Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
Compare
Name Last commit Last update
..
README.txt
censys2warden.cron
censys2warden.py
README.txt
=========================
Censys2warden connector
=========================

This connector uses the internet-wide scanning service Censys.io to search for
potentially vulnerable open services in given network (ASN) and reports them to
Warden (via Warden filer daemon).

The script sends a set of preconfigured queries to Censys API to search for all
matching IPs in given ASN. The queries correspond to various potentially
vulnerable hosts or other problems with open services.

Since Censys' free account has quite strict limits on number of queries and 
results obtained, it is recommended to have at least the lowest tier of a paid
account.

Currently implemented queries:

- Publicly accessible IPMI protocol
- Publicly accessible SCADA (BACnet) system
- Publicly accessible printer via IPP protocol
- Open MongoDB database
- Publicly accessible PCAnywhere (an unsupported vulnerable remote-access SW)
- Open Elastic database
- Web page or other service with a "hacked by" message
- Web running on an old (unsupported) PHP version

Important: These rules may need to be changed according to needs, interests and
security policies of each organization.

For each host in given ASN found to be matching a query, a corresponding IDEA
message is created and put to an output directory. Messages from this directory
should be sent to Warden by a Warden filer daemon.

The script is assumed to be run periodically (e.g. once a day) by cron.


-------------------------
Installation:

1. create a directory for the script and resulting IDEA files, e.g. 
   `/data/censys2warden/` and `/data/censys2warden/warden_sender`
2. put the censys2warden.py script into the first directory
3. set up warden_filer daemon to read IDEA messages from
   `/data/censys2warden/warden_sender` and send them to Warden
   (see README of Warden filer)
4. set up cron to run the scirpt every day (use censys2warden.cron as an 
   example)


-------------------------
Configuration:

The script takes the following arguments:

  -h, --help            show this help message and exit
  -i APIID, --apiid APIID
                        Censys API ID
  -s APISECRET, --apisecret APISECRET
                        Censys API secret
  -a ASN, --asn ASN     ASN to query
  -n NODE, --node NODE  Node name to fill into IDEA messages
  -d PATH, --destdir PATH
                        Path to destination directory (with 'incoming' and
                        'temp' subdirectories) (default: CWD)
  -t, --test            Add 'Test' category to IDEA messages.
  -v, --verbose         Print information about progress and results