Shodan: The most dangerous search engine in the world!

Almost all of us have used a search engine like Google or Bing to find material online. These search engines scan the entire internet and display almost every entry contained in these pages and rank them accordingly.

This enables us to find the information we are looking for just by typing in some keywords (Google also has a special set of keywords for us to do Google hacking).

shodan1

Now, imagine a search engine that instead of displaying the content of websites, displays the devices originating from each IP address (it can display the devices from almost any ip using Telnet or netcat).

This information can be very useful in searching for vulnerable or non-vulnerable devices. As almost every device is connected to the Internet, such a search engine would allow us to find all devices of a certain type (eg Cisco routers) or a certain area (traffic lights in Thessaloniki), even SCADA systems. With so many new Internet of Things (IoT) devices entering the market every day without proper security, this information would be a treasure trove for hackers.

Such a search engine exists. It was developed by John Matherly in 2009 and is called Shodan. You can find her at www.shodan.io as shown below.

shodan2

Matherly's crawler scans every IP address and tries to extract and collect the information from every device. This information usually includes the device manufacturer and some basic parameters.

Using Shodan

The first step to using Shodan is a simple registration. You can use Shodan without registration, but the features are limited. A simple account is free, so let's sign up and try some searches

Before we start our searches, let's try some that others have created and saved on the site. Among the most popular of these are web cameras. Click “Explore” on the top menu bar and a page will open as shown in the screenshot below.

shodan3

 

Now, let's try some of the web camera searches. At the top and center of this screen you can see the “Top Voted” searches. The first is the “Web Cams” search. It is important to note here that each type of web cam will generally have unique search parameters. Remember, we search based on the banner information, and what identifies it as a web cam is usually its unique name given by the manufacturer. What I'm trying to show is that searches for web cams or other searches on Shodan will likely require multiple searches to capture all devices, except in the unlikely event that they are made by one company and have only one product name.

Now with that caveat, let's get back to searching for webcams. Click on “Web Cam”.

When you click on it, you'll see that Shodan generates a search phrase. This phrase consists of the keywords that will appear in the device banner and identify it.

In this case that phrase is “Server SQ-WEBCAM”. This Shodan search returns over 7000 IPs that meet this criteria and the corresponding devices are shown below.

shodan4

We can click on any of these entries and we will be taken to the device that is on the Internet. If we scroll down a bit, at the bottom of the first page, we end up with a device in Lithuania, as you can see below.

shodan5

When we click on it, we are taken to the web cam server login screen. Since we know that the default username and password for this device is “admin” and “admin” (default usernames and passwords are available all over the internet.

Just try googling the device name and "default password" and you'll find a lot of entries), if the admin left them with the factory creds without changing them, we might be able to connect to the web video server.

shodan6

We are testing these credentials and as you can see they are working! We are inside the victim's device!

shodan7

As you can see above, we were able to access the web cam server admin panel with all its controls! The system administrator must have been too busy to change the default credentials and now the web cam server can be easily hacked.

Webcamxp

Another interesting search in the field of web-cams is “webcamxp”. These particular web cameras are almost always unprotected, so when you find one, you can simply click on the IP and start viewing the images captured by those cameras. When we put the word “webcamxp” in the search bar, Shodan finds over 1000 such cameras.

shodan8

Below, I have found a live image from a camera inside a small office in Latvia. Notice the PTZ controls to the right of the camera image that allow us to zoom in or out and pan the area.

shodan9

Obviously, there are hundreds of different web-cam manufacturers and you should know something about their banners to look for them. Usually, their banners include the name of the product or the manufacturer. Try some.

Beyond Web Cams

Searching for internet-enabled devices is almost limitless using Shodan. As you can see below, I was able to find the connection to the control panel of a hydroelectric plant in Genoa, Italy, using Shodan. Imagine what a malicious hacker could do to the people of Genoa if he had access to this board!

shodan10

Shodan Search Syntax

In addition to searching by keywords, Shodan allows us to be quite specific in our search. We can, for example, find devices based on city, country or IP address or address range using CIDR. We can be as specific as giving it GPS coordinates, hostname, operating system and port.

Below you can see the basic terms that Shodan accepts and filters. The syntax is simple in the form,

:

  • City: find devices in a specific city

  • country: find devices in a specific country

  • geo: you can pass coordinates

  • hostname: find values ​​matching the hostname

  • NET: search based on an IP or a /x CIDR

  • os: search based on operating system

  • port: find specific ports that are open

  • before/after: find results within a time frame

So, for example, if I wanted to find webcamxp in Sweden, I could type in the search box,

webcamxp country: SE

shodan11

 

Or, if I want to find webcamxp in Sweden and only use port 8080, I can make a query like,

webcamxp country: SE port: 8080

Or, we could search for webcamxp in Sweden on the telia.com host by entering,

webcamxp country: SE hostname:telia

Or, we could search for webcamxp in Sweden on subnet 81.229.0.0./16 by entering,

webcamxp country: SE net:81.229.0.0/16

As you can see, Shodan's search filters allow us to be very specific in finding devices that are connected to the Internet.

More Shodan

In addition, Shodan has an API that allows us to connect other applications – such as recon-ng – to Shodan to use its resources and capabilities. This API requires opening a premium account to gain access, and these accounts range from $19/month to $99/year.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.
Shodan, shodan download, shodan quotes

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

3 Comments

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).