Shodan is a search engine that allows the user find specific types of computers connected to the internet using a kind of filters. In their own words, it is the world’s first computer search engine, often dubbed as the search engine for hackers. We can use Shodan to find different types of information about a target.
Let’s do a search on web servers running Microsoft IIS running version 7.0 through Shodan:
Shodan presented us with a page listing entries it has in its database. Shodan provides a very decent and useful way to filter our result by the following criterion:
– TOP COUNTRIES
– TOP SERVICES
– TOP ORGANIZATIONS
– TOP OPERATING SYSTEMS
– TOP PRODUCTS
On Friday 12 May 2017 a large ransomware (WannaCry) attack was started targeting more than 200,000 computers worldwide, including businesses such as banks, hospitals and large telecom companies. One of the primary infection techniques of this ransomware is by exploiting a newly patched Microsoft Windows SMB vulnerability (MS17-010). Once this ransomware becomes on a network, it exploits the windows vulnerability in order to spread into the network and infect other computers. Let us do a search and find out the computers that running SMB (port 445).
There we go! There is the list of computers running the SMB service.
Shodan is a search engine for discovering specific devices, and device types, that live online. The most popular searches are for things like webcam, linksys, cisco, netgear, SCADA, etc.
It runs by scanning the whole Internet and parsing the banners that are returned by several devices. SHODAN use this information to tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a unique location, and what make and model the device may be.