Daily download of Alexa Top 1 Million Domains and A record lookup for each domain.
Scan of the Alexa Top 1 Million for DNS servers that reply to AXFR requests.
We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in particular on AES-GCM, the most widely deployed variant. With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore, we discovered over 70,000 HTTPS servers using random nonces, which puts them at risk of nonce reuse, in the unlikely case that large amounts of data are sent via the same session.
TCP SYN scan of the public IPv4 address space on port 443 to find SNI proxies, special TLS servers that forward traffic to the destination specified in the Server Name Indication extension. The dataset includes ZMap output as well as the output of a custom program that tests for the SNI proxy property.
Regular scans of the IPv4 space conducted by Project 25499
Project Sonar includes a regular scan of IPv4 SSL services on TCP port 443. The dataset includes both raw X509 certificates and processed subsets.
DNS 'ANY' responses for known forward DNS names
Project Sonar includes a regular HTTP GET request for all IPv4 hosts with an open 80/TCP
Project Sonar includes a regular scan of IPv4 SSL/TLS services such as IMAP, POP3, SMTP. Sonar scans both the direct SSL and STARTTLS modes for these services. The dataset includes raw X509 certificates, IP address to certificate mappings and certificate names for convencience.
Project Sonar includes a regular DNS lookup for all names gathered from the other scan types, such as HTTP data, SSL Certificate names, reverse DNS records, etc. Please note that effective February 2017, this study has been deprecated in favor of https://scans.io/study/sonar.fdns_v2
Project Sonar includes a regular DNS lookup for all IPv4 PTR records. Please note that effective February 2017, this study has been deprecated in favor of https://scans.io/study/sonar.rdns_v2
Rapid7 Heisenberg Cloud Honeypot cowrie Logs
Project Sonar includes monthly TCP SYN scans of 10001/TCP
Project Sonar includes weekly probes of common UDP services across all of IPv4
Project Sonar includes an HTTPS GET request for all IPv4 hosts with an open 443/TCP
The Critical.IO project was designed to uncover large-scale vulnerabilities across the global IPv4 internet. The project scanned a number of ports across the entire IPv4 address space between May 2012 and March 2013.
A SYN-scan of 30 TCP ports for Rapid7's National Exposure report
SSLyze scans of POP, IMAP and SMTP related TCP ports, 20,000,000 IP/port combinations, Apr 2015 - August 2015
Regular and continuing scans of the HTTPS Ecosystem from 2012 and 2013 including parsed and raw X.509 certificates, temporal state of scanned hosts, and the raw ZMap output of scans on port 443. The dataset contains approximately 43 million unique certificates from 108 million hosts collected via 100+ scans.
TCP SYN scans of the public IPv4 address space on port 443 completed on October 30-31, 2012 in order to measure the impact of Hurricane Sandy. The initial results from these scans were originally released as part of "ZMap: Fast Internet-Wide Scanning and its Security Applications" at USENIX Security 2013. The dataset consists of the unique TCP SYN-ACK and RST responses received by ZMap in CSV format.
A set of daily Alexa Top Million Scans to collect session tickets over a 9-week period.
Regular daily scans of IPv4 and the Alexa Top 1 Million domains on HTTPS and SMTP+StartTLS for the Heartbleed vulnerability.
Publicly available Zonefiles parsed into a sqlite3 database.