Shodan was Launched on the 23rd of november. Shodan has been brought to us by John Materly.
Shodan stands for Sentient Hyper-Optimized Data Access Network. In plain English, it means that it is a search engine for servers, routers, load balances, computers: basically any Internet facing device that can be port scanned. Why is this dangerous? This is because Google looks at the web content only where as, Shodan can show you in plain text the network part of the host. For example, you were to find a zero day for say a Apache version and you want to enumerate as many hosts possible. You could simply run this query and find as many hosts as possible!
As with Google search parameters – “inurl”, “site”, etc., Shodan also supports the following search parameters:
For example, you would like to search for a certain country range. You run this queryand get the desired results. On one of our attempts, we were presented with the following:
HTTP/1.1 200 OK
Date: Sat, 01 Aug 2009 03:16:27 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch4 mod_perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/4.4.4-8+etch4
Connection: close
Content-Type: text/html; charset=ISO-8859-1
So, you can see it gave us many vectors that can be attacked! Right from the OS, to the software version installed to the system time!
If you happen to use FireFox, you will be glad to know that developers have already made it an easy job for you by creating add-on’s and search engine preferences. These can be accessed at:
Shodan Helper: A user-friendly interface to SHODAN search filters (country, hostname etc.). Install here.
SHODAN Search Provider: Adds a search provider in FireFox to search with. Install ithere.
There are a lot more search queries which have been posted here at Praetorian Prefect.
Enough said. Get to the search engine here!
In the next post we will be posting dorks of shodan. Here is the link ofShodan Dork and Queries.
Shodan stands for Sentient Hyper-Optimized Data Access Network. In plain English, it means that it is a search engine for servers, routers, load balances, computers: basically any Internet facing device that can be port scanned. Why is this dangerous? This is because Google looks at the web content only where as, Shodan can show you in plain text the network part of the host. For example, you were to find a zero day for say a Apache version and you want to enumerate as many hosts possible. You could simply run this query and find as many hosts as possible!
As with Google search parameters – “inurl”, “site”, etc., Shodan also supports the following search parameters:
- country:2-letter country code
- hostname:full or partial host name
- net:IP range using CIDR notation (ex: 18.7.7.0/24 )
- port:21, 22, 23 or 80
For example, you would like to search for a certain country range. You run this queryand get the desired results. On one of our attempts, we were presented with the following:
HTTP/1.1 200 OK
Date: Sat, 01 Aug 2009 03:16:27 GMT
Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch4 mod_perl/2.0.2 Perl/v5.8.8
X-Powered-By: PHP/4.4.4-8+etch4
Connection: close
Content-Type: text/html; charset=ISO-8859-1
So, you can see it gave us many vectors that can be attacked! Right from the OS, to the software version installed to the system time!
If you happen to use FireFox, you will be glad to know that developers have already made it an easy job for you by creating add-on’s and search engine preferences. These can be accessed at:
Shodan Helper: A user-friendly interface to SHODAN search filters (country, hostname etc.). Install here.
SHODAN Search Provider: Adds a search provider in FireFox to search with. Install ithere.
There are a lot more search queries which have been posted here at Praetorian Prefect.
Enough said. Get to the search engine here!
In the next post we will be posting dorks of shodan. Here is the link ofShodan Dork and Queries.
0 comments:
Post a Comment