The service was developed by web developer John Matherly and is primarily focused on finding devices connected to the Internet.
Shodan is a search engine that indexes and catalogs various devices connected to the Internet. Using shodan, you can connect to your webcam, choose a password for your router, camera, printer, or other device. And even find open traffic management systems. This is interesting and dangerous at the same time, because anyone can connect and become a problem in the security of even an entire city.
The service polls device ports and draws conclusions about devices and services based on the received response banners. The search engine is paid, and an annual subscription costs$ 20, but you can also try it out for this: after free registration, 50 search results are available.
Filters
You can filter search results using the following constructs:
Cisco devices
To understand the first example, you need to remember how the basic HTTP response codes work.:
HTTP Status Codes:
In this example, we will try to find cisco devices with a web interface that do not require authorization to access. First, let's see what a typical "401 Unauthorized" device-cisco banner looks like if we simply enter "cisco" in the search bar:
Note that the string "WWW-Authenticate: Basic realm= "level_15_access" indicates that you need to enter your username and password. In turn, the device that does not require authorization will return you a banner with the status 200 (to do this, enter "200 cisco" in the search bar, and the Last-Modified line is also a sure sign that this is "our client":
Just click on the ip address link:80 and we get to the web-based device management console.
Default passwords
There are many devices connected to the Internet with default usernames and passwords, so let's try to find something. To do this, write "default+password"in the search bar. We will also add port: 80 to select devices with www authentication. As a result, we will see a lot of banners containing the desired phrase, and as practice shows, a large percentage of devices will have a username / password like admin/password, admin/pass, etc.,
Security cameras
If in the case of network devices, users in most cases set more or less strong passwords, then with the rest of the equipment, things are much worse. In this example, we'll take a look at the security cameras. Write in the search bar:
And we get a list of video recorders in St. Petersburg, about 200 devices were found. Standard accounts on such devices are admin and user, passwords: admin, user, 1111, 1234, 123456, 8888 (you can find them in the instructions). A device with a standard account is already on the first page
Popular queries
In the Popular Searches section, you can see the query options, for example, the search for avtech IP video cameras in the United States:
We add the usual port:80 filter to it, and again on the first page of the search, you will find the device where the user logs in using admin/admin.
Summing up, I want to remind all users once again: please set strong passwords for ALL devices connected to the network, if you do not have "secret" data in your DVR or smart TV, this does not mean that these devices cannot become targets of intruders, even if just for fun.
Shodan is a search engine that indexes and catalogs various devices connected to the Internet. Using shodan, you can connect to your webcam, choose a password for your router, camera, printer, or other device. And even find open traffic management systems. This is interesting and dangerous at the same time, because anyone can connect and become a problem in the security of even an entire city.
The service polls device ports and draws conclusions about devices and services based on the received response banners. The search engine is paid, and an annual subscription costs$ 20, but you can also try it out for this: after free registration, 50 search results are available.
Filters
You can filter search results using the following constructs:
- country: country, in the format RU, UK, US, etc., for example: nginx country: RU
- city: city, for example: nginx city: "Moscow" country: RU
- os: operating system, for example: microsoft-iis os: "windows xp»
- port: port in the format 21, 80, 443, etc., for example: proftpd port: 21
- hostname: allows you to search based on the domain, for example: nginx hostname:.de
Cisco devices
To understand the first example, you need to remember how the basic HTTP response codes work.:
HTTP Status Codes:
- 200 OK Request succeeded;
- 301 Moved Permanently Assigned a new permanent URL;
- 302 Found Resides under a different URI;
- 401 Unauthorized Request requires authentication;
- 403 Forbidden Request is denied regardless of authentication.
In this example, we will try to find cisco devices with a web interface that do not require authorization to access. First, let's see what a typical "401 Unauthorized" device-cisco banner looks like if we simply enter "cisco" in the search bar:
Code:
HTTP/1.0 401 Unauthorized
Date: Thu, 20 Oct 1994 05:18:36 GMT
Server: cisco-IOS
Connection: close
Accept-Ranges: none
WWW-Authenticate: Basic realm=«level_15_access»Note that the string "WWW-Authenticate: Basic realm= "level_15_access" indicates that you need to enter your username and password. In turn, the device that does not require authorization will return you a banner with the status 200 (to do this, enter "200 cisco" in the search bar, and the Last-Modified line is also a sure sign that this is "our client":
Code:
HTTP/1.0 200 OK
Date: Mon, 08 Sep 2014 22:28:16 GMT
Server: cisco-IOS
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
Expires: Mon, 08 Sep 2020 22:28:16 GMT
Last-Modified: Mon, 08 Sep 2020 22:28:16 GMT
Cache-Control: no-store, no-cache, must-revalidate
Accept-Ranges: noneJust click on the ip address link:80 and we get to the web-based device management console.
Default passwords
There are many devices connected to the Internet with default usernames and passwords, so let's try to find something. To do this, write "default+password"in the search bar. We will also add port: 80 to select devices with www authentication. As a result, we will see a lot of banners containing the desired phrase, and as practice shows, a large percentage of devices will have a username / password like admin/password, admin/pass, etc.,
Security cameras
If in the case of network devices, users in most cases set more or less strong passwords, then with the rest of the equipment, things are much worse. In this example, we'll take a look at the security cameras. Write in the search bar:
Code:
DVR port:80 country:RU city:«Saint Petersburg»And we get a list of video recorders in St. Petersburg, about 200 devices were found. Standard accounts on such devices are admin and user, passwords: admin, user, 1111, 1234, 123456, 8888 (you can find them in the instructions). A device with a standard account is already on the first page
Popular queries
In the Popular Searches section, you can see the query options, for example, the search for avtech IP video cameras in the United States:
Code:
linux upnp avtech country:USWe add the usual port:80 filter to it, and again on the first page of the search, you will find the device where the user logs in using admin/admin.
Summing up, I want to remind all users once again: please set strong passwords for ALL devices connected to the network, if you do not have "secret" data in your DVR or smart TV, this does not mean that these devices cannot become targets of intruders, even if just for fun.
