How To Use Shodan Search Engine for Hacking

How to use Shodan Search Engine

Today's post is all About Shodan The Hackers Search engine, in this post am going explain what is Shodan and how to use it, along with how Shodan works and how Hackers use this search engine for hacking

What is Shodan?

Shodan is a Search engine for internet connected devices, and it is founded by John Matherly in 2009, unlike Google & Bing, Shodan's purpose is to discover the devices that are connected to the internet,

How to use Shodan


Why Shodan is a Favorite Search Engine for Hackers?

As I told you, Shodan is a Search engine For internet-connected devices, it crawls the internet effectively for discovering the devices that are connected to the internet not only that it has the feature of Detecting the Operating System the device is running on also it can detect the software versions, tests for vulnerabilities, default passwords and so on,

You might be thinking what happens if Hackers Use Shodan

Sometimes Hackers run out of targets and they don't have enough time to make use of google dorks, then, in that case, they use Shodan for finding vulnerable devices for exploiting them

Not only that Shodan is also useful for OSINT and it is widely used by Security Professionals, Pentesters and Cyber Criminals

still, have a question how shodan is used to find devices?

Shodan Uses Different types of crawlers plus it has a large number of Port Scanners, thus Shodan Scans those ports for discovering the devices connected to the internet

(Those devices not only Computers, it's even more including Routers, Smartphones, Webcams, Industrial Switching machines and so on)

How to use shodan search engine

Getting started with Shodan

Shodan is available as Web interface and Command-line interface, so you can use Shodan in Kali Linux too, there is a Shodan Auxiliary for Metasploit Framework also there are Chrome and Firefox browser extensions as well.

Let's See how to get started with Shodan

Creating Account

In order to use Shodan, you must have a Shodan account, there are two types of accounts free and paid, a free account is enough to get started but if you need more results then you can upgrade to paid
To create an account just goto shodan.io and click on Login/Register

Register there, by filling the required info

After Registration, confirm your account, then you're ready to get started with Shodan

Using Search results

After creating your account you can get started by clicking on Explore Button, or you can make use of Search box to start hunting for targets

Explore Shodan


In the Search Box, you can search for Default Password, Routers, Computers, RDPs, Web Cams, GPS devices and so on, Just Head over to the Popular Categories Section you will be amazed to see the IoT devices with their vulnerabilities

It has Several Options to go with, you can get results on a specific target, Country, Products, Software versions and so on

Also, it has Port Specific searches,
Let me explain more about how you get most of the search features

Let's Go through the way of Cyber Criminals

Suppose if you want to Search targets In the United States looking for webcams then you should type
webcams Country: "US"


Discover webcams using Shodan


It will return you the vulnerable webcams in the United States, now you can pick any of the available targets then if there is a possibility to gain access to the webcams then you should go with

Not only this there are a lot of Search Filters to use, below section is about How to use Advanced Search Filters in Shodan

Advanced filters

These Search filters help us to quickly browse the targets that we need to enter, as I told you earlier we can target a specific country, specific Software or Product

Here are the most used Filters

Basic filters:

City: The ‘city’ filter is used to find devices that are located in that particular city.
Eg: city:New York

Country: The ‘country’ filter is used devices running in that particular country.

Eg: country: United States

Port: The ‘port’ filter narrows the search by searching for specified ports.
Eg. https port:443

Os: The ‘os’ filter is used to find specific operating systems.
Eg: microsoft-iis os:"windows 2003"

Geo: The ‘geo’ filter according to certain longitudes and latitudes that are within a given radius.

Only 2 3 parameters are allowed and 3 parameter by default is the radius which is 5 km.

Eg: apache geo:42.9693,-74.1224

Net: The ‘net’ filter is used to find devices according to certain IP address and subnet mask
Eg: iis net:216.0.0.0/16

Hostname: The ‘hostname’ filter always searches host containing a particular hostname.
Eg: Akamai hostname:.com

After and Before: The ‘after’ and ‘before’ filter helps you to devices after and before a
particular date. The format allowed is
dd/mm/yyyy dd-mm-yy
Eg: apache before:1/01/2014
nginx after:1/01/2014

Note: Most of the filters will work when you are logged in.

Shodan Maps:

Shodan provides visual data on Maps, you can apply the search filters on Maps to get the results on Maps

Check out more on Shodan Maps

Shodan Exploits

Shodan Officially said they Shodan Exploits collects vulnerabilities and exploits from CVE, Exploit DB and
Metasploit to make it searchable via the web interface

They also said that the search filters available for Exploits are different than the rest of Shodan, though an
attempt was made to keep them similar when possible.

Over to you, hope you got some basic knowledge on how to use shodan for hacking

Creating Reports

Hope you have learnt how to use shodan website with advanced search filters

You can request Reports on different types of vulnerable devices, technologies, organizations and many more

Here is a simple report on Heart Bleed SSL

Conclusion

Shodan is a Dangerous Search Engine, although using shodan is legal still you will be thrown to jail if you attack the targets for any purpose

The final thing is there is also Shodan Maltegoe Add-on, if you're looking for how to use shodan in Kali Linux then good news for you, there is an official Shodan Python library available

Thanks for Reding this post, Use Shodan for the educational purpose and Happy Hacking

Post a Comment

0 Comments