Today's post is all About Shodan The Hackers Search engine, in this post am going explain what is Shodan and how to use it, along with how Shodan works and how Hackers use this search engine for hacking
What is Shodan?
Shodan is a Search engine for internet connected devices, and it is founded by John Matherly in 2009, unlike Google & Bing, Shodan's purpose is to discover the devices that are connected to the internet,
Why Shodan is a Favorite Search Engine for Hackers?
As I told you, Shodan is a Search engine For internet-connected devices, it crawls the internet effectively for discovering the devices that are connected to the internet not only that it has the feature of Detecting the Operating System the device is running on also it can detect the software versions, tests for vulnerabilities, default passwords and so on,
You might be thinking what happens if Hackers Use Shodan
Sometimes Hackers run out of targets and they don't have enough time to make use of google dorks, then, in that case, they use Shodan for finding vulnerable devices for exploiting them
Not only that Shodan is also useful for OSINT and it is widely used by Security Professionals, Pentesters and Cyber Criminals
still, have a question how shodan is used to find devices?
Shodan Uses Different types of crawlers plus it has a large number of Port Scanners, thus Shodan Scans those ports for discovering the devices connected to the internet
(Those devices not only Computers, it's even more including Routers, Smartphones, Webcams, Industrial Switching machines and so on)
How to use shodan search engine
Getting started with Shodan
Shodan is available as Web interface and Command-line interface, so you can use Shodan in Kali Linux too, there is a Shodan Auxiliary for Metasploit Framework also there are Chrome and Firefox browser extensions as well.Let's See how to get started with Shodan
Creating Account
In order to use Shodan, you must have a Shodan account, there are two types of accounts free and paid, a free account is enough to get started but if you need more results then you can upgrade to paidTo create an account just goto shodan.io and click on Login/Register
Register there, by filling the required info
After Registration, confirm your account, then you're ready to get started with Shodan
Using Search results
After creating your account you can get started by clicking on Explore Button, or you can make use of Search box to start hunting for targets
In the Search Box, you can search for Default Password, Routers, Computers, RDPs, Web Cams, GPS devices and so on, Just Head over to the Popular Categories Section you will be amazed to see the IoT devices with their vulnerabilities
It has Several Options to go with, you can get results on a specific target, Country, Products, Software versions and so on
Also, it has Port Specific searches,
Let me explain more about how you get most of the search features
Let's Go through the way of Cyber Criminals
Suppose if you want to Search targets In the United States looking for webcams then you should type
webcams Country: "US"
It will return you the vulnerable webcams in the United States, now you can pick any of the available targets then if there is a possibility to gain access to the webcams then you should go with
Not only this there are a lot of Search Filters to use, below section is about How to use Advanced Search Filters in Shodan
Advanced filters
These Search filters help us to quickly browse the targets that we need to enter, as I told you earlier we can target a specific country, specific Software or ProductHere are the most used Filters
Basic filters:
City: The ‘city’ filter is used to find devices that are located in that particular city.
Eg: city:New York
Country: The ‘country’ filter is used devices running in that particular country.
Eg: country: United States
Port: The ‘port’ filter narrows the search by searching for specified ports.
Eg. https port:443
Os: The ‘os’ filter is used to find specific operating systems.
Eg: microsoft-iis os:"windows 2003"
Geo: The ‘geo’ filter according to certain longitudes and latitudes that are within a given radius.
Only 2 3 parameters are allowed and 3 parameter by default is the radius which is 5 km.
Eg: apache geo:42.9693,-74.1224
Net: The ‘net’ filter is used to find devices according to certain IP address and subnet mask
Eg: iis net:216.0.0.0/16
Hostname: The ‘hostname’ filter always searches host containing a particular hostname.
Eg: Akamai hostname:.com
After and Before: The ‘after’ and ‘before’ filter helps you to devices after and before a
particular date. The format allowed is
dd/mm/yyyy dd-mm-yy
Eg: apache before:1/01/2014
nginx after:1/01/2014
Note: Most of the filters will work when you are logged in.
Shodan Maps:
Shodan provides visual data on Maps, you can apply the search filters on Maps to get the results on MapsCheck out more on Shodan Maps
Shodan Exploits
Shodan Officially said they Shodan Exploits collects vulnerabilities and exploits from CVE, Exploit DB andMetasploit to make it searchable via the web interface
They also said that the search filters available for Exploits are different than the rest of Shodan, though an
attempt was made to keep them similar when possible.
Over to you, hope you got some basic knowledge on how to use shodan for hacking
Creating Reports
Hope you have learnt how to use shodan website with advanced search filtersYou can request Reports on different types of vulnerable devices, technologies, organizations and many more
Here is a simple report on Heart Bleed SSL
Conclusion
Shodan is a Dangerous Search Engine, although using shodan is legal still you will be thrown to jail if you attack the targets for any purposeThe final thing is there is also Shodan Maltegoe Add-on, if you're looking for how to use shodan in Kali Linux then good news for you, there is an official Shodan Python library available
Thanks for Reding this post, Use Shodan for the educational purpose and Happy Hacking