Skip to content

Modules

General Data Format

All events generated by our scanning platform, delivered via our Data Streams or API Queries, have the following outline:

Details of the fields:

  • origin:
    • client_id:
      • Optional
      • Only on client stream,
      • Your client ID;
    • job_id:
      • Optional
      • Only on client stream,
      • Job ID that event is part of;
    • type:
      • Event type, module that produced the event,
      • Please refer to the next section for details on each module type;
    • module:
      • Either 'portscan' or 'grabber'. Category of the event. Portscan events merely indicate that a port was found open. Grabber events will contain more extracted data such as details of the ip/port/service;
    • ip:
      • IP used by the scanner to perform the analysis;
    • port:
      • Port used by the scanner to perform the analysis. Optional, only some modules will provide this information. Currently only provided by "service-simple". We will be working to add more.
      • Port used by the scanner to perform the analysis;
    • ts:
      • Unix Timestamp in Milliseconds;
    • country:
      • ISO code of the country the scanner that originated this event is located in;
  • target:
    • ip:
      • Target Address used for connection;
    • port:
      • Target Port used for connection;
    • protocol:
      • Target Protocol used for connection;
  • result:
    • data:
      • Varies according to each different module,
      • Please refer to the next section for details on each module type.
{
  "origin": {
    "client_id": "string",
    "job_id": "string",
    "country": "string",
    "type": "string",
    "module": "string",
    "ts": integer,
    "ip": "string"
    "port": integer
  },
  "target": {
    "ip": "ip",
    "port": integer,
    "protocol": "string"
  },
  "result": {
    "data": {(...)}  
  }
}

Modules

service-simple module

Our main module for Service Identification. Extract basic product specific information, e.g. product name, version. This module is much faster than "service", since it returns less information.

elasticsearch module

Extract Elasticsearch detailed information.

http & https module

Extract HTTP/HTTPS information, e.g. HTTP headers, HTTP status codes, HTTP body, and redirect information. Follows up to 5 redirects.

memcached module

Extract Memcached detailed information.

mongodb module

Extract MongoDB detailed information.

mqtt module

Grab MQTT information, including messages and topics.

rdp module

Extract RDP details and screenshot.

redis module

Extract Redis detailed information.

service module

Extract detailed product specific information, e.g. product name, version, headers, scripts. If you just want product name and version, consider using the faster "service-simple".

ssh module

Extract SSH details, e.g. key and algorithms for SSH servers.

ssl module

Extract SSL details e.g. type of encryption.

sslv2 module

Extract SSL details (Version 2).

telnet module

Extract Telnet information, e.g. Will, Do, Don't Won't commands.

vnc module

Extract VNC details and screenshot.

web module

Extract web information.

x11 module

Extract x11 screenshot.