Meet Censys, a Shodan like search engine for hackers.
Last month the security consultants at the SEC realized that the work-shy manufacturers of IoT(Internet Of Things) using the same old set of hardcoded cryptographic keys leaving over 3 million of IoT devices vulnerable to mass hijacking. But how did they found out the exact number??
Easy! Censys told them. A search engine that ransacks the net for vulnerable devices.
It knows everything and sees everything
Censys is designed for one purpose, to scan for the poor bastards who got logged on to the net without much thought about unauthorized access to them. Clarification, the poor bastards are the devices. In this aspect Censys is a lot like shodan .
However, the methodology used by Censys is much more complex. All this to make internet a safer place.
Released for free in October by the researchers at the University of Michigan, is powered by google, world’s biggest search engine.
As a part of an open source project, census was created to keep track of every data on the internet. And then create a database out of it. the goal of this is to help companies to unearth their vulnerabilities on the net.
Modus Operandi of Censys.
This search engine for hackers does daily scans of Ipv4 address space. By this it collects the information of hosts and websites. Two tools are plied for this purpose
- Zmap : Open Source network Scanner
- ZGrab: Application layer scanner
Then databases are maintained after the collection of data(DUH!). This gives the information about how websites are configured.
Zmap’s job is to scan over 4 billion IP addresses every day. What’s more is this helps determining to whether fix the machines right away or not. Whether the prowling eyes of hackers is upon the device already?
Flaws caused by IT administrator can’t hide either.
So what do ya thing about this? Should this exist? And if it has to, how vulnerable are you?
Post your comments and enlighten our asses.