Skip to content

Instantly share code, notes, and snippets.

Created September 28, 2017 16:20
  • Star 10 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Identify IPv4 hosts behind CloudFlare using certificate data
#!/usr/bin/env python3
import censys.certificates
import censys.ipv4
from sys import argv
UID = "**CHANGE**"
def is_cloudflare(dn):
if "" in dn or "" in dn:
return True
return False
def find_certificates(target):
certificates = censys.certificates.CensysCertificates(UID, SECRET)
fingerprints = []
fields = ["parsed.names", "parsed.extensions.subject_alt_name.dns_names",
"parsed.fingerprint_sha256", "parsed.subject_dn"]
for cert in"%s and tags: trusted" % target, fields=fields):
if not is_cloudflare(cert["parsed.subject_dn"]) and target in cert["parsed.names"]:
print("\tHost: %s\n\tFingerprint: %s" % (' '.join(cert["parsed.names"]), cert["parsed.fingerprint_sha256"]))
return fingerprints
def find_hosts(target):
print("Hosts: %s" % target)
hosts = censys.ipv4.CensysIPv4(UID, SECRET)
fields = ["ip"]
for host in
print("\tFound host: %s" % (host["ip"]))
def main():
if len(argv) != 2:
print("Usage: %s <host>" % argv[0])
target = argv[1]
fingerprints = find_certificates(target)
for fp in fingerprints:
if __name__=="__main__":
Copy link

Can you clarify what's happening on line 32?

    fields = ["ip"]

Seems like you're setting a variable but not using it anywhere else in that scope.

Maybe it's some left over debug code? Wasn't sure if I was missing something :)

Copy link

I see you created a fields var on line 19 inside find_certificates() and pass that to the censys API, maybe you meant to do that inside find_hosts() as well?

Copy link

You're right, i meant to pass that along as well in find_hosts(). Good catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment