Quick Guide: How to Use Shodan

Quick Guide: How to Use Shodan

You may have heard about Shodan on the evening news – as the webcam search engine of choice for creeps and criminals. What doesn’t make the headlines: Its immense value as a powerful tool for cybersecurity professionals.


Does your business depend on remote workers connecting from home? Then IT may have opened Remote Desktop Protocol (RDP) to the internet. Many system administrators rely on RDP to perform remote maintenance.

The catch: web-borne attacks rely on it, too.

Case in point:, the “the world’s first search engine for internet-connected devices,” reports that of 70,000 devices it recently scanned using RDP, 8% remain wide open to the BlueKeep vulnerability baked into older Windows versions.

Think of it as the tip of the WFH exploit iceberg, because professional threat hunters use the Shodan search engine as their threat “radar” way beyond RDP. A new Flash Report by Authentic8 – titled What is Shodan? – now explains how your security team can leverage this tool.

How Shodan Works

In a nutshell (the Flash Report covers more details): Unlike Google, this search engine isn’t looking mainly for keywords or filetypes. Instead, it is scanning and indexing the ports and services running on devices across the net.

With Shodan, it is possible to identify nearly any internet-connected device based on the information disclosed in its service banner – the detailed public “door sign”, if you will – that the device presents to the internet. Shodan enables you to search based on a wide range of details, such as location, device types, firmware version, and much more.

Quick Guide: How to Use Shodan

What does Shodan find? You may be surprised.

Examples include industrial control systems running specific software, internet-of-things (IoT) devices like smart TVs, FTP servers with sensitive information, and even – go figure – Very Small Aperture Terminals (VSATs) on naval vessels.

Why your team may want to know? If that’s your corporate boardroom webcam, ICS/SCADA device, database, or naval vessel, you want to find out first if it is vulnerable (due to design flaws, or simply negligence) to exploit – before the bad guys do.

What also worries many CISOs and other security professionals are the vulnerabilities introduced by all the unmanaged devices connected to home WiFi networks of employees and contractors with remote access to their company’s critical data.

Spot Remote Work Exploits with Shodan

Here’s one more related fact that should give any CISO and IT security team pause. Shodan reports that the number of RDP endpoints it found has jumped from only 3 million at the start of the year – before the rapid remote access expansion in many companies – to almost 4.4 million by the end of March 2020.

How to Use Shodan: OSINT Training Video by Authentic8 

For many teams who use Authentic8’s Silo for Research (Toolbox) to ensure secure and efficient cyber threat intelligence, Shodan has become a crucial tool in protecting their organization and its remote workforce.

Why Cybersecurity Teams Use Shodan

Recently on this blog, Larry Loeb examined the plethora of – too often useless – telework-related cybersecurity advice (Remote Work: Bad Cybersecurity Advice Galore). He also added what we consider “good advice.”

Does your organization rely on remote work? You may want to add “use Shodan to find vulnerabilities” to the latter category. Not convinced yet? Check out what Techcrunch’s Zack Whittacker found on his Shodan Safari.

Mind you, that was back in 2019, before things got pandemic-bad. Nowadays, you may want to head straight over to our

Flash Report What is Shodan? [PDF] to learn more about Shodan and how to use it.

*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by Gerd Meissner. Read the original post at: