What is Shodan ? How Shodan works, How to use Shodan to find vulnerable targets
Hey hackers!!!
Today we will discuss about the search engine for hackers i.e Shodan.
What is Shodan ?
Shodan is a search engine for hackers .Unlike Google, Bing and Yahoo which crawls from front end pages .Shodan crawls the web for devices such as printers, security cameras, and routers , which are connected to internet . Shodan is dubbed as “the scariest search engine on the web”.
We can say that shodan is the search engine for everything on the internet. While Google and other search engines index only the web, Shodan indexes pretty much everything else — web cams, water treatment facilities, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that’s plugged into the internet .
Shodan can help Penetration Testers to find valuable information about the target .
How Shodan works ?
It works by scanning the entire Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.
The algorithm of shodan is short and sweet :
1. Generate a random IPv4 address
2. Generate a random port to test from the list of ports that Shodan understands
3. Check the random IPv4 address on the random port and grab a banner
4. Repeat step 1.
How to use Shodan ?
Using shodan is very simple it works like search engines , but to get some valuable information , you need to understand how to search for a particular device by using specific queries .
Default Usernames and Passwords
The search query "admin+1234 ” is the default password for most routers, so we will use the search query “admin+1234” to search for all routers that have the default username and password.
Query used :
admin+1234
Similarly you can also try other default username and passwords that most of the routers have such as "admin/admin" ,"admin/password" etc.
As you can see from above picture , i was able to find about 2,008 routers having default username and passwords .
Finding Cisco IOS(Internetwork Operating System) Requiring No Authentication
Now we will use Shodan to find Cisco devices that are exposed to internet that require no authentication.
The Cisco IOS that has a "200 OK" response with the "last-modified" header does not require authentication.
We can use this filter to find Cisco devices requiring no authentication .
Query used :
"cisco-ios" "last-modified"
From the above results you can see that Shodan has more that 1000 devices that does not require authentication .
Default passwords
At last ,we will use shodan to search for websites that have a “default passwords” as keyword in their banners.The banner would most likely disclose the default passwords.We will use the filter "default password"
Query used :
default-passwords
As you can see the the very first result i.e 72.87.52.177 is using default password as "admin" and "password ".
After clicking on the first result is was able to get more information about the target (72.87.52.177 in this case) such as its ports ,services running on ports etc.
Furthermore you can also use Shodan to search for Security cameras ,smart Tv’s , printers etc.
That’s it. Find all the things, index all the things, make searchable all the things. It’s a thing, and it’s called Shodan.
Keep coming for more!!!
Thank you.