SHODAN Cheat Sheet — A Comprehensive Guide to Shodan: The Search Engine for Hackers

1 week ago 13
BOOK THIS SPACE FOR AD
ARTICLE AD

Shafayat Ahmed Alif

SHODAN Cheat Sheet — A Comprehensive Guide to Shodan: The Search Engine for Hackers

Shodan is a powerful search engine designed to provide insights into devices connected to the internet, such as servers, webcams, routers, and more. It differs from traditional search engines by focusing on the services, ports, and devices exposed to the internet, rather than on the content of websites. In this guide, we’ll explore how to use Shodan effectively to gather data on IP addresses, locations, operating systems, and web apps.

Shodan scans the internet to find exposed devices and catalog their services, allowing users to search across various fields like data, ip, port, org, and location.country_code. By examining banner responses, it provides information about connected devices, services, and vulnerabilities.

Users can access detailed results by enabling the “View Raw Data” option, which reveals more extensive information about what Shodan has stored. However, Shodan searches should be precise to avoid confusion and irrelevant results.

Shodan enables users to search for information on specific IP addresses, subnets, hostnames, ports, and services:

Single IP Address: Find details on a single IP, e.g., 52.179.197.205.Hostname: Search for a specific hostname, e.g., hostname:"microsoft.com".Subnet: Target a specific subnet range, e.g., net:"52.179.197.0/24".Port: Discover instances of a particular active port, e.g., port:"21".Service: Identify services such as FTP, e.g., service:"ftp".Service on Specific Port: Locate specific services on a port, e.g., ftp port:"21".ISP: Search by internet service provider, e.g., isp:"Spectrum".ASN (Autonomous System Number): Search by ASN, e.g., ASN:"AS8075".

Shodan provides various filters to narrow down searches by location:

Country: Search by country code, e.g., country:"US".City: Filter by city name, e.g., city:"New York".State: Use state code for specific areas, e.g., state:"NY" or region:"NY".ZIP Code: Search by postal code, e.g., postal:"92127".Geo (GPS Coordinates): Find devices within a specific geographical radius, e.g., geo:"40.759487,-73.978356" or geo:"40.759487,-73.978356,2" (within 2 km).

Shodan can also help identify the operating systems, products, organizations, and versions in use:

Operating System: Search by OS, e.g., os:"Windows Server 2008" or os:"Linux 2.6.x".Organization: Locate devices associated with a specific organization, e.g., org:"Microsoft".Product: Search for a known product, e.g., product:"Cisco C3550 Router".Version: Identify devices by a specific version, e.g., product:"nginx" version:"1.8.1".Category: Search by Shodan-defined categories, e.g., category:"ics" or category:"malware".Microsoft SMB: Search for specific SMB versions, e.g., smb:"1" or smb:"2".Microsoft Shared Folders: Find exposed shared folders, e.g., port:"445" "shares".

Shodan can identify web applications, technologies, and configurations exposed online:

Page’s Title: Search for specific words in a page’s title, e.g., title:"Index of /ftp".Page’s HTML Body: Search HTML content for specific text, e.g., html:"XML-RPC server accepts".Web Technologies: Identify web technologies in use, e.g., http.component:"php".SSL/TLS: Filter SSL/TLS version support, e.g., ssl.version:"sslv3" or ssl.version:"tlsv1.1".Expired Certificates: Find expired HTTPS certificates, e.g., ssl.cert.expired:"true".Date (After): Find results after a specific date, e.g., after:"01/01/18".Date (Before): Find results before a specific date, e.g., before:"12/31/17".Screenshot: Display results only with screenshots, e.g., port:"80" has_screenshot:"true".Other Ports: Examples include port:"3389" has_screenshot:"true", which can identify exposed RDP ports.

Shodan offers additional filters for premium accounts, providing even more focused search options:

Vulnerability: Search by CVE ID, e.g., vuln:"CVE-2017-0143".Tags: Search based on Shodan tags, e.g., tag:"ics" or tag:"database".

Shodan is a robust tool for cybersecurity professionals, network administrators, and ethical hackers. It provides insights into devices and services that are exposed to the internet, making it invaluable for vulnerability assessments and network monitoring. However, users should employ it responsibly and ethically, always respecting privacy and legality in their searches.

Read Entire Article