parsed.sap_router.router_info.connected_clients_info.traced boolean
services.parsed.sap_router.router_info.num_clients long
services.parsed.sap_router.router_info.parent_pid long
services.parsed.sap_router.router_info.parent_port long
services.parsed.sap_router.router_info.pid long
services.parsed.sap_router.router_info.port long
services.parsed.sap_router.router_info.routtab_relative_directory text
services.parsed.sap_router.router_info.sap_router_absolute_directory text
services.parsed.sap_router.router_info.started_on date
services.parsed.sap_router.router_version_info object
services.parsed.sap_router.router_version_info.description text
services.parsed.sap_router.router_version_info.release long
services.parsed.sap_router.router_version_info.version long

SCPI

Path Type Docs
services.parsed.scpi object
services.parsed.scpi.firmware text
services.parsed.scpi.manufacturer text
services.parsed.scpi.model text
services.parsed.scpi.serial text

SCREENSHOTS

Path Type Docs
services.screenshots object
services.screenshots.handle text

SER2NET

Path Type Docs
services.parsed.ser2net object
services.parsed.ser2net.device text
services.parsed.ser2net.os text
services.parsed.ser2net.serial_parameters object
services.parsed.ser2net.serial_parameters.baud_rate text
services.parsed.ser2net.serial_parameters.data_bits text
services.parsed.ser2net.serial_parameters.parity text
services.parsed.ser2net.serial_parameters.stop_bits text
services.parsed.ser2net.software text
services.parsed.ser2net.software_version text

SEVEN_DAYS_TO_DIE

Path Type Docs
services.parsed.seven_days_to_die object
services.parsed.seven_days_to_die.game_name text
services.parsed.seven_days_to_die.game_type text
services.parsed.seven_days_to_die.region text
services.parsed.seven_days_to_die.server_url text
services.parsed.seven_days_to_die.server_version text
services.parsed.seven_days_to_die.steam_id text
services.parsed.seven_days_to_die.version text

SIP

Path Type Docs
services.sip object
services.sip.code integer
services.sip.server text Server software reported by service
services.sip.status text
services.sip.version text SIP version

SKINNY

Path Type Docs
services.skinny object
services.skinny.response text

SMB

Path Type Docs
services.smb object
services.smb.group_name text Default group name
services.smb.has_ntlm boolean Server supports the NTLM authentication method
services.smb.native_os text Server-identified operating system
services.smb.negotiation_log object
services.smb.negotiation_log.authentication_types text
services.smb.negotiation_log.capabilities unsigned_long
services.smb.negotiation_log.dialect_revision unsigned_long
services.smb.negotiation_log.header_log object
services.smb.negotiation_log.header_log.command unsigned_long
services.smb.negotiation_log.header_log.credits unsigned_long
services.smb.negotiation_log.header_log.flags unsigned_long
services.smb.negotiation_log.header_log.protocol_id text
services.smb.negotiation_log.header_log.status unsigned_long
services.smb.negotiation_log.security_mode unsigned_long
services.smb.negotiation_log.server_guid text
services.smb.negotiation_log.server_start_time unsigned_long
services.smb.negotiation_log.system_time unsigned_long
services.smb.ntlm text Native LAN manager
services.smb.session_setup_log object
services.smb.session_setup_log.header_log object
services.smb.session_setup_log.header_log.command unsigned_long
services.smb.session_setup_log.header_log.credits unsigned_long
services.smb.session_setup_log.header_log.flags unsigned_long
services.smb.session_setup_log.header_log.protocol_id text
services.smb.session_setup_log.header_log.status unsigned_long
services.smb.session_setup_log.negotiate_flags unsigned_long
services.smb.session_setup_log.setup_flags unsigned_long
services.smb.session_setup_log.target_name text
services.smb.smb_capabilities object Capabilities flags for the connection. See [MS-SMB2] Sect. 2.2.4.
services.smb.smb_capabilities.smb_dfs_support boolean Server supports Distributed File System
services.smb.smb_capabilities.smb_directory_leasing_support boolean Server supports directory leasing
services.smb.smb_capabilities.smb_encryption_support boolean Server supports encryption
services.smb.smb_capabilities.smb_leasing_support boolean Server supports Leasing
services.smb.smb_capabilities.smb_multichan_support boolean Server supports multiple channels per session
services.smb.smb_capabilities.smb_multicredit_support boolean Server supports multi-credit operations
services.smb.smb_capabilities.smb_persistent_handle_support boolean Server supports persistent handles
services.smb.smb_version object
services.smb.smb_version.major unsigned_long Major version
services.smb.smb_version.minor unsigned_long Minor version
services.smb.smb_version.revision unsigned_long Protocol Revision
services.smb.smb_version.version_string text Full SMB Version String
services.smb.smbv1_support boolean

SMTP

Path Type Docs
services.smtp object
services.smtp.banner text The STMP banner.
services.smtp.ehlo text The server's response to the EHLO command.
services.smtp.start_tls text The server's response to the STARTTLS command.

SNMP

Path Type Docs
services.snmp object
services.snmp.engine object
services.snmp.engine.description text
services.snmp.engine.engine_boots unsigned_long
services.snmp.engine.engine_time unsigned_long
services.snmp.engine.format text
services.snmp.engine.format_data text
services.snmp.engine.organization text
services.snmp.engine.pen unsigned_long
services.snmp.engine.raw_id text
services.snmp.engine.rfc3411 boolean
services.snmp.oid_interfaces object 1.3.6.1.2.1.2 - Interfaces
services.snmp.oid_interfaces.num_ifaces unsigned_long 1.3.6.1.2.1.2.1 - Number of network interfaces
services.snmp.oid_physical object 1.3.6.1.2.1.47.1.1.1.1 - Entity Physical
services.snmp.oid_physical.firmware_rev text 1.3.6.1.2.1.47.1.1.1.1.9 - Firmware revision string
services.snmp.oid_physical.hardware_rev text 1.3.6.1.2.1.47.1.1.1.1.8 - Hardware revision string
services.snmp.oid_physical.mfg_name text 1.3.6.1.2.1.47.1.1.1.1.12 - Name of mfg
services.snmp.oid_physical.model_name text 1.3.6.1.2.1.47.1.1.1.1.13 - Model name of component
services.snmp.oid_physical.name text 1.3.6.1.2.1.47.1.1.1.1.7 - Entity name
services.snmp.oid_physical.serial_num text 1.3.6.1.2.1.47.1.1.1.1.11 - Serial number string
services.snmp.oid_physical.software_rev text 1.3.6.1.2.1.47.1.1.1.1.10 - Software revision string
services.snmp.oid_system object 1.3.6.1.2.1.1 - System Variables
services.snmp.oid_system.contact text 1.3.6.1.2.1.1.4 - Contact info
services.snmp.oid_system.desc text 1.3.6.1.2.1.1.1 - Description of entity
services.snmp.oid_system.init_time unsigned_long 1.3.6.1.2.1.1.3 - 1/100ths of sec
services.snmp.oid_system.location text 1.3.6.1.2.1.1.6 - Physical location
services.snmp.oid_system.name text 1.3.6.1.2.1.1.5 - Name, usually FQDN
services.snmp.oid_system.object_id text 1.3.6.1.2.1.1.2 - Vendor ID
services.snmp.oid_system.services object 1.3.6.1.2.1.1.7 - Set of services offered by entity
services.snmp.oid_system.services.layer_1 boolean Physical (e.g. repeaters)
services.snmp.oid_system.services.layer_2 boolean Datalink/subnetwork (e.g. bridges)
services.snmp.oid_system.services.layer_3 boolean Internet (e.g. IP gateways)
services.snmp.oid_system.services.layer_4 boolean End-to-end (e.g. IP hosts)
services.snmp.oid_system.services.layer_5 boolean OSI layer 5
services.snmp.oid_system.services.layer_6 boolean OSI layer 6
services.snmp.oid_system.services.layer_7 boolean Applications (e.g. mail relays)
services.snmp.versions text

SOCKS

Path Type Docs
services.parsed.socks object
services.parsed.socks.no_authentication_required boolean
services.parsed.socks.preferred_authentication text
services.parsed.socks.preferred_authentication_value long
services.parsed.socks.socks_version long

SPICE

Path Type Docs
services.parsed.spice object
services.parsed.spice.major_version long
services.parsed.spice.minor_version long
services.parsed.spice.tls_only boolean
services.parsed.spice.x509_public_key text

SSDP

Path Type Docs
services.ssdp object
services.ssdp.headers nested
services.ssdp.headers.key text
services.ssdp.headers.value object
services.ssdp.headers.value.headers text The values provided in the corresponding header.
services.ssdp.upnp_url text

STEAM_IHS

Path Type Docs
services.parsed.steam_ihs object
services.parsed.steam_ihs.connect_port long
services.parsed.steam_ihs.enabled_services long
services.parsed.steam_ihs.euniverse long
services.parsed.steam_ihs.games_running boolean
services.parsed.steam_ihs.hostname text
services.parsed.steam_ihs.ip_addresses text
services.parsed.steam_ihs.is64bit boolean
services.parsed.steam_ihs.mac_addresses text
services.parsed.steam_ihs.min_version long
services.parsed.steam_ihs.ostype long
services.parsed.steam_ihs.public_ip_address text
services.parsed.steam_ihs.remoteplay_active boolean
services.parsed.steam_ihs.screen_locked boolean
services.parsed.steam_ihs.steam_application_version text
services.parsed.steam_ihs.steam_deck boolean
services.parsed.steam_ihs.steam_version long
services.parsed.steam_ihs.supported_services long
services.parsed.steam_ihs.version long
services.parsed.steam_ihs.vr_active boolean
services.parsed.steam_ihs.vr_link_caps long

TACACS_PLUS

Path Type Docs
services.parsed.tacacs_plus object
services.parsed.tacacs_plus.data_length long
services.parsed.tacacs_plus.flags long
services.parsed.tacacs_plus.obfuscated text
services.parsed.tacacs_plus.seq_num long
services.parsed.tacacs_plus.session_id long
services.parsed.tacacs_plus.type long
services.parsed.tacacs_plus.version long

TEAM_VIEWER

Path Type Docs
services.team_viewer object
services.team_viewer.response text

TIBIA

Path Type Docs
services.parsed.tibia object
services.parsed.tibia.server object
services.parsed.tibia.server.client_version text
services.parsed.tibia.server.ip text
services.parsed.tibia.server.location text
services.parsed.tibia.server.name text
services.parsed.tibia.server.port text
services.parsed.tibia.server.server text
services.parsed.tibia.server.url text
services.parsed.tibia.server.version text

TPLINK_KASA

Path Type Docs
services.parsed.tplink_kasa object
services.parsed.tplink_kasa.active_mode text
services.parsed.tplink_kasa.brightness long
services.parsed.tplink_kasa.dev_name text
services.parsed.tplink_kasa.err_code long
services.parsed.tplink_kasa.feature text
services.parsed.tplink_kasa.hw_ver text
services.parsed.tplink_kasa.icon_hash text
services.parsed.tplink_kasa.led_off long
services.parsed.tplink_kasa.mic_type text
services.parsed.tplink_kasa.model text
services.parsed.tplink_kasa.on_time long
services.parsed.tplink_kasa.relay_state long
services.parsed.tplink_kasa.rssi long
services.parsed.tplink_kasa.sw_ver text
services.parsed.tplink_kasa.updating long

UPNP

Path Type Docs
services.upnp object
services.upnp.devices object
services.upnp.devices.device_type text
services.upnp.devices.friendly_name text
services.upnp.devices.id integer Censys-generated IDs representing a device tree
services.upnp.devices.manufacturer text
services.upnp.devices.manufacturer_url text
services.upnp.devices.model_description text
services.upnp.devices.model_name text
services.upnp.devices.model_number text
services.upnp.devices.model_url text
services.upnp.devices.parent_id integer
services.upnp.devices.presentation_url text
services.upnp.devices.serial_number text
services.upnp.devices.service_list object
services.upnp.devices.service_list.control_url text
services.upnp.devices.service_list.event_sub_url text
services.upnp.devices.service_list.scpd_url text
services.upnp.devices.service_list.service_id text
services.upnp.devices.service_list.service_type text
services.upnp.devices.udn text
services.upnp.devices.upc text
services.upnp.endpoint text
services.upnp.headers nested
services.upnp.headers.key text
services.upnp.headers.value object
services.upnp.headers.value.headers text The values provided in the corresponding header.
services.upnp.spec object
services.upnp.spec.major text
services.upnp.spec.minor text

VENTRILO

Path Type Docs
services.parsed.ventrilo object
services.parsed.ventrilo.attrs text
services.parsed.ventrilo.msgs object
services.parsed.ventrilo.msgs.body object
services.parsed.ventrilo.msgs.body.data text
services.parsed.ventrilo.msgs.error text
services.parsed.ventrilo.msgs.header object
services.parsed.ventrilo.msgs.header.Crc long
services.parsed.ventrilo.msgs.header.PacketLen long
services.parsed.ventrilo.msgs.header.PacketNum long
services.parsed.ventrilo.msgs.header.TotalPackets long
services.parsed.ventrilo.msgs.header.Zero long
services.parsed.ventrilo.msgs.header.cmd long
services.parsed.ventrilo.msgs.header.data_key long
services.parsed.ventrilo.msgs.header.header_key long
services.parsed.ventrilo.msgs.header.id long
services.parsed.ventrilo.msgs.header.total_len long

VNC

Path Type Docs
services.vnc object
services.vnc.connection_failed_reason text If server terminates handshake, the reason offered (if any)
services.vnc.desktop_name text Desktop name provided by the server, capped at 255 bytes
services.vnc.pixel_encoding object
services.vnc.pixel_encoding.name text
services.vnc.pixel_encoding.value integer
services.vnc.screen_info object
services.vnc.screen_info.height unsigned_long
services.vnc.screen_info.name_len unsigned_long
services.vnc.screen_info.pixel_format object
services.vnc.screen_info.pixel_format.big_endian boolean If pixel RGB data are in big-endian
services.vnc.screen_info.pixel_format.bits_per_pixel unsigned_long How many bits in a single full pixel datum. Valid values are: 8, 16, 32
services.vnc.screen_info.pixel_format.blue_max unsigned_long Max value of blue pixel
services.vnc.screen_info.pixel_format.blue_shift unsigned_long How many bits to right shift a pixel datum to get blue bits in lsb
services.vnc.screen_info.pixel_format.depth unsigned_long Color depth
services.vnc.screen_info.pixel_format.green_max unsigned_long Max value of green pixel
services.vnc.screen_info.pixel_format.green_shift unsigned_long How many bits to right shift a pixel datum to get green bits in lsb
services.vnc.screen_info.pixel_format.padding1 unsigned_long
services.vnc.screen_info.pixel_format.padding2 unsigned_long
services.vnc.screen_info.pixel_format.padding3 unsigned_long
services.vnc.screen_info.pixel_format.red_max unsigned_long Max value of red pixel
services.vnc.screen_info.pixel_format.red_shift unsigned_long How many bits to right shift a pixel datum to get red bits in lsb
services.vnc.screen_info.pixel_format.true_color boolean If false, color maps are used
services.vnc.screen_info.width unsigned_long
services.vnc.security_types object server-specified security options
services.vnc.security_types.name text
services.vnc.security_types.value integer
services.vnc.version text

WEBLOGIC_T3

Path Type Docs
services.parsed.weblogic_t3 object
services.parsed.weblogic_t3.error text
services.parsed.weblogic_t3.error_msg text
services.parsed.weblogic_t3.version text

WINRM

Path Type Docs
services.parsed.winrm object
services.parsed.winrm.auth_types text
services.parsed.winrm.ntlm_info object
services.parsed.winrm.ntlm_info.always_sign_supported boolean
services.parsed.winrm.ntlm_info.challenge_type