SHODAN- the most dangerous search engine on the Internet

SHODAN- the most dangerous search engine on the Internet (The search engine for the Internet of Things)
WHAT IS SHODAN?
" The search engine for the Internet of Things "
Shodan (sentient hyper-optimized data access network) is powerful and easy to use search engine to find information on internet-connected devices. shodan features a good interface to search and identify the connected servers or computers, webcams, alarms, air conditioning, smart tv and devices affiliated to the Internet by "Ports" and "Products" famous hardware and software models. White hat hackers and penetration testers community use it to monitor network security and find vulnerable devices. On the other side blackhat hackers use it for attack using exploits in vulnerable targets. Believe me it's very easy to find vulnerable targets on shodan. In one-click shodan will show you a sheer amount of useful information.

SHODAN WORKING STRATEGY
  •  Generate a random IP address
  •  Scan in real-time for internet enable devices with country or location.
  •  Query a supported port.
  •  Check the current IP address on port
  •  Catch the service banner

PORT'S THAT SHODAN SCANS
RTSP, SIP, SMTP, SNMP, TELNET, IMAP, SIP, SSH, FTP, HTTPS/HTTP

THE WAY TO USE SHODAN
You can also use it without registration but if you want to register you can follow these stapes.
  •  Go to shodan website at https://www.shodan.io/
  •  Click on "create a free account".
  •  Enter username, email address, and password, then click on "create".
  •  Shodan will send you a verification mail.
  •  Open the verification mail and click on the URL provided to activate your account.
  •  Then the account verification screen opens during a new window of your browser.
  •  log in to shodan with your username and password.
  •  Click on search to execute your search. 


USE OF EXPLORE BUTTON
On the main shodan site there is an explore button by use of it you can explore common searches and results.
You'll find results like:
  •  Traffic lights
  •  Webcams
  •  Routers
  •  Default passwords
  •  SCADA
  •  Etc
Also you can use shodan commands in the search bar for more specific and good results.

BASIC SHODAN COMMANDS
  • Hostname: Function to specify the domain as an example "hostname:gob.ve".
  • Geo : This function is used to specifically search for an area using longitude and latitude.
  • Country: Specify the country as an example we would have "country:ve".
  • Vul: Function to search for such vulnerability.
  • Server: Search for server type example "Server:Apeche".
  • Title: Is the server title those tagged <title>.
  • Org: Search for the organization of an example network "Org:Cantv".
  • Port: Searching for ports as an example "Port:4300".
  • Model: You can search for the model of a hardware or software.
  • Os: search based on the operating system.
  • Net: search based on an IP or /x Classless Inter-Domain Routing (CIDR)
  • City: find devices in a particular city.

TIPS TO PROTECT YOUR DEVICE AGAINST SHODAN GRID
  •  Don't use default configurations like username, passwords, SSID.
  •  Disable remote management features on your routers.
  •  Use https on your devices and multi-factor authentication.
  •  Connect your devices only that network you really need to be connected.
  •  Keep your device's software and operating system up to date. 
  •  Disable port forwarding in your router. 

CONCLUSION:- This article is all about shodan if you have any queries feel free to ask in the comment section.

Post a Comment

© HACKERHELD. All rights reserved. Distributed by hackerheld