319 Works

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Mattijs Jonker

Provider Net Abuse Leaderboard

External Data Source
This feed is filterable by Rank, Host ASN, Network, Days Unresolved, Insidents Reported, Last Reported: Rank– Rank of UNRESOLVED ISP ABUSE LEADERBOARD Host ASN- unique number that's available globally to identify an autonomous system Network – Network in which attack took place Day Unresolved – amount of days issue was unresolved Insidents Reported –amount of insidents reported Last Reported- Date issue was last reported ;

Reverse DNS (RDNS) -- 2013-2017 (2013-01-01 to 1905-07-09)

External Data Source
This dataset includes the responses to the IPv4 PTR lookups for all non-blacklisted/private IPv4 addresses. Please note that effective February 2017, this study has been deprecated in favor of https://opendata.rapid7.com/sonar.rdns_v2/ ; research@rapid7.com

Captured File Feed

External Data Source
Captured file feed contains a log of our reports and status of the issue reported. This feed is filterable by File MD5, File Mine Type, Captured Type, Associated URL, File Size, Captured Time. Fields: File MD5– Contains the Identification ID. File Mine Type- identifying files on the Internet according to their nature and format Captured Type – extracted or uploaded Associated URL – Specific URL assocaited with attack File Size –size of file of captured...

National Exposure Scans

External Data Source
The dataset represents the raw data collected that was used in the production of Rapid7's 2016-2018 National Exposure report (https://github.com/rapid7/data/tree/master/national-exposure). Each file here contains the IPv4 addresses that responded positively to a particular TCP or UDP probe used in that respective year's analysis. ; research@rapid7.com

Provider Web Abuse Leaderboard

External Data Source
This feed is filterable by Rank, Host ASN, Network, Days Unresolved, Insidents Reported, Last Reported: Rank– Rank of UNRESOLVED ISP ABUSE LEADERBOARD Host ASN- unique number that's available globally to identify an autonomous system Network – Network in which attack took place Day Unresolved – amount of days issue was unresolved Insidents Reported –amount of insidents reported Last Reported- Date issue was last reported ;

IP Web Abuse Leaderboard

External Data Source
This feed is filterable by Rank, Days Unresolved, Insidents Reported, Attacker IP, Network, Reported Emails, Last Calculated: Rank– Rank of IP web Abuse Days Unresolved- number of days unresolved Insidents Reported –amount of insidents reported Attacker IP- Specific IP of abuse attcker ;

BOT NETWORK FEED

External Data Source
This feed is filterable by Rank, Host ASN, Network, Days Unresolved, Insidents Reported, Last Reported: Rank– Rank of UNRESOLVED ISP ABUSE LEADERBOARD Host ASN- unique number that's available globally to identify an autonomous system Network – Network in which attack took place Day Unresolved – amount of days issue was unresolved Insidents Reported –amount of insidents reported Last Reported- Date issue was last reported ;

IP Net Abuse Leaderboard

External Data Source
This feed is filterable by Rank, Host ASN, Network, Days Unresolved, Insidents Reported, Last Reported: Rank– Rank of UNRESOLVED ISP ABUSE LEADERBOARD Host ASN- unique number that's available globally to identify an autonomous system Network – Network in which attack took place Day Unresolved – amount of days issue was unresolved Insidents Reported –amount of insidents reported Last Reported- Date issue was last reported ;

IPv4 HTTP Scans

External Data Source
This dataset contains scanning data from Project 25499. The files are in pairs, one contains the raw output from ZMap and the second conains JSON objects with any collected data ; questons@project25499.com

Scan for AXFR DNS replies

External Data Source
AXFR is a feature of DNS that is usually not meant to be publicly accessible. However a large number of DNS servers answer to AXFR requests, most of them probably due to misconfiguration. ; hanno@hboeck.de

Security Challenges in an Increasingly Tangled Web Crawls (2016-10-05 to 2016-07-10)

External Data Source
Crawl of the Alexa Top Million domains from October 5-7, 2016 using ZBrowse, a headless Chrome browser instrumented to track object dependencies. The dataset contains one JSON blob per website, and presents the dependencies loaded by the website in a tree structure. ; team@censys.io

More SSL Certificates (non-443)

External Data Source
The dataset contains a collection of metadata related to the net new X.509 certificates observed in each study when considering all SSL studies that ran prior. The _hosts and _endpoints files provide mapping between the IPs/endpoints and the fingerprint of the X.509 certificate presented. The _certs file provides a mapping of the net new certificates from a given study and the corresponding fingerprint. The _names file provides a mapping of the X.509 certificate name (CN)...

HTTP GET Responses

External Data Source
Ths dataset contains the responses to HTTP/1.1 GET requests performed against a variety of IPv4 public HTTP endpoints ; research@rapid7.com

Forward DNS (FDNS) -- ANY 2014-2017 (2014-01-01 to 1905-07-09)

External Data Source
This dataset contains the responses to DNS 'ANY' requests for all forward DNS names known by Rapid7's Project Sonar. The file is a GZIP compressed file containing the name, type, value and timestamp of any returned records for a given name in JSON format. Please note that effective February 2017, this study has been deprecated in favor of https://opendata.rapid7.com/sonar.fdns_v2/ ; research@rapid7.com

SSL Certificates

External Data Source
The dataset contains a collection of metadata related to the net new X.509 certificates observed in each study when considering all SSL studies that ran prior. The _hosts and _endpoints files provide mapping between the IPs/endpoints and the fingerprint of the X.509 certificate presented. The _certs file provides a mapping of the net new certificates from a given study and the corresponding fingerprint. The _names file provides a mapping of the X.509 certificate name (CN)...

Popular Website Crawl

External Data Source
This dataset is a set of HAR files resulting from the crawl of of 35,000 popular Web sites. The list of Web sites was provided by SimilarWeb (similar to Alexa rank). Each of the 35,000 Web sites has been visited 5 times using Google Chrome, and, for each visit, we built the corresponding HAR file (see spec. at http://www.softwareishard.com/blog/har-12-spec/), containing details of all the HTTP transactions performed to render the page. The dataset is divided...

Forward DNS (FDNS)

External Data Source
This dataset contains the responses to DNS requests for all forward DNS names known by Rapid7's Project Sonar. Until early November 2017, all of these were for the 'ANY' record with a fallback A and AAAA request if neccessary. After that, the ANY study represents only the responses to ANY requests, and dedicated studies were created for the A, AAAA, CNAME and TXT record lookups with appropriately named files. The file is a GZIP compressed...

HTTPS GET Responses

External Data Source
This study performs an HTTP/1.1 GET after establishing an SSL/TLS connection to HTTPS endpoints. If a valid hostname is found in the SSL certificate CN, that value is used as the HTTP/1.1 Host header, otherwise the IPv4 address is used ; research@rapid7.com

Hurricane Sandy ZMap Scans (2012-10-12 to 2013-08-01)

External Data Source
The dataset is composed the ZMap CSV output of full TCP SYN scans of the IPv4 address against port 443. All files contain the following fields: response, saddr, daddr, sport, dport, in_cooldown, timestamp. The output contains any TCP SYN-ACK or TCP RST responses. We acknowledge that there are several hours that are missing from the dataset. ; zmap-team@umich.edu

Heartbleed Vulnerability

External Data Source
This dataset is composed of five scan collections: https-full, https-samples, https-alexa, smtp-alexa, and smtp-samples, and PCAPs of the attacks we observed at an Amazon EC2 honeypot. The scan files contain parsed TLS handshakes as well as heartbeat support and heartbleed vulnerability status. All files are in JSON format; an example record can be seen in sample.json. Our scan methodology is described in detail in the study listed above. The banner grab tool we used for...

Zonefile Database

External Data Source
A sqlite3 database of Zonefiles compiled from publicly available sources, that is updated once per month. Concept: - Take the work accomplished by Hanno Böck, and allow it to be queried in meaningful ways - Allow for the addition of new zonefiles - Make this dataset publicly available - Raise general awareness on the inherit risk of allowing for Zonefile Transfers Current Statistics: - Number of Resource Records: 59,157,877 - Domains scanned thus far: 6,853,165...

SNI Proxy ZMap Scans

External Data Source
zmap.sniproxy.20161024.csv.xz contains the ZMap CSV output of full TCP SYN scans of the IPv4 address against port 443, and contains the following fields: saddr, saddr_raw, daddr, daddr_raw, ipid,ttl, sport, dport, seqnum, acknum, window, classification, success, repeat, cooldown, timestamp_str, timestamp_ts, timestamp_us. scan-sniproxy.20161024.csv.xz contains the CSV output of a custom scan-sniproxy program, which connects to a TLS server using a specific SNI value and records a hash of the certificate returned by the server and any validation...

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

External Data Source
With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore, we discovered over 70,000 HTTPS servers using random nonces, which puts...

TCP Scans

External Data Source
The dataset contains regular snapshots of the responses to zmap probes against common TCP services ; research@rapid7.com

Registration Year

  • 2018
    319

Resource Types

  • Dataset
    319