Skip to main content

SHODAN - Internet of Things

Shodan is one of best things ever happened to internet!
It's search engine that will search a device that is connected to internet!
So ultimately it's a device search engine!



Shodan allows you to find computers on the web by searching for them by keyword. For example, you can search for all the Microsoft IIS 7.0 servers in Canada, or all the systems using Linux in Africa.

It uses keywords to get better results, yes exactly like google keywords!
The trick to using Shodan effectively is to know the right keywords. Usually they are the manufacturer’s name, or a device model number, but sometimes they are the name of a very obscure embedded web server that you would never think to look for.

You can find if your device is publicly connected to Internet!
The Device could be Smart Refrigerator, Smart TV, CCTV Camera , Automated Doors, Aquariums , etc.

You can use Shodan by opening ShodanHQ.com or Shodan.io  ...
These both links lead to shodan.io.

You can do common searches without an account, but for using keywords and advanced searches, you need to create a Shodan Account.  
This is what SHODAN's homepage looks like!












Then all you need to do is enter your keyword to use and click, search just as you would on any
search engine.
So if we wanted to search Cicso routers we could just type in “Cisco” and click, “search”:





 








It found over 1.8 Million Cisco Routers!
You can click on any IP address to surf directly to the device found.

On the left side of the screen, Shodan also shows you how many of the total devices are from a certain country or location. You can click on any of them to zero in your search, or you could use keyword filters directly in the search to fine tune the results.


Using Filter commands you can quickly narrow down your searches to very specific things.



Keywords

To use these keywords and get results of more than one page, you need to sign up for a free Shodan Account !

The city and country commands allows you to narrow down your searches, in geographic aspect!

country:(2 letter country code)
city:name of city

Example- country:IN
                city:Mumbai














Scan an entire domain with the hostname command.

hostname:(hostname)

Example- hostname:google
                hostname:microsoft












You can use part of fully qualified domain name , like google or entire site like:
www.microsoft.com or support.microsoft.com 

Scan a single IP or a whole net block range using the net command.
Example- net:157.192.1.5
                net:157.192.1.0/25 


You can also search for items using the Title command:
Example- title:Server Room
                title:CCTV





 





Combined Searches

The most effective Shodan searches are completed by combining search terms. With a few keywords
you could search for all of the Microsoft servers running IIS/7.0 at your Boston location.
IIS/7.0 hostname:YourCompany.com city:Boston



Or you could do a quick security scan of your domain for old systems that need to be updated. 

For example any IIS/5.0 systems located anywhere on your domain in Canada
IIS/5.0 hostname:YourCompany.com country:CA



Other search terms you can use include:
 

● Port: Search by port number.
● OS: Search by Operating System.
● After or Before: Search for servers using dates.


Shodan is called "Internet of things" 
And now you might have understood , why it's so!
It might be interesting to see your office's CCTV camera online!
So, go for Shodan! If you find something really interesting on Shodan, share it with us in comments!
If you have any ideas, that I should write about, Please share in comments!



THANKS FOR READING THE POST!

STAY TUNED FOR MORE!

We will be back soon with more articles 

Till then...

Follow me on Instagram 

There you will find some awesome programming memes!





Comments

Resources

Popular posts from this blog

WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!

OBFUSCATION - A very important part of closed source programming! That helps in security of apps, websites,softwares, etc. We'll mention about obfuscating code of different languages, if we're missing something, that you were expecting, tell in comments, I'll add that one! But first of all,what is obfuscation? Dictionary meaning of obfuscation is , the action of making something obscure, unclear, or unintelligible. It's so similar in programming too, so in programming,   It's simply conversion of a code in a computer language into some secret unreadable, non-understandable code! That could be understood by only compiler or the machine you are running on! Why obfuscation? It's too easy to decompile C# or Java code, and it could allow goons to read all the code of a program, and then he/she may copy it or even harm the organization! So, most of languages have a compiler that converts your raw code into Byte Code , that either converts it into non...

INSTALLING ALL KALI LINUX TOOLS ON OTHER LINUX OS

Whenever it comes to Penetration and Security Testing , KALI LINUX is considered one of best ever penetration testing Operating System. As It have hundreds of security testing tools. However there are some disadvantages of Kali. Like, you can use STEAM OS as your Linux Preference, You may use Ubuntu as beginner, but they don't have those all tools that are present in Kali. So here I want to introduce a tool that can install all Kali Linux tools in your Linux OS (obviously, other then kali) . It's KATOOLIN  , It's a Python-Based Tool , available on GITHUB, CLICK HERE. OR Directly Clone it into your system from terminal by copying following line: git clone https://github.com/LionSec/katoolin.git So now you have Katoolin installed. Next step is to make it executable. Do it by copying following command to your Terminal chmod +x /usr/bin/katoolin usr/bin/katoolin is location where katoolin script is saved. Next, run katoolin by simply typing katoolin in T...

SPY CCTV CAMERAS USING GOOGLE DORKS

Hey Welcome Back, Guys!! My exams are going on so I'm irregular nowadays , I got some time to write the followings. Google Dorks one of most easy, fun and powerful hacking techniques, online. On Internet, Websites are not only to be hacked, Websites are just part of Internet. There are many other products like Refrigerator, CCTV Cameras, Automated Doors, Televisions, Power Plants, etc. that are connected to Internet, and some of them could be accessed through google. So, right now we will be discussing about CCTV Cameras. Following are some Google Keyword Searches that you can simply type in into Google Search Box and find your CCTV live! * inurl:”CgiStart?page=” * inurl:/view.shtml * intitle:”Live View / – AXIS * inurl:view/view.shtml * inurl:ViewerFrame?Mode= * inurl:ViewerFrame?Mode=Refresh * inurl:axis-cgi/jpg * inurl:axis-cgi/mjpg (motion-JPEG) (disconnected) * inurl:view/indexFrame.shtml * inurl:view/index.shtml * inurl:view/view.shtml * liveapplet ...