Pages

Pages - Menu

Pages - Menu

Sunday, 19 November 2017

A Hackers Search Engine Shodan


You might hear of Shodan before. Ever think how it actually works? Shodan is the search engine of
banner grabbing which was launched by John Matherly in 2003 as a search engine for finding linked devices to the internet. And today it is known as the most powerful search engine and named as hackers search engine.



Shodan shows the results by capturing banners from different various devices like Webcams, Routers, Servers, and SCADA . It captures the meta-data received in response from servers and this meta-data are called service banners. This information includes different important information like ISP's, Web servers (Apache, Nginx, IIS ....), location, encoding, compression and more ....


Even, It provides all of the information that could be very useful depending on how you want to use it. As scanning all 65536 ports takes a lot time which could slow down the process, shodan search for common ports like HTTP(80), FTP(21), SSH(22), TELNET(23), HTTPS(443), Sharing(445),
SIP (5060) .... on the target and then grab banners from the responses in return of actions performed on ports.




What you can use shodan for ?


Shodan can be used to find vulnerable systems, servers, routers with default username/password, Webcams, IP cams, SCADA systems, Databases, traffic lights, Vulnerable websites and more. Shodan maps are easy to navigate and provides higher accuracy. Also, shodan maps are more attractive than Google maps.


Shodan provides full services to its paid users. Anyway, it also provides its facilities to signed up users.

How to use shodan??👇

First thing you need to do is to go through Shodan Sign up form. Fill in the requirements and create a new user account here:👇👇👇

https://account.shodan.io/register


Uses

Go to shodan search menu and try to search something like apache, nginx etc. Here are some of the results for query: linksys





Now if i click on first result. It show me all of the grabbed results. What it is showing me is that it is somewhere located in the sea, maybe on a ship, it has two ports open 500 and 5060 and some classical information in the left column.



FILTERS


Shodan have different filters to apply for more accurate search results, though you can simply search for something like webcamxp in the search field. But it will give you different results depending on the situation. Filters could apply in case you want to find some specific service like Apache server in Bolivia , or like Default username/password cameras in US/Russia or even traffic lights in the USA. If you are already familiar with Google hacking Dorks , then this will be more straightforward to you. Let's see what filters we have in our dictionary:



  • product: Value will be a service like apache and MySQL
  • city: Value will be a city name
  • country: Country to search
  • hostname: Grab banners with given hostname
  • net : Value will be an ip address
  • geo: pass the coordinates of location
  • os: search for specific operating system
  • port: port to search
  • before/after: search for specific timeframes



Examples (Google support shellvod)


The below filters will search for apache service in
pakistant

product:apache country:PK


geo filter search for devices according to the provided coordinates. Shodan maps provide you the facility of finding geo coordinates of a place. Open Shodan maps, select a place and then click on it. Coordinates will display as html title.

geo:'31.5497, 74.3436'

This will search of windows 7 operating system with port 445 open.

os:'windows 7' port:445

Now, lets try a big one. The following filter search for nginx server on port 80 in Dallas, USA

product:nginx city:'dallas' country:US port:8080 os:linux



Result





These are some of the examples.


 You can do more. Shodan allows users to share their results which help others know how to search for something on shodan. You can use Explore tab on shodan to get familiar with shodan.



Enhancements

Some awesome features of shodan are:

Firefox and Chrome extensions to directly
search through OMNI bar instead of first coming to shodan and then search

Data Export: You can directly export search results in a format for further analyzing.
More Features for paid users. Specific for Developers and Cyber Researchers


Maps: You can search directly for something on Shodan maps.



This is just the intro of Shodan and its basic usage. Its like whats happening at the back of hackers mind. One important thing to note is shodan works on banners which are received as responses from servers and other devices when some kind of request made to them. These responses could be changed, modified and faked and thus, in result providing False information.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.