HIGH: Accessible PostgreSQL Server Report

DESCRIPTION LAST UPDATED: 2023-12-18

DEFAULT SEVERITY LEVEL: HIGH

Introduction

This report identifies accessible PostgreSQL server instances on port 5432/TCP.

How we scan 

We scan using the zgrab2 postgres scanning module:

https://github.com/zmap/zgrab2/blob/master/modules/postgres/scanner.go

We do not perform any intrusive checks to discover the level of access to any databases that is possible.

Aside from all of IPv4 space, we also scan IPv6 based on hitlists.

You can replicate our scan by issuing:

zgrab2 postgres -p 5432

As of 2022-07-11 we find 820,090 PostgreSQL instances on IPv4 and 10,712 on IPv6.

Dashboard

You can track latest Postgres scan results on the Shadowserver Dashboard.

Mitigation

It is unlikely that you need to have your PostgreSQL server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive a report on your network/constituency take action to filter out traffic to your PostreSQL instance. Make sure to implement authentication on the server.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

Filenames: scan_postgres, scan6_postgres

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol of the PostgreSQL response (always TCP)
  • port
    Port that is being queried (5432)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Tag set to "postgres"
  • version
    Version information if any
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • sector
    Sector IP belongs to
  • supported_protocols
    Supported protocols
  • protocol_error_code
    Protocol error code
  • protocol_error_file
    Protocol error file
  • protocol_error_line
    Protocol error line
  • protocol_error_message
    Protocol error message
  • protocol_error_routine
    Protocol error routine
  • protocol_error_severity
    Protocol error severity
  • protocol_error_severity_v
    Protocol error severity
  • startup_error_code
    Startup error code
  • startup_error_file
    Startup error file
  • startup_error_line
    Startup error line
  • startup_error_message
    Startup error message
  • startup_error_routine
    Startup error routine
  • startup_error_severity
    Startup error severity
  • startup_error_severity_v
    Startup error severity
  • client_ssl
    Supports SSL (Y/N)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires
  • sha1_fingerprint
    SHA1 fingerprint of certificate
  • cert_serial_number
    Certificate serial number
  • ssl_version
    SSL/TLS version
  • signature_algorithm
    Signature algorithm used
  • key_algorithm
    Key algorithm used
  • subject_organization_name
    The subject organization name (ON) of the certificate
  • subject_organization_unit_name
    The organization unit name of the subject of the certificate
  • subject_country
    The country of the subject of the certificate
  • subject_state_or_province_name
    The state or province name of the subject of the certificate
  • subject_locality_name
    The locality name of the subject of the certificate
  • subject_street_address
    The street address of the subject of the certificate
  • subject_postal_code
    The postal code of the subject of the certificate
  • subject_surname
    The surname of the subject of the certificate
  • subject_given_name
    The given name of the subject of the certificate
  • subject_email_address
    The e-mail address of the subject of the certificate
  • subject_business_category
    The business category of the subject of the certificate
  • subject_serial_number
    Serial number of the subject of the certificate
  • issuer_organization_name
    Issuing organization name
  • issuer_organization_unit_name
    Issuing organization unit name
  • issuer_country
    Country of issuer
  • issuer_state_or_province_name
    State or province of issuer
  • issuer_locality_name
    Locality of issuer
  • issuer_street_address
    Street address of issuer
  • issuer_postal_code
    Postal code of issuer
  • issuer_surname
    Surname of issuer
  • issuer_given_name
    Given name of issuer
  • issuer_email_address
    Email address of issuer
  • issuer_business_category
    Business category of issuer
  • issuer_serial_number
    Serial number of issuer
  • sha256_fingerprint
    SHA256 fingerprint of certificate
  • sha512_fingerprint
    SHA512 fingerprint of the certificate
  • md5_fingerprint
    MD5 fingerprint of certificate
  • cert_valid
    Is the certificate valid (Y/N)?
  • self_signed
    Is the certificate self-signed (Y/N)?
  • cert_expired
    Whether the cert has expired (Y/N)
  • validation_level
    Certificate validation level, e.g. DV, OV, EV
  • browser_trusted
    Browser trusted certificate (Y/N)?
  • browser_error
    Browser certificate errors encountered when scanning
  • raw_cert
    Copy of raw certificate
  • raw_cert_chain
    Copy of raw certificate chain

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","hostname_source","sector","supported_protocols","protocol_error_code","protocol_error_file","protocol_error_line","protocol_error_message","protocol_error_routine","protocol_error_severity","protocol_error_severity_v","startup_error_code","startup_error_file","startup_error_line","startup_error_message","startup_error_routine","startup_error_severity","startup_error_severity_v","client_ssl","handshake","cipher_suite","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","ssl_version","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","sha256_fingerprint","sha512_fingerprint","md5_fingerprint","cert_valid","self_signed","cert_expired","validation_level","browser_trusted","browser_error","raw_cert","raw_cert_chain"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,5432,node01.example.com,postgres,,64512,ZZ,Region,City,0,ptr,"Public Administration",1.0-3.0,0A000,postmaster.c,1994,"unsupported frontend protocol 255.255: server supports 1.0 to 3.0",ProcessStartupPacket,FATAL,,28000,postmaster.c,2110,"no PostgreSQL user name specified in startup packet",ProcessStartupPacket,FATAL,,N,,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,,,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,,Y,,,,,
"2010-02-10 00:00:01",high,192.168.0.2,tcp,5432,node02.example.com,postgres,,64512,ZZ,Region,City,0,ptr,"Communications, Service Provider, and Hosting Service",3.0-3.0,0A000,postmaster.c,2138,"unsupported frontend protocol 255.255: server supports 3.0 to 3.0",ProcessStartupPacket,FATAL,FATAL,28000,postmaster.c,2263,"no PostgreSQL user name specified in startup packet",ProcessStartupPacket,FATAL,FATAL,N,,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,,,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,,Y,,,,,
"2010-02-10 00:00:02",high,192.168.0.3,tcp,5432,node03.example.com,postgres,,64512,ZZ,Region,City,0,,"Communications, Service Provider, and Hosting Service",3.0-3.0,0A000,postmaster.c,2139,"unsupported frontend protocol 255.255: server supports 3.0 to 3.0",ProcessStartupPacket,FATAL,FATAL,28000,postmaster.c,2268,"no PostgreSQL user name specified in startup packet",ProcessStartupPacket,FATAL,FATAL,N,,TLS_AES_256_GCM_SHA384,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,,,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,,Y,,,,,

Our 124 Report Types