Shodan is a search engine developed by John Matherly. Even though Shodan is called as a search engine it is different from content search engines like Google. While Search engines like Google crawl through the internet searching for content Shodan scans the internet for open port and grab banners from those open ports. Shodan allows users to search devices connected to internet and obtain information like open ports, services and the service versions of those
devices. This kind of information is really important for a pentester, so shodan is a great tool for passive reconnaissance.
How to use Shodan?
You can use Shodan from here. You can use shodan without login into the site, but you will be only able to see first page of the results and some filters may not be available, so it is better to create a free account and login to the site. Even the free account has a page limitation when it comes to showing results.
After login into the site you can the search bar in the home page to search. Shodan search will not complete incomplete words, it will search exactly what you type in the search box. If you type multiple words into the search box Shodan will consider words as a logical AND expression and will include only results which has all search terms.
Like Google, Shodan also provide some filters to filter the search results. You can use multiple filters at a time.
net : filter the results to the given IP range.
hostname : filters the results to the given host name or domain.
os : filters the results by operating system.
port : filter search result by the given port.
country : filter result based on country.
city : filter result based on city.
product : filter results based on product name or vendor name.
version : filter by product or protocol version.
title : filter by html title tag content.
html : filter by content of the html body.
before/after : filter content between a time period.
org : filter results to a specific organization.
Use "!" symbol before a filter to filter-out any search result content. if you wanted to see results that does not use port 443, you can use !port:443.
devices from dialog in Sri Lanka that don't have port 443 open
servers with page name admin login pages
Apache servers with version 2.2.34
devices belong to 178.23.0.0/18 network
you can click on the search results to view further information about your target. this will open up the next page, which will provide you information about Geo-location, public keys, open ports and services about the target.
No comments:
Post a Comment