devices. This kind of information is really important for a pentester, so shodan is a great tool for passive reconnaissance.
How to use Shodan?
You can use Shodan from here. You can use shodan without login into the site, but you will be only able to see first page of the results and some filters may not be available, so it is better to create a free account and login to the site. Even the free account has a page limitation when it comes to showing results.
After login into the site you can the search bar in the home page to search. Shodan search will not complete incomplete words, it will search exactly what you type in the search box. If you type multiple words into the search box Shodan will consider words as a logical AND expression and will include only results which has all search terms.
net : filter the results to the given IP range.
hostname : filters the results to the given host name or domain.
os : filters the results by operating system.
port : filter search result by the given port.
country : filter result based on country.
city : filter result based on city.
product : filter results based on product name or vendor name.
version : filter by product or protocol version.
title : filter by html title tag content.
html : filter by content of the html body.
before/after : filter content between a time period.
org : filter results to a specific organization.
Use "!" symbol before a filter to filter-out any search result content. if you wanted to see results that does not use port 443, you can use !port:443.
you can click on the search results to view further information about your target. this will open up the next page, which will provide you information about Geo-location, public keys, open ports and services about the target.
No comments:
Post a Comment