Security Stack Logo
Censys Platform logo

Vulnerability ManagementThreat Intelligence

Censys Platform

Internet-wide scanning that maps an external attack surface and tracks adversary infrastructure.

Attack Surface Management (ASM)

Censys Platform Overview

What it does

Censys Platform is an internet intelligence product that maps an organization's external attack surface using first-party scanning of the public internet across all 65,000 ports. Its distinctive mechanism is a continuously refreshed map of global internet infrastructure built from Censys's own scan data and certificate transparency records rather than third-party feeds. Security teams use it to discover internet-facing assets, including services on nonstandard ports and unmanaged cloud systems that internal scanners miss.

How it works

The platform scans the internet continuously and fingerprints the software, services, and certificates running on each discovered host, mapping relationships between assets to attribute them back to the organization. It alerts on meaningful changes such as new hosts, ports, or certificates, and scores exposures using Exploit Prediction Scoring System (EPSS) probability and CISA Known Exploited Vulnerabilities (KEV) data to rank what to fix first. Teams can pivot from a flagged exposure into the broader platform to track reused certificates and domains and investigate adversary infrastructure, including command-and-control (C2) servers and phishing domains.

Credentials and traction

Censys holds SOC 2 Type II certification, with an independent audit confirming its controls over a defined period. The company originated from the ZMap internet-scanning research at the University of Michigan and serves security operations, threat hunting, and government teams, including CISA, the U.S. Department of Homeland Security, and large enterprises. Its scan datasets and certificate records are widely used as a reference source for internet infrastructure research.

Key Capabilities

mapped to solution categories
Attack Surface Management (ASM)

Ranks discovered exposures by combining exploitability signals, asset business context, and active threat intelligence to produce an actionable remediation queue.

Identifies software stacks, versions, and components running on discovered assets through passive banner analysis and active probing, mapping CVE exposure without authenticated scanning.

Continuously enumerates internet-exposed assets (domains, IPs, subdomains, certificates, cloud storage, APIs) using passive DNS, certificate transparency logs, and active probing, including assets outside the official inventory.

Identifies cloud resources, SaaS applications, and exposed services deployed by business units without IT or security team visibility or approval.

Tracks SSL/TLS certificate expirations, newly registered lookalike domains, and subdomain takeover opportunities (dangling DNS records pointing to deprovisioned cloud services).

Compliance

certifications
GDPRSOC 2 Type II

Integrations

compatible tools
AWSAxoniusBrinqaCywareGoogle CloudGoogle SecOps (Chronicle)JiraMaltegoMicrosoft AzureMicrosoft SentinelNucleus SecurityPalo Alto Networks Cortex XSOARQualysSeemplicityServiceNowSplunkSwimlaneTenableWiz

Implementation & support

Deployment model
SaaS
Pricing structure
Custom / EnterpriseFreemiumUsage-based
Support channels
Community ForumDocumentationEmail SupportPhone Support

Info last updated on June 30, 2026