For Agents
Search internet-wide host and certificate data, look up specific IPs and TLS fingerprints, and aggregate exposure metrics for security and reconnaissance workflows.
Get started with Censys Search API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"search internet hosts by IP or service"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Censys Search API API.
Search Censys host index by structured query and paginate through matching IPs
Retrieve full service banners and metadata for a specific host by IP address
Diff a host's exposed services between two timestamps to detect new ports or software changes
Look up X.509 certificates by SHA-256 fingerprint and inspect chain and validity data
GET STARTED
Use for: I need to look up which services are exposed on a specific IP address, Search for hosts running a particular software version across the internet, Find all certificates issued to a given organization name, Check whether a host has gained any new open ports in the last week
Not supported: Does not perform active port scanning, vulnerability exploitation, or malware analysis — use for querying Censys's pre-collected host and certificate index only.
Jentic publishes the only available OpenAPI document for Censys Search API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Censys Search API, keeping it validated and agent-ready. Censys Search API provides programmatic access to a continuously updated index of internet-facing hosts, services, and X.509 certificates. Agents can query hosts by IP, search across the global host dataset with structured queries, aggregate results, diff host state over time, and look up TLS certificates by SHA-256 fingerprint. The API is designed for attack-surface discovery, threat research, and infrastructure auditing rather than active scanning.
Aggregate host or certificate fields to count distributions across the dataset
Resolve all forward and reverse DNS names associated with a host
Read account quota and credits remaining for the current API ID
Patterns agents use Censys Search API API for, with concrete tasks.
★ Attack Surface Discovery
Map the externally exposed assets belonging to an organization by querying Censys for hosts that present the company's certificates, autonomous systems, or domain names. The /v2/hosts/search endpoint returns matching IPs with full service banners, and /v2/hosts/aggregate breaks the result down by port, software, or geography. Useful for security teams who need a continuously updated inventory of internet-facing infrastructure without running their own scanners.
Search /v2/hosts/search for hosts whose certificate names match acme.com, then aggregate results by service.service_name to produce a port distribution
Certificate Transparency Lookup
Investigate a TLS certificate by its SHA-256 fingerprint to retrieve issuer, validity period, subject names, and the chain of trust. The /v2/certificates/{fingerprint} endpoint returns parsed certificate fields, and /v2/certificates/search lets analysts find every certificate matching a given SAN or issuer. Used during phishing investigations, supply-chain incident response, and CT log triage.
Call GET /v2/certificates/{fingerprint} for a suspicious certificate hash and extract the parsed.subject.common_name and parsed.validity fields
Host Change Monitoring
Detect when an internet-facing host has changed by comparing two snapshots of its services. The /v2/hosts/{ip}/diff endpoint returns the exact services, ports, and banners that were added, removed, or modified between observations. Security operations teams use this to flag rogue listeners, unexpected software upgrades, or signs of compromise on monitored infrastructure.
Call GET /v2/hosts/{ip}/diff with at_time set to seven days ago and report any services added since
AI Agent Threat Triage via Jentic
An incident response agent receives an alert containing an IP address or certificate hash and needs structured context fast. Through Jentic, the agent searches for an operation by intent, loads the Censys input schema, and calls /v2/hosts/{ip} or /v2/certificates/{fingerprint} with credentials drawn from the Jentic vault. The agent returns parsed service and certificate data without the developer hand-coding HTTP basic auth or response parsing.
Use Jentic to search 'look up host details for an IP', load the censys host operation, and call it for IP 8.8.8.8 returning the services list
10 endpoints — jentic publishes the only available openapi specification for censys search api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/v2/hosts/search
Search the host index by query
/v2/hosts/{ip}
View a single host by IP
/v2/hosts/{ip}/diff
Diff a host between two snapshots
/v2/hosts/aggregate
Aggregate host fields across results
/v2/certificates/{fingerprint}
View a certificate by SHA-256 fingerprint
/v2/certificates/search
Search certificates by query
/v1/account
Read account quota and credits
/v2/hosts/search
Search the host index by query
/v2/hosts/{ip}
View a single host by IP
/v2/hosts/{ip}/diff
Diff a host between two snapshots
/v2/hosts/aggregate
Aggregate host fields across results
/v2/certificates/{fingerprint}
View a certificate by SHA-256 fingerprint
Three things that make agents converge on Jentic-routed access.
Credential isolation
Censys API ID and API Secret are stored encrypted in the Jentic vault and injected into the HTTP Basic header at execution time. Agents receive scoped access only — the raw credentials never enter the agent's context window or prompt history.
Intent-based discovery
Agents search Jentic by intent (e.g., 'look up a host by IP' or 'search certificates by issuer') and Jentic returns the matching Censys operation with its input schema, so the agent calls the right endpoint without scraping documentation.
Time to first call
Direct Censys integration: half a day to wire HTTP Basic auth, paginate hits, and parse the nested service banner structure. Through Jentic: under 30 minutes — search, load schema, execute.
Alternatives and complements available in the Jentic catalogue.
Shodan API
Internet-wide host search engine with similar coverage of exposed services and banners
Choose Shodan when you need exploit and CVE tagging on hosts or richer historical scan data; choose Censys for stronger certificate and structured query support
MISP API
Open-source threat intelligence platform for sharing IOCs and event data
Use alongside Censys to correlate an IP or certificate fingerprint against shared IOC feeds after Censys returns the exposed services
AbuseIPDB API
Community-reported abuse and confidence scores for IP addresses
Pair with Censys host lookups to add an abuse confidence score to any IP returned by /v2/hosts/{ip}
Specific to using Censys Search API API through Jentic.
Why is there no official OpenAPI spec for Censys Search API?
Censys does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call Censys Search API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Censys Search API use?
The API uses HTTP Basic authentication where the username is your Censys API ID and the password is your API Secret, both issued from the Censys account console. Through Jentic, these credentials live in the Jentic vault and are injected at execution time so the API ID and Secret never enter the agent's prompt or context.
Can I search for all hosts running a specific software version with the Censys Search API?
Yes. Call GET /v2/hosts/search with a structured query such as services.software.product:"nginx" and services.software.version:"1.18.0". The response includes paginated hits with full service banners, and you can pass the same query to /v2/hosts/aggregate to see counts grouped by any field.
What are the rate limits for the Censys Search API?
Censys enforces per-account quotas measured in queries per month rather than fixed requests per second; the exact ceiling depends on the plan attached to your API ID. Call GET /v1/account to read your remaining credits and quota reset date before scheduling large aggregations.
How do I look up a certificate by fingerprint with the Censys Search API through Jentic?
Search Jentic for 'look up a tls certificate by fingerprint', load the operation backed by GET /v2/certificates/{fingerprint}, and execute it with the SHA-256 hash. Jentic returns the parsed certificate including issuer, validity, and subject alternative names without any manual HTTP basic auth setup.
Does the Censys Search API let me detect when a host changes?
Yes. GET /v2/hosts/{ip}/diff compares two snapshots of a host and returns the services, ports, and banners that were added, removed, or modified between them. This is the supported way to monitor internet-facing infrastructure for new listeners or software upgrades without polling the full host record.
/v2/certificates/search
Search certificates by query
/v1/account
Read account quota and credits