From ed71804aa87837176f094d65135686c67f88d397 Mon Sep 17 00:00:00 2001
From: Youssef Mohammed <youssef.2012.0@gmail.com>
Date: Thu, 10 Feb 2022 13:38:01 +0200
Subject: [PATCH] Updated Censys Analyzer for latest API

Censys has deprecated APIv1, so the current Censys analyzer isn't working,
here I have updated it to make sure it works using latest API package,
(I only tested IP enrichment and I made sure it works and produces taxonomies, but not the rest)
---
 analyzers/Censys/censys_analyzer.py | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/analyzers/Censys/censys_analyzer.py b/analyzers/Censys/censys_analyzer.py
index 0e506e1ec..d31dee9ef 100755
--- a/analyzers/Censys/censys_analyzer.py
+++ b/analyzers/Censys/censys_analyzer.py
@@ -1,9 +1,7 @@
 #!/usr/bin/env python3
 from cortexutils.analyzer import Analyzer
-from censys.certificates import CensysCertificates
-from censys.ipv4 import CensysIPv4
-from censys.websites import CensysWebsites
-from censys.exceptions import (
+from censys.search import CensysHosts
+from censys.common.exceptions import (
     CensysNotFoundException,
     CensysRateLimitExceededException,
     CensysUnauthorizedException,
@@ -45,8 +43,8 @@ def search_hosts(self, ip):
         :type ip: str
         :return: dict
         """
-        c = CensysIPv4(api_id=self.__uid, api_secret=self.__api_key)
-        return c.view(ip)
+        c = CensysHosts(api_id=self.__uid, api_secret=self.__api_key)
+        return c.search("ip: " + ip, per_page=1, pages=1)()[0]
 
     def search_certificate(self, hash):
         """
@@ -56,8 +54,8 @@ def search_certificate(self, hash):
         :type hash: str
         :return: dict
         """
-        c = CensysCertificates(api_id=self.__uid, api_secret=self.__api_key)
-        return c.view(hash)
+        c = CensysHosts(api_id=self.__uid, api_secret=self.__api_key)
+        return c.search("certificate: " + hash, per_page=1, pages=1)()[0]
 
     def search_website(self, dom):
         """
@@ -66,8 +64,8 @@ def search_website(self, dom):
         :type dom: str
         :return: dict
         """
-        c = CensysWebsites(api_id=self.__uid, api_secret=self.__api_key)
-        return c.view(dom)
+        c = CensyshOSTs(api_id=self.__uid, api_secret=self.__api_key)
+        return c.search("dns.name: " + dom, per_page=1, pages=1)()[0]
 
     def search_ipv4(self, search):
         """
@@ -76,8 +74,8 @@ def search_ipv4(self, search):
         :type search: str
         :return: dict
         """
-        c = CensysIPv4(api_id=self.__uid, api_secret=self.__api_key)
-        return [x for x in c.search(search, fields=self.__fields,  max_records=self.__max_records, flatten=self.__flatten)]
+        c = CensysHosts(api_id=self.__uid, api_secret=self.__api_key)
+        return [x for x in c.search("ip: " + search, per_page=1, pages=1)()[0]]
 
     def run(self):
         try:
@@ -114,7 +112,8 @@ def summary(self, raw):
         taxonomies = []
         if 'ip' in raw:
             raw = raw['ip']
-            service_count = len(raw.get('protocols', []))
+            service_count = len(raw.get('services', []))
+            print(service_count)
             heartbleed = raw.get('443', {}).get('https', {}).get('heartbleed', {}).get('heartbleed_vulnerable', False)
             taxonomies.append(self.build_taxonomy('info', 'Censys', 'OpenServices', service_count))
             if heartbleed: