components:
schemas:
Activemq:
additionalProperties: false
properties:
cache_enabled:
type: boolean
cache_size:
format: int32
type: integer
max_frame_size:
format: int64
type: integer
max_inactivity_duration:
format: int64
type: integer
max_inactivity_duration_initial_delay:
format: int32
type: integer
platform_details:
type: string
provider_name:
type: string
provider_version:
type: string
size_prefix_disabled:
type: boolean
stack_trace_enabled:
type: boolean
tcp_no_delay_enabled:
type: boolean
tight_encoding_enabled:
type: boolean
type: object
Amqp:
additionalProperties: false
properties:
explicit_tls:
description: Connected via a TLS connection after initial handshake
type: boolean
implicit_tls:
description: Connected via a TLS wrapped connection (AMQPS)
type: boolean
protocol_id:
$ref: "#/components/schemas/Amqp_Protocol"
version:
$ref: "#/components/schemas/Amqp_Version"
type: object
Amqp_Protocol:
additionalProperties: false
properties:
id:
format: int32
minimum: 0
type: integer
name:
type: string
type: object
Amqp_Version:
additionalProperties: false
properties:
major:
format: int32
minimum: 0
type: integer
minor:
format: int32
minimum: 0
type: integer
revision:
format: int32
minimum: 0
type: integer
type: object
AnalyticsCapabilities:
additionalProperties: false
properties:
analytics_module_support:
type: boolean
cell_based_scene_description_supported:
type: boolean
rule_options_supported:
type: boolean
rule_support:
type: boolean
type: object
AnermaCfForth:
additionalProperties: false
properties:
ip:
type: string
product:
type: string
serial_number:
type: string
unit_name:
type: string
version:
type: string
type: object
AnyConnect:
additionalProperties: false
properties:
aggregate_auth_version:
description: Version number indicated by the response for config-auth exchange
format: int32
type: integer
auth_methods:
description: Supported methods for users to enter credentials for this VPN
items:
type: string
type:
- array
- "null"
groups:
description: List of groups a user can authenticate with to use this VPN
items:
type: string
type:
- array
- "null"
raw:
description: XML content of the config-auth response
type: string
response_type:
description: Type of the response packet received after initializing the config-auth exchange
type: string
type: object
AssetGraph:
additionalProperties: false
properties:
$schema:
description: A URL to the JSON Schema for this object.
examples:
- https://graph.data.censys.io/schemas/AssetGraph.json
format: uri
readOnly: true
type: string
active_execution:
$ref: "#/components/schemas/GraphExecution"
description: The currently active graph execution
create_time:
description: RFC3339 creation timestamp
type: string
description:
description: Optional description
type: string
id:
description: Unique identifier for the asset graph
type: string
name:
description: User-defined name
type: string
status:
description: Lifecycle status of the asset graph
enum:
- ACTIVE
- DELETING
type: string
update_time:
description: RFC3339 last-update timestamp
type: string
required:
- id
- name
- status
- create_time
- update_time
type: object
AssetRef:
additionalProperties: false
properties:
$schema:
description: A URL to the JSON Schema for this object.
examples:
- https://graph.data.censys.io/schemas/AssetRef.json
format: uri
readOnly: true
type: string
autonomous_system:
description: Autonomous system number (ASN)
format: int32
minimum: 0
type: integer
business_organization:
description: Organization name
type: string
certificate:
description: SHA-256 fingerprint of a certificate (hex-encoded)
type: string
domain:
description: Domain name
type: string
host:
description: IP address of a host
type: string
id:
description: Asset id, matching the id returned by the get-asset endpoint. Populated on responses; ignored on input.
type: string
netblock:
description: CIDR notation (e.g. 192.168.0.0/24)
type: string
registrant_email:
description: Registrant email address
type: string
registrant_organization:
description: Registrant organization name
type: string
web_property:
$ref: "#/components/schemas/WebPropertyIdentifier"
description: Web property (hostname and port)
type: object
AssetResponse:
additionalProperties: false
properties:
$schema:
description: A URL to the JSON Schema for this object.
examples:
- https://graph.data.censys.io/schemas/AssetResponse.json
format: uri
readOnly: true
type: string
certificate:
$ref: "#/components/schemas/Certificate"
description: Certificate data
discovery_paths:
description: Discovery paths to this asset
items:
$ref: "#/components/schemas/DiscoveryPath"
type:
- array
- "null"
domain:
$ref: "#/components/schemas/DomainResponse"
description: Domain data
host:
$ref: "#/components/schemas/Host"
description: Host data
id:
description: Unique identifier of the asset
type: string
web_property:
$ref: "#/components/schemas/WebProperty"
description: Web property data
required:
- id
type: object
AsteriskManagerInterface:
additionalProperties: false
properties:
version:
type: string
type: object
Attribute:
additionalProperties: false
properties:
components:
items:
$ref: "#/components/schemas/CPE"
type:
- array
- "null"
confidence:
format: double
type: number
cpe:
type: string
edition:
type: string
evidence:
items:
$ref: "#/components/schemas/Evidence"
type:
- array
- "null"
life_cycle:
$ref: "#/components/schemas/CPE_LifeCycle"
part:
type: string
product:
type: string
source:
enum:
- ""
- censys
- recog
- wappalyzer
- third_party
- html_meta_extractor
type: string
type:
items:
type: string
type:
- array
- "null"
update:
type: string
vendor:
type: string
version:
type: string
type: object
Auth:
additionalProperties: false
properties:
enabled:
type: boolean
type: object
AuthorityInfoAccess:
additionalProperties: false
properties:
issuer_urls:
items:
type: string
type:
- array
- "null"
ocsp_urls:
items:
type: string
type:
- array
- "null"
type: object
Bacnet:
additionalProperties: false
properties:
application_software_revision:
type: string
description:
type: string
firmware_revision:
type: string
instance_number:
format: int32
minimum: 0
type: integer
location:
type: string
model_name:
type: string
object_name:
type: string
vendor_id:
format: int32
minimum: 0
type: integer
vendor_name:
type: string
type: object
BasicConstraints:
additionalProperties: false
properties:
is_ca:
description: Whether the certificate is permitted to sign other certificates.
type: boolean
max_path_len:
description: When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
format: int32
type: integer
type: object
CPE:
additionalProperties: false
properties:
cpe:
type: string
edition:
type: string
life_cycle:
$ref: "#/components/schemas/CPE_LifeCycle"
part:
type: string
product:
type: string
update:
type: string
vendor:
type: string
version:
type: string
type: object
CPE_LifeCycle:
additionalProperties: false
properties:
end_of_life:
type: boolean
end_of_life_date:
type: string
release_date:
type: string
type: object
CVSS:
additionalProperties: false
properties:
components:
$ref: "#/components/schemas/CVSS_Components"
description: These metrics contribute to how a CVE is scored.
score:
description: Score of the vulnerability; 0.1 is the lowest, 10 is the maximum
format: double
type: number
vector:
description: The path, method, or scenario used to exploit the vulnerability. Each section represents components that contribute to the overall CVSS score.
type: string
type: object
CVSS_Components:
additionalProperties: false
properties:
attack_complexity:
description: "Indicates conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: Low (L) – There are no specific pre-conditions required for exploitation, High (H) – The attacker must complete some number of preparatory steps in order to get access."
enum:
- ""
- low
- high
type: string
attack_vector:
description: "Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) – Vulnerabilities with this rating are remotely exploitable, from one or more hops away, up to, and including, remote exploitation over the Internet, Adjacent (A) – A vulnerability with this rating requires network adjacency for exploitation. The attack must be launched from the same physical or logical network, Local (L) – Vulnerabilities with this rating are not exploitable over a network, Physical (P) – An attacker must physically interact with the target system."
enum:
- ""
- network
- adjacent
- local
- physical
type: string
availability:
description: "If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) – There is no loss of availability, Low (L) – Availability might be intermittently limited, or performance might be negatively impacted, as a result of a successful attack, High (H) – There is a complete loss of availability of the impacted system or information."
enum:
- ""
- none
- low
- high
type: string
confidentiality:
description: "Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three potential values: High (H) – The attacker has full access to all resources in the impacted system, including highly sensitive information such as encryption keys, Low (L) – The attacker has partial access to information, with no control over what, specifically, they are able to access, None (N) – No data is accessible to unauthorized users as a result of the exploit."
enum:
- ""
- none
- low
- high
type: string
integrity:
description: "Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has been maintained. Integrity has three values: None (N) – There is no loss of the integrity of any information, Low (L) – A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system, High (H) – The attacker can modify any/all information on the target system, resulting in a complete loss of integrity."
enum:
- ""
- none
- low
- high
type: string
privileges_required:
description: "Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) – There is no privilege or special access required to conduct the attack, Low (L) – The attacker requires basic, “user” level privileges to leverage the exploit, High (H) – Administrative or similar access privileges are required for successful attack."
enum:
- ""
- none
- low
- high
type: string
scope:
description: "Determines whether a vulnerability in one system or component can impact another system or component. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a scope change occurs. Scope has two possible ratings: Changed (C) – An exploited vulnerability can have a carry over impact on another system, Unchanged (U) – The exploited vulnerability is limited in damage to only the local security authority."
enum:
- ""
- unchanged
- changed
type: string
user_interaction:
description: "Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) – No user interaction is required, Required (R) – A user must complete some steps for the exploit to succeed. For example, a user might be required to install some software."
enum:
- ""
- none
- required
type: string
type: object
CVSSv4:
additionalProperties: false
properties:
components:
$ref: "#/components/schemas/CVSSv4_Components"
description: These metrics contribute to how a CVE is scored.
score:
description: Score of the vulnerability; 0.1 is the lowest, 10 is the maximum
format: double
type: number
vector:
description: The path, method, or scenario used to exploit the vulnerability. Each section represents components that contribute to the overall CVSS score.
type: string
type: object
CVSSv4_Components:
additionalProperties: false
properties:
attack_complexity:
description: "Indicates conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: Low (L) – There are no specific pre-conditions required for exploitation, High (H) – The attacker must complete some number of preparatory steps in order to get access."
enum:
- ""
- low
- high
type: string
attack_requirements:
enum:
- ""
- none
- present
type: string
attack_vector:
description: "Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) – Vulnerabilities with this rating are remotely exploitable, from one or more hops away, up to, and including, remote exploitation over the Internet, Adjacent (A) – A vulnerability with this rating requires network adjacency for exploitation. The attack must be launched from the same physical or logical network, Local (L) – Vulnerabilities with this rating are not exploitable over a network, Physical (P) – An attacker must physically interact with the target system."
enum:
- ""
- network
- adjacent
- local
- physical
type: string
automatable:
enum:
- ""
- "no"
- "yes"
type: string
availability:
description: "If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) – There is no loss of availability, Low (L) – Availability might be intermittently limited, or performance might be negatively impacted, as a result of a successful attack, High (H) – There is a complete loss of availability of the impacted system or information."
enum:
- ""
- none
- low
- high
type: string
confidentiality:
description: "Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three potential values: High (H) – The attacker has full access to all resources in the impacted system, including highly sensitive information such as encryption keys, Low (L) – The attacker has partial access to information, with no control over what, specifically, they are able to access, None (N) – No data is accessible to unauthorized users as a result of the exploit."
enum:
- ""
- none
- low
- high
type: string
integrity:
description: "Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has been maintained. Integrity has three values: None (N) – There is no loss of the integrity of any information, Low (L) – A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system, High (H) – The attacker can modify any/all information on the target system, resulting in a complete loss of integrity."
enum:
- ""
- none
- low
- high
type: string
privileges_required:
description: "Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) – There is no privilege or special access required to conduct the attack, Low (L) – The attacker requires basic, “user” level privileges to leverage the exploit, High (H) – Administrative or similar access privileges are required for successful attack."
enum:
- ""
- none
- low
- high
type: string
provider_urgency:
enum:
- ""
- clear
- green
- amber
- red
type: string
recovery:
enum:
- ""
- automatic
- user
- irrecoverable
type: string
safety:
enum:
- ""
- negligible
- present
type: string
user_interaction:
description: "Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) – No user interaction is required, Required (R) – A user must complete some steps for the exploit to succeed. For example, a user might be required to install some software."
enum:
- ""
- none
- required
type: string
value_density:
enum:
- ""
- diffuse
- concentrated
type: string
vulnerability_response_effort:
enum:
- ""
- low
- moderate
- high
type: string
type: object
CWE:
additionalProperties: false
properties:
entry:
description: A unique identifier associated with a class of a software or hardware weakness.
type: string
type: object
CabfOrganizationId:
additionalProperties: false
properties:
country:
type: string
reference:
type: string
scheme:
type: string
state:
type: string
type: object
Capabilities:
additionalProperties: false
properties:
analytics:
$ref: "#/components/schemas/AnalyticsCapabilities"
device:
$ref: "#/components/schemas/DeviceCapabilities"
device_io:
$ref: "#/components/schemas/DeviceIOCapabilities"
events:
$ref: "#/components/schemas/EventsCapabilities"
image:
$ref: "#/components/schemas/ImageCapabilities"
media:
$ref: "#/components/schemas/MediaCapabilities"
pan_tilt_zoom:
$ref: "#/components/schemas/PanTiltZoomCapabilities"
recording:
$ref: "#/components/schemas/RecordingCapabilities"
replay:
$ref: "#/components/schemas/ReplayCapabilities"
search:
$ref: "#/components/schemas/SearchCapabilities"
type: object
Certificate:
additionalProperties: false
properties:
added_at:
description: When the certificate was added to the Censys dataset.
type: string
ct:
$ref: "#/components/schemas/Ct"
ever_seen_in_scan:
description: Whether the certificate has ever been presented by a service during a scan.
type: boolean
fingerprint_md5:
description: The MD-5 digest of the entire raw certificate. An identifier used by some systems.
format: hex
type: string
fingerprint_sha1:
description: The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
format: hex
type: string
fingerprint_sha256:
description: The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
format: hex
type: string
modified_at:
description: When the certificate record was last modified.
type: string
names:
description: All the names contained in the certificate from various fields.
items:
type: string
type:
- array
- "null"
parent_spki_fingerprint_sha256:
description: "DEPRECATED: Use parent_spki_subject_fingerprint_sha256"
format: hex
type: string
parent_spki_subject_fingerprint_sha256:
description: The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
format: hex
type: string
parse_status:
enum:
- ""
- success
- fail
- corrupted
type: string
parsed:
$ref: "#/components/schemas/Certificate_Parsed"
description: A record containing all of the data parsed from the certificate.
precert:
description: "Whether the X.509 \"poison\" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted."
type: boolean
revocation:
$ref: "#/components/schemas/CertificateRevocation"
description: A record containing revocation information, if the certificate has been revoked.
revoked:
description: Whether the certificate has been revoked before its expiry date by the issuer.
type: boolean
spki_fingerprint_sha256:
description: "DEPRECATED: Use spki_subject_fingerprint_sha256"
format: hex
type: string
spki_subject_fingerprint_sha256:
description: The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
format: hex
type: string
tbs_fingerprint_sha256:
description: The SHA-256 digest of the unsigned certificate's contents.
format: hex
type: string
tbs_no_ct_fingerprint_sha256:
description: The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.
format: hex
type: string
validated_at:
description: When the certificate record's trust was last checked.
type: string
validation:
$ref: "#/components/schemas/Validation"
description: A record containing information from the maintainers of major root certificate stores related to their trust assessment.
validation_level:
description: The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).
enum:
- ""
- dv
- ov
- ev
type: string
zlint:
$ref: "#/components/schemas/ZLint"
description: A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.
type: object
CertificateExtensions:
additionalProperties: false
properties:
authority_info_access:
$ref: "#/components/schemas/AuthorityInfoAccess"
description: "The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted."
authority_key_id:
description: A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.
format: hex
type: string
basic_constraints:
$ref: "#/components/schemas/BasicConstraints"
description: "The parsed id-ce-basicConstraints extension (OID: 2.5.29.19)."
cabf_organization_id:
$ref: "#/components/schemas/CabfOrganizationId"
description: "CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1)."
certificate_policies:
description: "The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32)."
items:
$ref: "#/components/schemas/CertificatePolicy"
type:
- array
- "null"
crl_distribution_points:
description: "The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted)."
items:
type: string
type:
- array
- "null"
ct_poison:
description: "Whether the certificate possesses the pre-certificate \"poison\" extension (OID: 1.3.6.1.4.1.11129.2.4.3)."
type: boolean
extended_key_usage:
$ref: "#/components/schemas/ExtendedKeyUsage"
description: "The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37)."
issuer_alt_name:
$ref: "#/components/schemas/GeneralNames"
description: "The parsed id-ce-issuerAltName extension (OID: 2.5.29.18)."
key_usage:
$ref: "#/components/schemas/KeyUsage"
description: "The parsed id-ce-keyUsage extension (OID: 2.5.29.15)."
name_constraints:
$ref: "#/components/schemas/NameConstraints"
description: "The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located."
qc_statements:
$ref: "#/components/schemas/QcStatements"
signed_certificate_timestamps:
items:
$ref: "#/components/schemas/SignedCertificateTimestamp"
type:
- array
- "null"
subject_alt_name:
$ref: "#/components/schemas/GeneralNames"
description: "The parsed id-ce-subjectAltName extension (OID: 2.5.29.17)."
subject_key_id:
description: A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..
format: hex
type: string
tor_service_descriptors:
items:
$ref: "#/components/schemas/TorServiceDescriptor"
type:
- array
- "null"
type: object
CertificatePolicy:
additionalProperties: false
properties:
cps:
items:
type: string
type:
- array
- "null"
id:
type: string
user_notice:
items:
$ref: "#/components/schemas/UserNotice"
type:
- array
- "null"
type: object
CertificateRevocation:
additionalProperties: false
properties:
crl:
$ref: "#/components/schemas/CertificateRevocation_RevocationInfo"
ocsp:
$ref: "#/components/schemas/CertificateRevocation_RevocationInfo"
type: object
CertificateRevocation_RevocationInfo:
additionalProperties: false
properties:
next_update:
type: string
reason:
description: An enumerated value indicating the issuer-supplied reason for the revocation.
enum:
- ""
- unspecified
- key_compromise
- ca_compromise
- affiliation_changed
- superseded
- cessation_of_operation
- certificate_hold
- remove_from_crl
- privilege_withdrawn
- aa_compromise
type: string
revocation_time:
description: The issuer-supplied timestamp indicating when the certificate was revoked.
type: string
revoked:
description: Whether the certificate has been revoked before its expiry date by the issuer.
type: boolean
type: object
Certificate_Parsed:
additionalProperties: false
properties:
e
# --- truncated at 32 KB (324 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/openapi/censys-asset-graph-openapi.yml