Skip to main content

Cool Query of the Week for October 10, 2024: Using the new suspicious open directory label

  • October 10, 2024
  • 1 reply
  • 72 views

MattK_Censys
Forum|alt.badge.img+2

Hey hey folks, this week I’ve got a query that leverages our new suspicious open directory label. While simply running labels: suspicious-open-dir can be a good starting point in general, combining it with other information of interest can get you really moving in an investigation. Try the following with hosts:

labels: suspicious-open-dir and services.http.response.body: "cve"

This will return hosts with the suspicious open directory label and “cve” in the service response body. Sub a different indicator of interest in there and take it away!

This is part of a regular series of posts in which we’ll highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!

I have seen after upgrading to Censys platform this query is no longer showing results. labels: suspicious-open-dir and services.http.response.body: "cve"  which is converted by Query converter host.services.labels.value="SUSPICIOUS_DIRECTORY " and host.services.endpoints.http.body:"cve"


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings