When you want to find something on the internet, you quickly pull up Google, bing, duckduckgo or whatever search engines you may use...right? 👌
If you wish to find someone on the internet, you go to Meta, TikTok, Twitter and many other social spaces and #socialmedia where people have profiles and interact. 💁♀️
But what if you wish to find a device...say...a router, webcam, some server. The question you have, to frame it better, is how do you search the internet of things?
SHODAN 🤷♂️
What is Shodan?.....Shodan is often referred to as "The World's Most Dangerous Search Engine". Developed by John Matherly, 🤖 it grabs the banner of every IP address on the planet and then indexes the information from the banner.
🕵️ Shodan is a wonderful resource for finding unprotected web cams, SCADA/ICS sites, and the Internet of Things (IoT). In this post, I will help you learn more about using Shodan for pentesting.
So lets get started 💪...
👉 Go to https://www.shodan.io
🧐The first step in using Shodan is to register an account. You can use Shodan without registering, but the capabilities are very limited. A basic account is free, so let's register and try some searches 🥳
Click on "Explore" in the top menu bar and it will open a page as seen in the screenshot below 👇
At the center of this screen you can see "Popular Tags" searches. The very first is "Webcam". It's important to note here that each type of web cam, generally, will have unique search parameters. On the left you can see Job Boards, Miners, even apple airplay devices as well as door/lock controls and industrial systems 😲.
You can access SCADA ICS systems, routers, servers, phones, smart tvs, webcams, CCTVs, databases etc. Explore this page by yourself to look through devices you can find.
Remember ✋, we are searching by the banner information and what identifies it as a web cam is usually its unique name given by the manufacturer i.e. 👇
Searching stuff with SHODAN
We can search an IP address, manufacturing companies like Hikvision or TP-link, and we can constraints/parameters to the search just as in Google. Some of these parameters are searching by country, city, geo-coordinates
Below, you can see the key terms that Shodan will accept and filter by. The syntax is simple in the format;
<keyword>:
city: find devices in a particular city
country: find devices in a particular country
geo: you can pass it coordinates
hostname: find values that match the hostname
net: search based on an IP or /x CIDR
os: search based on operating system
port: find particular ports that are open
before/after: find results within a timeframe
Lets use an example;
We will search for IOTs in Kenya (Internet facing devices in Kenya). On the search box, type " country:'KE' ". Hit Search 👇
🤌 170,827 search results appear 💫 but read carefully the search results. Did you see?
Universities, Corporations, telecomms, (if you are lucky) Embassies and National government systems appear.
Dont be scared, click on the 41.89.194.31-Maseno University, you will land on the page like the screenshot below 👇
You can see a lot of information on the device;
First, its a Cisco router.
Second, It has 4 ports open; 23, 69, 443 and 4786
Third, the service running on each of the ports: PS you can ggoogle ports and the services they run.
Fourth, Location country, city, the organisation and even and ASN number.
Now lets foul around abit, this is totally legal 👮. Copy that IP address and paste it on the URL of a new tab. VOILA! 👇
To explain what you are looking at 👆, this is a login page into the Maseno University Cisco router. Cisco doesnt have default login credentials and require them to be changed at setup. 💣 💣However, hear me out, this allows a malicious entity to perhaps bruteforce or use a basic phishing campaign to acquire legitimate login credentials. By this router being internet-facing it increases the attack surface by exposure to the public💀💀.
On the next blog post we will look at webcams and combining searches to narrow down the search results e.g CCTVs in Nairobi or Nyeri...😈
Thank you for your time, Please signup to not miss a single post and to offer feedback and comment here. Have a good one and i will see you in the next one below...👋 👊 💪
PART 2: 👇 👇 👇 👇 👇 👇 👇 👇 👇
