Skip to content

Modules

General Data Format

All events generated by our scanning platform, delivered via our Data Streams or API Queries, have the following outline:

Details of the fields:

  • origin:
    • client_id:
      • Your client ID. Optional, appears only on the client stream.
    • job_id:
      • Job ID that event is part of. Optional, appears only on the client stream.
    • type:
      • Event type, module that produced the event;
      • Please refer to the next section for details on each module type.
    • module:
      • Either 'portscan' or 'grabber'. Category of the event. Portscan events merely indicate that a port was found open. Grabber events will contain more extracted data such as details of the ip/port/service;
    • ip:
      • IP used by the scanner to perform the analysis;
    • port:
      • Port used by the scanner to perform the analysis. Optional, only some modules will provide this information.
    • ts:
      • Unix Timestamp in Milliseconds;
    • country:
      • ISO code of the country the scanner that originated this event is located in;
  • target:
    • ip:
      • Target Address used for connection;
    • port:
      • Target Port used for connection;
    • protocol:
      • Target Protocol used for connection;
  • result:
    • data:
      • Varies according to each different module;
      • Please refer to the next section for details on each module type.
{
  "origin": {
    "client_id": "string",
    "job_id": "string",
    "country": "string",
    "type": "string",
    "module": "string",
    "ts": "int",
    "ip": "string",
    "port": "int"
  },
  "target": {
    "ip": "ip",
    "port": "int",
    "protocol": "string"
  },
  "result": {
    "data": {}  
  }
}

Modules

Below are all the modules available for scanning on the platform. All modules support hostnames, IPv4 addresses and IPv6 addresses. These modules are the same modules that feed our Host database.

Service Identification

service-simple

The Service-Simple module attempts to connect to a remote server and identify service / product information by sending various payloads and analysing how the server responds. This module is much faster than the service module, since it doesn't perform any more actions than this. For more details, use the _service_module.

See More Info

service

The Service module attempts to connect to a remote server and identify service / product information by sending various payloads and analysing how the server responds as well as extract other available service information such as headers or hostnames if available. For simple service identification, consider using the faster service-simple module.

See More Info

Remote Desktop

rdp

The RDP module attempts to connect to a RDP server and take a screenshot of the display as well as extract the security level used, if any.

See More Info

vnc

The VNC module attempts to connect to a VNC server and take a screenshot of the display as well as extract relevant information.

See More Info

x11

The X11 module attempts to connect to a X11 server and take a screenshot of the display as well as extract relevant information.

See More Info

bluekeep

The Bluekeep module attempts to determine if an RDP server is vulnerable to the Bluekeep vulnerability.

See More Info

Databases

cassandra

The Cassandra module attempts to connect to a Cassandra server via client driver connection and extract cluster metadata as well as a list of keyspaces and respective tables.

See More Info

elasticsearch

The Elasticsearch module attempts to connect to an Elasticsearch server via REST API and extract cluster metadata and stats as well as a list of indices.

See More Info

memcached

The Memcached module attempts to connect to a Memcached server via client driver connection and extract server stats.

See More Info

mongodb

The MongoDB module attempts to connect to a MongoDB server via client driver connection and extract server metadata as well as a list of databases and respective collections.

See More Info

redis

The Redis module attempts to connect to a Redis server via client driver connection and extract server metadata.

See More Info

Message Queues

mqtt

The MQTT module attempts to connect to a MQTT server and extract a few seconds of passing messages to determine active topics.

See More Info

HTTP / Web

http / https

The HTTP/HTTPS modules attempt to connect to an HTTP server and extract HTTP headers, redirects, page title and HTML source code.

See More Info

web

The Web module attempts to connect to an HTTP server and extract the web technologies being used, as well as headers, source code and take a screenshot of the web page.

See More Info

Protocols

ssl-simple

The SSL-Simple module attempts to connect to an SSL-wrapped server and extract (and parse) certificate chains. Recommended if you are only interested in certificates, since it is much faster than the sslv2 module as it doesn't need to do any additional testing.

See More Info

sslv2

The SSLv2 module attempts to connect to an SSL-wrapped server and extract (and parse) certificate chains, ciphers and vulnerabilities. It is an upgraded version of the ssl module, and includes extra updates and features not available previously.

See More Info

Services

rsync

The RSYNC module attempts to connect to an RSYNC server anonymously and list the available modules (list the contents at the root directory).

See More Info

ssh

The SSH module attempts to connect to a SSH server and extract all the algorithms supported by the server.

See More Info

telnet

The Telnet module attempts to connect to a server by opening a connection and extracting the initial payload, if any.

See More Info

Containers

kubernetes

The Kubernetes module attempts to connect to a Kubernetes server via REST API and extract a list of pods and their respective metadata.

See More Info