[EN] Shodan - A slightly different search engine

in #search-enigne7 years ago

In the course of digitalization, more and more devices are being connected to the Internet. In the following I would like to introduce a search engine. It is not my aim to go into detail about individual functions and cover them all. I would rather like to explain the basic functionality and operation.



Google is often the first choice for finding websites.
If you want to find devices that run a certain software, Shodan. io is a good choice.

How does Shodan work?

The data is mainly collected by Banner grabbing.
A banner is a textual description of a service on a device. The content of these banners depends on the type of service. A typical HTTP banner looks something like this:

httpbanner.png

Here you can see that a nginx server of version 1.1.19 is running.

Here is another example of an industrial control system (Siemens S7)
s7.png

This is obviously very different from the HTTP banner.

The Shodan crawlers do not scan network areas but act purely by chance. Therefore, a random IP address and a random port from which the banner is fetched are chosen.

In addition to the banners, metadata such as host name, operating system, geographical location etc. are stored.

The web interface

The easiest way to get data from Shodan is probably the web interface.
The filters help to narrow down the search.
A few simple filters are for example:

  • country - Find devices within a country

  • hostname - Find devices with a specific hostname

  • geo - Coordinates indication

  • os - Operating system specification

  • port - Port specification

For example, if we are looking for Apache servers of version 2.2.3 in Germany, we can easily find them with apache 2.2.3 country:"DE".

apache2.2.3.png

You can also play around under "explore" of the web interface and find for example wind turbines:

turbine.png

Let's take a look at this time, for example, we can see data like this:

diagnostics.png

Under "Maps" the search results can be illustrated additionally on a map.

Command-Line interface

In order to be able to use the service productively, you usually do not want to work on the Web interface, but rather via the CLI.

Shodan can be easily installed via the Python module easy_install:
easy_install shodan

Afterwards, shodan must be initialized:
shodan init <API Key>

You can view the API key in your account (https://account.shodan.io).

Now the functionalities can be used conveniently via the console.
Example:
heartbleed.png


Many of the functionalities can only be used with one account. Furthermore, some functions are subject to a fee.


Disclaimer

The use of the services and also the visit of the corresponding pages is legal. If an authentication is expected it is not allowed for example to enter standard logins (even if this would often work)



Thank you for reading!

Sort:  

Hello security101, I am a simple vote scheduling service for randowhale so that you can always catch it awake and get an upvote from them. For a full description of how to use me, check out my guide post.