In the course of digitalization, more and more devices are being connected to the Internet. In the following I would like to introduce a search engine. It is not my aim to go into detail about individual functions and cover them all. I would rather like to explain the basic functionality and operation.
Google is often the first choice for finding websites.
If you want to find devices that run a certain software, Shodan. io is a good choice.
How does Shodan work?
The data is mainly collected by Banner grabbing.
A banner is a textual description of a service on a device. The content of these banners depends on the type of service. A typical HTTP banner looks something like this:
Here you can see that a nginx server of version 1.1.19 is running.
Here is another example of an industrial control system (Siemens S7)
This is obviously very different from the HTTP banner.
The Shodan crawlers do not scan network areas but act purely by chance. Therefore, a random IP address and a random port from which the banner is fetched are chosen.
In addition to the banners, metadata such as host name, operating system, geographical location etc. are stored.
The web interface
The easiest way to get data from Shodan is probably the web interface.
The filters help to narrow down the search.
A few simple filters are for example:
country
- Find devices within a countryhostname
- Find devices with a specific hostnamegeo
- Coordinates indicationos
- Operating system specificationport
- Port specification
For example, if we are looking for Apache servers of version 2.2.3 in Germany, we can easily find them with apache 2.2.3 country:"DE"
.
You can also play around under "explore" of the web interface and find for example wind turbines:
Let's take a look at this time, for example, we can see data like this:
Under "Maps" the search results can be illustrated additionally on a map.
Command-Line interface
In order to be able to use the service productively, you usually do not want to work on the Web interface, but rather via the CLI.
Shodan can be easily installed via the Python module easy_install:
easy_install shodan
Afterwards, shodan must be initialized:
shodan init <API Key>
You can view the API key in your account (https://account.shodan.io).
Now the functionalities can be used conveniently via the console.
Example:
Many of the functionalities can only be used with one account. Furthermore, some functions are subject to a fee.
Disclaimer
The use of the services and also the visit of the corresponding pages is legal. If an authentication is expected it is not allowed for example to enter standard logins (even if this would often work)
Thank you for reading!
Hello security101, I am a simple vote scheduling service for randowhale so that you can always catch it awake and get an upvote from them. For a full description of how to use me, check out my guide post.