OSINT- Information Gathering with Shodan

What is Shodan

Shodan (Sentient Hyper-Optimized Data Access Network) is a very powerful search engine that allows users to search IoT devices by performing service banner grabbing

What is Banner Grabbing?

Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network. However, an intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits

Why is Shodan Powerful?

I searched Singapore :

The results has shown me the services running, the known exploits of the services with the appropriate CVE

I searched Webcams:

The results gave a webcam in France, it gave me the port that is being used for the webcam and the web technologies this webcam is using

Searched Traffic Lights (Yes you can Search Traffic Lights)

Interestingly this seems to be a honey pot

On a side note-
What are honeypots: A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. … Like mice to cheese-baited mousetraps, cybercriminals are attracted to honeypots — not because they’re honeypots.

When you search for an example ‘routers’

The left hand panel will show you more information regarding the filter you applied.

Searched RDP

You can also search using Operating system and version number

I searched Windows Xp

I have found 11,251 results, at the left you can see the top countries these devices are located, i dont exactly know why they would be still be using XP when you’re directly facing the internet, but let all the god be with them.

You can search anything you can possibly think of that might be connected to the internet i.e: Planes, routers, boats, webcams, vacuum cleaners

So you get the idea how powerful this tool is.

How to access Shodan?

Its simple; head over to www.Shodan.com or any browser but; if you’re using IE please question life decisions

Shodan Command Line interface:

To install Shodan cli interface on a Linux Machine:

Run the following command:

easy_install shodan

It will prompt you for your API keys, of which you can find on your shodan account settings page when you sign up

Shodan cli example:

shodan hosts “ip”

to search for a specific IP

$ shodan search --fields ip_str,port,org,hostnames microsoft iis 6.0

Happy hacking :)

Sharing my knowledge in OSINT, Cyber Security and DevOps.