A Guide to Using Shodan
This is an ethical hacking guide about Shodan, what it is and how to use it. This guide is intended for educational purposes only and shouldn’t be used for any type of criminal activity whatsoever.
Stay on the right side of the law guys.
What is Shodan?
Shodan is a search engine specifically designed to help users find and access internet-connected devices and services. Unlike traditional search engines like Google, which primarily index websites and web pages, Shodan focuses on indexing and cataloging devices that are connected to the internet. Some of these devices include:
- Routers
- Switches
- Webcams
- Traffic Lights
- Scada systems
- Home Security
- Vsat
Shodan has been dubbed the “Hackers Google” and “Dark Google“.
Here are some key features and aspects of Shodan:
Device Discovery: Shodan scans the internet for devices and services. It can help identify open ports, operating systems, and other information about these devices. This information is often used by security professionals and researchers to assess potential vulnerabilities and threats.
Filters and Search Queries: Users can perform advanced searches using filters and search queries to narrow down results. For example, you can search for specific types of devices, within certain geographical locations, or with particular vulnerabilities.
Access to IoT Devices: Shodan is known for its ability to find and index Internet of Things (IoT) devices, including webcams, security cameras, smart TVs, and more. This can raise privacy and security concerns, as some of these devices may not be adequately secured.
Vulnerability Scanning: Shodan can be used for security research and to discover potential vulnerabilities in devices and systems. It’s an essential tool for security professionals and ethical hackers to identify and secure potential entry points into networks.
Historical Data: Shodan provides access to historical data about devices and how they’ve changed over time. This can be valuable for tracking changes in the internet landscape.
To use Shodan:
Open a browser and Goto Shodan.io
The free service gives limited results, but if you register for a free account, you will get more results. Shodan even has a premium service which will unlock all limitations.
Shodan also has a fun 80’s style hacker interface, it’s just for fun and has no added benefit, you can find that here https://2000.shodan.io
Shodan Search Filters
For a basic Shodan search just type in the search bar what you want to look for and search. Try searching “cisco” for business servers, “webcam” for webcams or “VSAT port:80” for satellite systems.
Just like using Google dorks you can refine your search using filters. The Country, State, City, Postal filters allow you to narrow down the geo-graphic location of your search.
| Filter | Command |
|---|---|
| Country | country:US |
| State | state:NY |
| City | city:Watertown |
| Postal | postal:02471 |
| Org | org:Microsoft |
| Net | net:192.168.0.1 or net:192.168.0.0/24 |
| Hostname | hostname: Microsoft.com hostname: support.Microsoft.com |
| Port | port:445 |
| Title | title:”Server Room” |
| Html | html:phpinfo.php |
| OS | os:Linux |
| Product | product:Apache |
| Version | version:1.6.2 |
Combining these search filters are the most effective way to search and find exactly what you’re looking for.
Interfacing Shodan with Metasploit
The Metasploit framework has Shodan search capabilities, but you will need the Shodan API key which requires you to register at least a free account.
Install it by typing easy_install shodan in the Metasploit terminal.
Conclusion
Shodan is an extremely powerful tool. While Shodan has legitimate uses for ethical hacking security professionals and researchers, it can also be misused for unethical or malicious purposes. As such, users are encouraged to follow ethical guidelines and respect the privacy and security of the devices they discover.
Happy Hacking Folks!
Ethical Hacking Guides
We have many guides to help you on your journey into the world of Ethical Hacking. If this is something you find interesting, please take a look here today: Ethical Hacking Guides.
Recommendation:
ALFA Network Wi-Fi Adapter: https://amzn.to/3QbZ6AE
This Wi-Fi adapter is essential if you are to learn Wi-Fi Hacking.
