What is Shodan?
As the world of technology constantly expands, learning how to use Shodan—a powerful search engine for the Internet of Things (IoT)—becomes vital for both cybersecurity experts and tech enthusiasts. This guide is your quick reference, providing a detailed breakdown of various search queries in Shodan. Whether you're looking to improve network security, perform research, or simply explore the countless internet-connected devices, mastering Shodan search queries is a key skill. Let’s jump into this guide to uncover the full capabilities of Shodan right from the beginning.
Why Should We Use Shodan?
Shodan is widely used for security assessments, network monitoring, and uncovering the vast array of internet-connected devices. It helps in identifying devices such as servers, webcams, routers, and more that are linked to the internet. Shodan also reveals important information about these devices, including their configuration, software details, and potential vulnerabilities.
Basic Search Queries
city:"[city name]": Find devices located in a specific city.country:"[country code]": Locate devices within a specific country.geo:"[latitude],[longitude]": Discover devices at a specific geographic location.hostname:"[hostname]": Search for devices that match a particular hostname.net:"[IP range]": Search for devices within a specific IP address range.os:"[operating system]": Filter devices based on the operating system they are running.port:"[port number]": Look for devices using a specific port number.org:"[organization name]": Identify devices linked to a certain organization.isp:"[internet service provider]": Find devices connected through a specific ISP.product:"[product name]": Search for devices running specific software or hardware products.version:"[version number]": Find devices operating a particular software or firmware version.has_screenshot:"true": Look for devices that have available screenshots.ssl.cert.subject.cn:"[common name]": Search for SSL certificates with a given common name.http.title:"[title text]": Identify web pages with a specific title.http.html:"[html content]": Search for web pages containing particular HTML content.http.status_code:[code]: Find devices returning a specific HTTP status code.ssl:"[SSL keyword]": Look for devices with specific SSL configurations or details.before:"[date]" / after:"[date]": Search for devices that were online before or after a certain date.
Specific Applications and Services
product:"[product name]": Search for devices running a particular product.
version:"[version]": Find devices operating a specific version of software.
webcam: Search for internet-connected webcams.
"default password": Find devices that are using default passwords.
"server: Apache": Search for servers specifically running the Apache web server.
ftp: Locate devices with FTP services.
"X-Powered-By: PHP/[version]": Find servers running a specific version of PHP.
iis:[version number]: Search for servers running a specific version of Microsoft IIS.
"Server: nginx": Locate devices running the Nginx server.
"MongoDB Server Information" port:27017: Find MongoDB databases exposed on their default port.
Security Vulnerabilities and Weaknesses
vuln:"[CVE-ID]": Finds security vulnerabilities associated with a specific CVE ID.
"200 OK" ssl: Searches for servers with SSL certificates that return a 200 OK response.
"Server: Apache" - "mod_ssl" - "OpenSSL": Identifies Apache servers that may not be using SSL encryption.
ssl.cert.expired:"true": Searches for devices with expired SSL certificates.
"heartbleed" vuln: Looks for vulnerabilities related to the Heartbleed bug.
http.component:"Drupal" vuln:"CVE-2018-7600": Finds Drupal sites vulnerable to a specific CVE.
"Authentication: disabled": Searches for devices where authentication is turned off.
http.title:"Index of /": Finds directories that might have open indexes.
ssl:"TLSv1": Searches for devices using the outdated TLSv1 protocol.
org:"[organization]" vuln:"[CVE-ID]": Searches for vulnerabilities within a specific organization's infrastructure.
Example Complex Queries for Shodan
os:"Linux" port:"22" "SSH" country:"JP"
Searches for Linux devices in Japan with SSH service running on port 22.
product:"Apache" version:"2.4.7" -"200 OK"
Looks for Apache servers running version 2.4.7 that do not return a 200 OK status.
city:"New York" os:"Windows" port:"3389"
Finds Windows devices with Remote Desktop Protocol (RDP) enabled in New York City.
net:"192.168.1.0/24" webcam
Searches for webcams within the IP range 192.168.1.0 to 192.168.1.255.
org:"Google" ssl cert:"expired"
Searches for expired SSL certificates on devices belonging to the organization "Google".
country:"DE" product:"MySQL" version:"5.5" "default password"
Looks for MySQL databases version 5.5 in Germany using default passwords.
"HTTP/1.1 401 Unauthorized" city:"London" port:"80"
Finds devices in London returning a 401 Unauthorized status on HTTP port 80.
"Server: Apache" -"Apache-Coyote" country:"BR"
Searches for servers in Brazil running Apache but not Apache-Coyote.
hostname:"*.edu" vuln:"CVE-2019-11510"
Finds educational institution hosts vulnerable to CVE-2019-11510.
"IIS/8.0" -"X-Powered-By" net:"205.251.192.0/18"
Searches for servers running IIS 8.0 without the "X-Powered-By" header in the specified IP range.
Conclusion
Effectively utilizing Shodan search queries can provide crucial insights into the security and configuration of internet-connected devices. It is an invaluable tool for cybersecurity experts, researchers, and tech enthusiasts. Always use Shodan responsibly and ethically, as it can reveal sensitive information and potential vulnerabilities.
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
