Know what is Shodan Exactly !

 What Is Shodan Exactly?

Shodan is a search engine for Internet-connected devices. It is different from search engines like Google and Bing because Google and Bing are great for finding websites but Shodan helps in finding different things like popular versions of Microsoft IIS, control servers for Malware, how many host are affected with the new CVEs, which countries are becoming more connected, SSL certificates of the websites etc.

Difference between Shodan and Google :

The major difference between Shodan and Google is that, that Shodan analyzes the internet and Google analyzes the Word Wide Web.

       Description :

Shodan is the most popular search engine ever seen. It has the capability to index small desktops, CCTVs, nuclear power plants etc.

Nowadays shodan has become very popular in the world of penetration testing, bug bounties, digital forensics, threat hunting etc.

Shodan’s Search Query Insights :

Shodan gathers information by interacting with web services and this information is stored in an object called the banner, so when you search anything using a shodan dork (search query) shodan takes the information from the banner of that service and displays it to you. In simple words banner is a metadata about a service, for HTTP it means headers and for FTP it means welcome string. Different services have different banners, lets look at the example of vsftpd 3.0.3 and Siemens S7 banners.

Any connected device can show up in a search, including:

  ✴ Servers

  ✴ Printers

  ✴ Webcams

  ✴ Traffic lights

  ✴ Security cameras

  ✴ Control systems

Shodan runs its scans 24/7, ensuring all its data is up to date. While most regular Internet users won’t need Shodan, cybersecurity experts, academic researchers, and government agencies are among the most active users of the engine.

No security expert can afford to ignore the challenges of an ever-expanding Internet of Things (IoT) landscape. There are already over 10 billion connected devices active today, and that figure is expected to reach 64 billion by 2025.

While those devices benefit businesses and consumers immensely, leading to a $3 trillion IoT market, protecting all those endpoints won’t be easy. One of the primary challenges of IoT security is awareness: how do you keep track of vulnerabilities across millions of endpoints?

That’s where an online tool known as Shodan comes into play.

How Does Shodan Work ?

The Algorithm ;

Shodan (Sentient Hyper-Optimized Data Access Network) is often referred to as the world’s first search engine for Internet-connected devices. Upon scanning the entire internet, the search engine sends queries to connected IoT devices for publicly available information related to them. The servers of such devices return their service banners to the user. Shodan also supports customized queries using filters like city, country, hostname, OS, etc. to find out the corresponding details.

In a nutshell, the algorithm Shodan uses runs like this:

  ✅ Generate a random IPv4 address.

  ✅ Collect a real-time list of connected devices online.

  ✅ Query a supported port.

  ✅ Check the IPv4 address on the port.

  ✅ Grab a service banner. 

It means practically that Shodan identifies the following info:

  ✪ Geographic location

  ✪ Default username and passwords

  ✪ IP address.

  ✪ Software version.

  ✪ Make and model.

  ✪ Repeat.

These are the ports that Shodan scans for:

  ➤ Port 554 – Real Time Streaming Protocol

  ➤ Port 5060 – SIP

  ➤ Port 25 – SMTP

  ➤ Port 161 – SNMP

  ➤ Port 23 – Telnet

  ➤ Port 993 – IMAP

  ➤ Port 22 – SSH

  ➤ Port 21 – FTP

  ➤ Ports 8443, 443, 8080, and 80 – HTTPS/HTTP

     Shodan Dorks…?

Shodan Dorks, yes! you heard it right. You already know about Google Dorks. Dorks are like a filter on search results. You can find your wishing result by using some kind of dorks. Let’s take some example of Shodan Dorks:

Note: You must have account on shodan for using dorks ;

1:)

Suppose you want to find device in particular area like in a country then you can use a basic filter dork like 

country:"IN"

2:)

If you want to find devices in a particular city then 

city:"Washington".

3:)

You can also find devices with geo targeting or by giving geographical co-ordinates like:

geo:"47.751076, -120.740135"

4:)

Suppose you want to find device of a particular organization then you can try :

org:"Facebook"

     

Basic Shodan Filters !

 City:

Find devices in a particular city. city:"Bangalore"

Country:

Find devices in a particular country. country:"IN"

Geo:

Find devices by giving geographical coordinates. geo:"56.913055,118.250862"

Location:

country:us country:ru country:de city:chicago.

net:

Find devices based on an IP address or /x CIDR. net:210.214.0.0/16

Organization

org:microsoft org:"United States Department"

Autonomous System Number (ASN)

asn:ASxxxx

os:

Find devices based on operating system. os:"windows 7"

port:

Find devices based on open ports. proftpd port:21

before/after:

Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010

SSL/TLS Certificates :

Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com

Expired certificates :

 ssl.cert.expired:true

ssl.cert.subject.cn:example.com

Device Type :

device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge

Operating System

os:"windows 7" os:"windows server 2012" os:"linux 3.x"

Product

product:apache product:nginx product:android product:chromecast

Image Note :

Image source : https://twitter.com/ManieshNeupane/status/1569904736450785283?t=vz_-263IjaY3YPTA5PxHaA&s=19

You can use it by visiting the official website: www.shodan.io

                   Thank you !