Shodan and IoT: The Problem is here!

Shodan a search engine which collects the information about all IPv4 and IPv6 devices connected to the internet and gives us the ability to search devices using filters that can be very sophisticated. It can search by OS Type, Server Banner, Geolocation, and has even an API for developers, which we will discuss later.

This can be possible because of the banners that Shodan can get by scanning the connected devices. It is a little bit like what we can get using a scanner such as nmap or Nessus.

Figure 1: Example of scanning result from NMAP

Figure 2: Example of a search result from Shodan

The simplest way to use Shodan is with the web interface. Yes, there is also a CLI that can be used from a Linux-based OS or via an API in multiple programming languages. We will discuss this in further articles.

Figure 3: Shodan search field

The initial results will only show us the information present in the banners related to the specified keyword, but we can also search using filters, which makes our search more efficient.

To obtain more information about the targets, we must click on details.

Figure 4: Search result sample

By clicking on details, we can see more information about open ports, services, content of banners, or metadata.

Figure 5: Metadata of a potential target

Figure 6: Open ports related to our potential target

Figure 7: Banners of services related to our potential target

We can also go deep using filters that Shodan provides us, such as country, port, city, or OS.

Here are some examples of filters that we can use:


Figure 8: Filters that Shodan provides

Here are some search examples using filters:

  • By City: city: “Paris”

Figure 9: Search result using the ‘city’ filter

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Kondah Hamza. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/wk3dzPKUKd8/