Shodan is one of the world’s first search engine for Internet-Connected devices. With the help of Shodan, you can easily discover which of your devices are connected to internet, where they are located and who is using them. Shodan has several servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence.
Shodan also provides a public API that allows other tools to access all of Shodan’s data. Integrations are easily available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many more.
Like Google, Yahoo and Bing, Shodan Search Engine also uses Boolean operators. There are other filter options as well to make the search easy and more specific.
For Registered users, Shodan only shows 50 results and to find out more, you have to subscribe for the paid service. Shodan has several powerful yet easy to use filters which prove handy during vulnerability assessment and penetration testing exercises.
The usage of filters is usually of the form filter:value. Some of the most common basic filters that you can use in Shodan are as follows.
1. Find Apache servers in San Francisco:
apache city:”San Francisco”
Here you can see that, it lists out all the Apache Web Servers in San Francisco region.
2. Find Nginx servers in Australia:
This dork is one of the most commonly used which lists out the results based on Country, like in above screenshot, we listed out all the Nginx Servers of Australia Country.
3. Find GWS (Google Web Server) servers:
“Server: gws” hostname:”google”
4. Search with CVE ID
As you can see that 2014-0160 is the CVE of Heartbleed Vulnerability which created a havoc in year 2014 and from above screenshot, it seems that there are around 113,693 servers are still vulnerable to this Heartbleed vulnerability.
Here are some other basic filters which you can easily use with Shodan:
- city: find devices in a particular city
- country: find devices in a particular country
- geo: you can pass it coordinates
- hostname: find values that match the hostname
- net: search based on an IP or /x CIDR
- os: search based on operating system
- port: find particular ports that are open
- before/after: find results within a timeframe
Here are the most popular Filters used by Shodan:
For Webcams –
- Code: Server: SQ-WEBCAM
- Link – https://www.shodan.io/search?query=Server%3A+SQ-WEBCAM
For Cams –
- Code: linux upnp avtech
- Link – https://www.shodan.io/search?query=linux+upnp+avtech
For Netcam –
- Code: netcam
- Link – https://www.shodan.io/search?query=netcam
For Default Passwords –
- Code: “default password”
- Link – https://www.shodan.io/search?query=%22default+password%22