Append-only dataset of all X.509 certificates seen in Censys scans or present in public certificate transparency logs.
Weekly scans of ICMP, HTTP, HTTPS, FTP, Telnet, POP3, IMAP, SMTP, SMB, Modbus, Bacnet, DNS, DWMP, S7, DNP3, Fox, UPnP, SSH, MySQL, PostgreSQL, MongoDB, and other popular protocols for the full IPv4 address space and Alexa Top Million websites.
Scan of the Alexa Top 1 Million for DNS servers that reply to AXFR requests.
We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in particular on AES-GCM, the most widely deployed variant. With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore, we discovered over 70,000 HTTPS servers using random nonces, which puts them at risk of nonce reuse, in the unlikely case that large amounts of data are sent via the same session.
TCP SYN scan of the public IPv4 address space on port 443 to find SNI proxies, special TLS servers that forward traffic to the destination specified in the Server Name Indication extension. The dataset includes ZMap output as well as the output of a custom program that tests for the SNI proxy property.
HAR files resulting from automatically visiting 35,000 popular Web sites with Google Chrome.
Regular scans of the IPv4 space conducted by Project 25499
Project Sonar includes a regular scan of IPv4 SSL services on TCP port 443. The dataset includes both raw X509 certificates and processed subsets.
DNS 'ANY', 'A', 'AAAA', 'TXT' and 'CNAME' responses for known forward DNS names
Project Sonar includes a regular HTTP GET request for all IPv4 hosts with an open 80/TCP
Project Sonar includes a regular scan of IPv4 SSL/TLS services such as IMAP, POP3, SMTP. Sonar scans both the direct SSL and STARTTLS modes for these services. The dataset includes raw X509 certificates, IP address to certificate mappings and certificate names for convencience.
DNS 'ANY' responses for known forward DNS names
Rapid7 Heisenberg Cloud Honeypot cowrie Logs
Project Sonar includes monthly TCP SYN scans of 10001/TCP
Project Sonar includes monthly probes of common TCP services across all of IPv4
Project Sonar includes monthly probes of common UDP services across all of IPv4
Project Sonar includes an HTTPS GET request for all IPv4 hosts with an open 443/TCP
The Critical.IO project was designed to uncover large-scale vulnerabilities across the global IPv4 internet. The project scanned a number of ports across the entire IPv4 address space between May 2012 and March 2013.
A SYN-scan of 30 TCP ports for Rapid7's National Exposure report(s)
SSLyze scans of POP, IMAP and SMTP related TCP ports, 20,000,000 IP/port combinations, Apr 2015 - August 2015
Crawl of the Alexa Top Million domains from October 5-7, 2016 using ZBrowse, a headless Chrome browser instrumented to track object dependencies.
Regular and continuing scans of the HTTPS Ecosystem from 2012 and 2013 including parsed and raw X.509 certificates, temporal state of scanned hosts, and the raw ZMap output of scans on port 443. The dataset contains approximately 43 million unique certificates from 108 million hosts collected via 100+ scans.
TCP SYN scans of the public IPv4 address space on port 443 completed on October 30-31, 2012 in order to measure the impact of Hurricane Sandy. The initial results from these scans were originally released as part of "ZMap: Fast Internet-Wide Scanning and its Security Applications" at USENIX Security 2013. The dataset consists of the unique TCP SYN-ACK and RST responses received by ZMap in CSV format.
A set of daily Alexa Top Million Scans to collect session tickets over a 9-week period.
Regular daily scans of IPv4 and the Alexa Top 1 Million domains on HTTPS and SMTP+StartTLS for the Heartbleed vulnerability.
Publicly available Zonefiles parsed into a sqlite3 database.
UDP scan and meassurement of public UDP services that could be used in relation to Amplified DDoS attacks. The dataset consists of 20 UDP Services and 21 attack vectors. Data is collected in a JSON format with both the request and response.
Daily scans of the Top 1 Million sites on the Web. It includes data on the presence and configuration of various HTTP Response Headers, details on the TLS configuration, certificates, protocol, cipher and keys used and much more.
© 2019 Scans.IO Conontributors