Shodan Search Examples

Shodan is one of the world’s first search engine for Internet-Connected devices. With the help of Shodan, you can easily discover which of your devices are connected to internet, where they are located and who is using them. Shodan has several servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence.

Shodan also provides a public API that allows other tools to access all of Shodan’s data. Integrations are easily available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many more.

Like Google, Yahoo and Bing, Shodan Search Engine also uses Boolean operators. There are other filter options as well to make the search easy and more specific.

For Registered users, Shodan only shows 50 results and to find out more, you have to subscribe for the paid service. Shodan has several powerful yet easy to use filters which prove handy during vulnerability assessment and penetration testing exercises.

The usage of filters is usually of the form filter:value. Some of the most common basic filters that you can use in Shodan are as follows.

1. Find Apache servers in San Francisco:

apache city:”San Francisco”

Here you can see that, it lists out all the Apache Web Servers in San Francisco region.

2. Find Nginx servers in Australia:

nginx country:”AU”

This dork is one of the most commonly used which lists out the results based on Country, like in above screenshot, we listed out all the Nginx Servers of Australia Country.

3. Find GWS (Google Web Server) servers:

“Server: gws” hostname:”google”

4. Search with CVE ID

vuln:cve-2014-0160

As you can see that 2014-0160 is the CVE of Heartbleed Vulnerability which created a havoc in year 2014 and from above screenshot, it seems that there are around 113,693 servers are still vulnerable to this Heartbleed vulnerability.

Also Read: Heartbleed Exploitation with Nmap and Metasploit Framework.

Here are some other basic filters which you can easily use with Shodan: