Today I will tell you about Zoomeye. It is one of the search engines that allows you to search for devices, sites and services. There was quite a lot of high-profile news related to Zoomeye on the web. The search engine has convenient functionality, flexible search settings and its own API. In this article I will talk about which keys the search engine supports, what you can find interesting, and also compare the results of Zoomeye and Shodan.
Zoomeye is a search engine developed by Chinese security company Knownsec Inc. The first release was released in 2013. ZoomEye uses Xmap and Wmap at its core to collect data from open devices / web services and for fingerprint analysis.
How do I search with Zoomeye?
On the Zoomeye website, you can enter several requests at once and see the issue, but more detailed information is available after registration. To receive an account, you need to specify your mail and phone number. After registration, a wider functionality opens and there is no restriction on viewing detailed information on hosts (in the guest mode, only 20 results are displayed). You can also see general statistics.
A very handy feature is the component catalog. The user can select any letter from the alphabet and select the name of the device, and the search engine will display the search results for this device. The Device list contains a variety of models of cameras, printers, and other devices. A separate list for WEB is implemented, which contains all technologies and CMS.
It is impossible not to tell about the built-in vulnerability database that is displayed during the search. They fit very conveniently into the functionality and you can immediately see the details without going to an additional site. Searching for a specific device displays a potential list of vulnerabilities. It is also worth noting the ability to view the issue on the map, as well as generate a report or share the results. Indeed, it is convenient, simple and fast.
The system has its own keys that improve the search. They are quite similar to Shodan and Censys. Let's take a look at basic examples, and then move on to more sophisticated queries. These keys can save you time, especially if you are looking for a specific version or, for example, a phrase in the meta description tag.
Search by app and version
app: application name
ver: version
Search by geolocation
country: country abbreviation (RU, US, PL, UK, UA, FR, etc.)
city: city
Search by port and operating system
port: number
os: operating system
hostname: hostname
cidr: network address
keywords: keywords in <meta name = ”Keywords”>
desc: information in the description in <meta name = ”description”>
headers: the name of the HTTP header
Interesting finds
Request: "ClearSCADA"
Systems that are designed for real-time management and development. Systems without authorization are available upon request, databases, a list of events, etc. are open.
Request: "beescms"
This is a CMS for online stores. Previously, a vulnerability was published that allows you to get a shell.
Request: speaker + app: "Mobotix Camera http config"
Mobotix webcams are available without authorization. Sometimes you come across door control systems from garages, light switches / switches, etc.
Request: "mongodb"
Open databases mongodb. On the banner, you can see what bases are and what size.
Request: NessusWWW + "HTTP / 1.1 200 OK"
Nessus Vulnerability Scanner Authorization Forms
Compare Zoomeye and Shodan
For the experiment, let's compare the results and which search engine has better results. In the experiment, we will use a comparison plate to make it clear and accessible. As a result, 10 searches were made. The table below shows the number of results for each query and the total.
Queries and number of results.
Percentage of requests.
Percentage based on overall search results.
For 10 queries, 890,868,935 results were received from two search engines. Of these, only 13% from Shodan and 87% from Zoomeye. A simple and visual comparison of why it is worth looking towards a Chinese search engine. Overwhelming statistical advantage. In all 10 queries, Zoomeye has a clear advantage.
Conclusion
Zoomeye is a cool search engine for hackers. Convenient functionality, a sufficient number of keys for flexible search, API and an incredible number of search results. For basic use, it is enough to register. The system does not cut the number of requests and allows searching for almost any task (the limit is 10,000 requests per month). This means that this is another storehouse of information in the public domain.
Zoomeye is a search engine developed by Chinese security company Knownsec Inc. The first release was released in 2013. ZoomEye uses Xmap and Wmap at its core to collect data from open devices / web services and for fingerprint analysis.
How do I search with Zoomeye?
On the Zoomeye website, you can enter several requests at once and see the issue, but more detailed information is available after registration. To receive an account, you need to specify your mail and phone number. After registration, a wider functionality opens and there is no restriction on viewing detailed information on hosts (in the guest mode, only 20 results are displayed). You can also see general statistics.
A very handy feature is the component catalog. The user can select any letter from the alphabet and select the name of the device, and the search engine will display the search results for this device. The Device list contains a variety of models of cameras, printers, and other devices. A separate list for WEB is implemented, which contains all technologies and CMS.
It is impossible not to tell about the built-in vulnerability database that is displayed during the search. They fit very conveniently into the functionality and you can immediately see the details without going to an additional site. Searching for a specific device displays a potential list of vulnerabilities. It is also worth noting the ability to view the issue on the map, as well as generate a report or share the results. Indeed, it is convenient, simple and fast.
The system has its own keys that improve the search. They are quite similar to Shodan and Censys. Let's take a look at basic examples, and then move on to more sophisticated queries. These keys can save you time, especially if you are looking for a specific version or, for example, a phrase in the meta description tag.
Search by app and version
app: application name
ver: version
Search by geolocation
country: country abbreviation (RU, US, PL, UK, UA, FR, etc.)
city: city
Search by port and operating system
port: number
os: operating system
Search by services and host
service: service name (The list of all available services can be found on the link)hostname: hostname
Search by IP
ip: IP addresscidr: network address
Keyword search
site: sitekeywords: keywords in <meta name = ”Keywords”>
desc: information in the description in <meta name = ”description”>
headers: the name of the HTTP header
Search by title
title: title of the page in <title>
Interesting finds
Request: "ClearSCADA"
Systems that are designed for real-time management and development. Systems without authorization are available upon request, databases, a list of events, etc. are open.
Request: "beescms"
This is a CMS for online stores. Previously, a vulnerability was published that allows you to get a shell.
Request: speaker + app: "Mobotix Camera http config"
Mobotix webcams are available without authorization. Sometimes you come across door control systems from garages, light switches / switches, etc.
Request: "mongodb"
Open databases mongodb. On the banner, you can see what bases are and what size.
Request: NessusWWW + "HTTP / 1.1 200 OK"
Nessus Vulnerability Scanner Authorization Forms
Compare Zoomeye and Shodan
For the experiment, let's compare the results and which search engine has better results. In the experiment, we will use a comparison plate to make it clear and accessible. As a result, 10 searches were made. The table below shows the number of results for each query and the total.
Queries and number of results.
Percentage of requests.
Percentage based on overall search results.
For 10 queries, 890,868,935 results were received from two search engines. Of these, only 13% from Shodan and 87% from Zoomeye. A simple and visual comparison of why it is worth looking towards a Chinese search engine. Overwhelming statistical advantage. In all 10 queries, Zoomeye has a clear advantage.
Conclusion
Zoomeye is a cool search engine for hackers. Convenient functionality, a sufficient number of keys for flexible search, API and an incredible number of search results. For basic use, it is enough to register. The system does not cut the number of requests and allows searching for almost any task (the limit is 10,000 requests per month). This means that this is another storehouse of information in the public domain.
