Cool Query of the Week for October 10, 2024: Using the new suspicious open directory label

5 months ago
October 10, 2024
1 reply
72 views

MattK_Censys
Censys Community Manager

Hey hey folks, this week I’ve got a query that leverages our new suspicious open directory label. While simply running labels: suspicious-open-dir can be a good starting point in general, combining it with other information of interest can get you really moving in an investigation. Try the following with hosts:

labels: suspicious-open-dir and services.http.response.body: "cve"

This will return hosts with the suspicious open directory label and “cve” in the service response body. Sub a different indicator of interest in there and take it away!

This is part of a regular series of posts in which we’ll highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!

researctatactix
New Participant
1 day ago
March 30, 2025

I have seen after upgrading to Censys platform this query is no longer showing results. labels: suspicious-open-dir and services.http.response.body: "cve" which is converted by Query converter host.services.labels.value="SUSPICIOUS_DIRECTORY " and host.services.endpoints.http.body:"cve"

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Sign up

Log in to the Censys Community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings