Censys Search Shortcuts

Use Censys to discover which of your devices are connected to the Internet, where they are located and who is using them.

Censys supports both full-text searches and structured queries. The search Dell will find any hosts where the word Dell appears. However, you can also compose more complex queries. For example, the query ip: AND metadata.manufacturer:”Dell” will find any Dell devices in the specified network.

Boolean Logic
You can compose multiple statements using AND, OR, NOT, and parentheses. For example, (“Schneider Electric” OR Dell) AND ip: By default, all terms are optional (e.g., executed as an or statement) unless specified otherwise.

You can search for ranges of numbers using [ and ] for inclusive ranges and { and } for exclusive ranges. For example, 80.http.get.status_code:[200 TO 300]. You can search for IP addresses using CIDR notation, e.g., ip: Timestamps should be queried using the following syntax: [2012-01-01 TO 2012-12-31].

By default, Censys will search for complete words. In other words, the search Del will not return results with the word Dell. If you want to search for words that start with Del, you would search for Del*. You can also search for D?ll.

DNS Queries
You can perform inline DNS A and MX queries using the following syntax: a:facebook.com and mx:gmail.com.
Regular Expressions
You can also search using regular expressions, e.g., metadata.manufacturer:/De[ll]/. Full syntax is available here.

The boost operator (^) can be used to make one term more relevant than another. For example, metadata.manufacturer: Dell^2 OR Schneider Electric puts more preference on the Dell keyword.

Reserved Characters
The following characters must be escaped with a backslash: + – = && || > < ! ( ) { } [ ] ^ ” ~ * ? : \ /

Business Email Compromise

Add one more email scam reference to your lexicon. Business E-mail Compromise (BEC) scams, also known as CEO fraud, usually involve spoofing an executive’s email address and/or gaining access to that executive’s inbox through a phishing scam. Once access is obtained or the executive’s email address is spoofed, specific individuals are targeted in the organization for fraudulent wire transfers.

The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-E-mail Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam. The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers.

Source: Business Email Compromise