Introduction
NSE script using the Censys Search API, allowing you to passively gather information about hosts.
Installation
Simple place the censys-api.nse script into your nmap scripts folder. e.g:
cp censys-api.nse /usr/share/nmap/scripts/If nmap is installed on macOS via Homebrew, the scripts folder might instead be located at /usr/local/share/nmap/scripts/.
cp censys-api.nse /usr/local/share/nmap/scripts/Usage
Invoke the script like you would any other NSE script:
nmap -sn -Pn -n --script censys-api scanme.nmap.orgAPI Keys
The Censys API ID and secret can be set with the apiid and apisecret script arguments, CENSYS_API_ID and CENSYS_API_SECRET environment variables, or hardcoded in the .nse file itself. You can get free API credentials from https://search.censys.io/account/api.
Saving to a File
The results can be written to file with the outfile script argument censys-api.outfile.
Warning
nmap will still scan the target host normally. If you only want to look up the target in Censys you need to include the -sn -Pn -n flags.
Example Output
$ nmap -sn -Pn -n --script censys-api scanme.nmap.org
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-03 12:02 EST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up.
Host script results:
| censys-api: Report for 45.33.32.156 ()
| PORT PROTO SERVICE PRODUCT VERSION
| 22 TCP SSH OpenSSH 6.6.1p1
| 80 TCP HTTP HTTPD 2.4.7
| 123 UDP NTP
|_9929 TCP UNKNOWN
Post-scan script results:
|_censys-api: Censys done: 1 hosts up.
Nmap done: 1 IP address (1 host up) scanned in 0.67 secondsHelp
nmap --script-help censys-api.nse
