Finding vulnerable systems on the Internet with

Often, as cyber warriors, we need to check whether our systems or the systems of others are vulnerable to various known vulnerabilities and attacks. Whether it's pentesters, security engineers or other malicious actors, this information can be critical to the success of this mission.

There are several other sites that offer some information in this key area, such as Shodan and Censys, but is probably the best! To be honest, if you're not using, you're missing out on one of the best resources on the web.

netlas14 can be used in at least 5 different use cases such as,

  1. OSINT

  2. Offensive Security

  3. Defensive Security

  4. Leads and contacts

  5. MarketingResearch

In this guide, we will focus on using as an offensive security tool in the context of penetration testing. The first steps of a pentest, including identifying and forming an attack surface, are faster and easier with Use whois and DNS lookup option including A, NS, PTR, MX and SPF records to configure network perimeter, scaling and performance.

Step #1: Login to

The first step is to navigate to and create an account.


Since is in its early stage of development, it offers multiple free accounts.


Step #2: Basic search

Like many other search engines, you can create a search query with search fields and search phrases separated by colons (:). You can search by IP address, host, whois and many other fields. Additionally, you can search by subfields using the field name followed by the subfield name separated by a period.


So if you were looking for apache web servers you could type,


As you can see below, was able to find 94 million servers running apache.

Each entry has a response tab, a certificates tab, a Whois tab, and a domains tab. When we click on the domains tab, all the domains hosted on the specific IP address are displayed.


We can also search by host using the syntax,

host: cybrary



Step #3: Search for vulnerabilities

One of the beauties of this site is the ability to search by vulnerability and cve. For example, if I wanted to see all sites with CVE vulnerabilities greater than 9, I could enter the search,



If I wanted to find all SMB-enabled sites, I could enter the search,



Note that in the response field we have a subfield “smbv1_support". We can use this subfield to find all sites with faulty and vulnerable SMBv1 (true) enabled.



Note that over 113.000 sites were found with this outdated and flawed version of SMB.


We can also search for sites that have a known public exploit using the search,



This search reveals that there are over 74 million websites that are potentially vulnerable to some known public exploit. On the right edge of the screen you can see the CVEs of the vulnerabilities found. We can then click on the tab CVE above the listing and will list all known vulnerabilities. Note that the website below has 3 vulnerabilities with severity above 9!


We can also search based on the severity level of known vulnerabilities. If we wanted to see all the sites with a degree of seriousness”critical", we use the search term,



If we wanted to find all websites that are vulnerable to the infamous EternalBlue (remote SMB code execution) exploit, we can search by CVE name, CVE-2017-0145


Over 161 thousand websites are still vulnerable to this exploit. Just for background, here is the list of CVEs in NVD.


Step #4 Use logical operators

As with other sites similar to, you can use logical operators to narrow your search. You can use AND, OR ή NOT (&&, ||, !, respectively). The default operator is the AND.

So if you are looking for sites running the outdated and vulnerable MySQL v5 sites with ASN number 4134 you could create a query like,

mysql.server.version:5 and asn.number:4134

netlas13 also allows you to search using regular expressions (regex) and wildcards (* and ?).


If you are into pentest or OSINT, is a must have tool. It can save you hours of searching for key information and vulnerabilities.

I hope it goes without saying that no tool is perfect and that goes for as well. That's why you need to familiarize yourself with a wide variety of tools and then use the best tool for the job or situation. The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.110 registrants.
OSINT, Netlas

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).