HIGH: Open Redis Report

DESCRIPTION LAST UPDATED: 2023-12-27

DEFAULT SEVERITY LEVEL: HIGH

This report identifies hosts that have the Redis key-value store running and accessible on the Internet.

See redis.io for more information on Redis. Since this service does not support authentication, any entity that can access the Redis instance can have complete control over the key-value store.

You can track latest Redis exposure on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

Filename: scan_redis

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the Redis response came on (always TCP)
  • port
    Port that the Redis response came from (usually 6379/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be redis
  • version
    Redis version number
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • git_sha1
    Git SHA1 value
  • git_dirty_flag
    Git "dirty" flag
  • build_id
    The redis_build_id
  • mode
    The redis_mode (standalone or clustered)
  • os
    Operating System hosting the Redis server
  • architecture
    The "arch_bits" architecture (32 or 64 bits)
  • multiplexing_api
    Event loop mechanism used by Redis
  • gcc_version
    Version of the GCC compiler used to compile the Redis server
  • process_id
    Process ID (PID) of the running Redis server instance
  • run_id
    Random value identifying the Redis server
  • uptime
    Number of seconds since Redis server start
  • connected_clients
    The number of client connections to the Redis server
  • sector
    Sector the IP belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","hostname_source","git_sha1","git_dirty_flag","build_id","mode","os","architecture","multiplexing_api","gcc_version","process_id","run_id","uptime","connected_clients","sector"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,6379,node01.example.com,redis,7.2.3,64512,ZZ,Region,City,0,ptr,00000000,0,26f7443749f1b9a6,standalone,"Linux 5.4.0-122-generic x86_64",,epoll,12.2.1,1,e188eede10e629718b4650a0ace83b7766b0e4e9,643889,8,
"2010-02-10 00:00:01",high,192.168.0.2,tcp,6379,node02.example.com,redis,7.0.11,64512,ZZ,Region,City,0,ptr,00000000,0,3af367a78d5e21e9,standalone,"Linux 5.19.0-1025-aws x86_64",,epoll,11.3.0,413436,23844e73d07cdd65ca4ed069370278406ee8ea53,8926464,2,"Retail Trade"
"2010-02-10 00:00:02",high,192.168.0.3,tcp,6379,node03.example.com,redis,6.2.10,64512,ZZ,Region,City,0,,00000000,0,8317b5833f3f63c1,standalone,"Linux 5.15.0-56-generic x86_64",,epoll,10.2.1,1,341f56895e4867f1ecef5b7c8cf655e07e38737a,23961641,1,"Communications, Service Provider, and Hosting Service"

Our 128 Report Types