What is Shodan?
- Search engine for the Internet connected devices by John Matherly (@achillean).
- Probes devices on specific ports, aggregates the output and indexes aka Google for TCP banners
- Has a powerful API, Python & Ruby libraries
- Integration with Maltego, Metasploit & Armitage.
3. What’s Shodan?
• Search engine for the Internet connected
devices by John Matherly (@achillean).
• Probes devices on specific ports, aggregates
the output and indexes aka Google for TCP
banners
• Has a powerful API, Python & Ruby libraries
• Integration with Maltego, Metasploit &
Armitage.
4. Things Shodan can find
• Routers, Switches, Printers, Cameras, SCADA
gear, Power plants, Wind farms, SSH servers,
Telnet servers, Televisions, Refrigerators,
Embedded devices, Gas station pumps yadda
yadda.
• Essentially devices that are connected to the
Internet for anyone to connect and spit out
some kind of banners.
10. Shodan – Penetration Testing
• Millions of widely open devices or awfully
configured devices in the wild.
• A couple of well crafted searches & filters ==
thousands of vulnerable devices.
• Search for a combination of ports like
port:502,22(modbus & ssh).
11. Shodan – Penetration Testing
• Search for most sold devices and brand(cameras, routers) in a region,
understand the headers, craft a search query == thousands of devices with
default login.
• Panasonic: admin/12345
• Samsung Electronics: root/root or admin/4321
• Samsung Techwin (old): admin/1111111
• Samsung Techwin (new): admin/4321
• Sony: admin/admin
• TRENDnet: admin/admin
• Toshiba: root/ikwd
• Vivotek: root/<blank>
• WebcamXP: admin/ <blank>
(Default password according to portforward.com)
12. Shodan – Penetration Testing
• If you want more trouble, Government
tenders are a good place to understand what
devices are being used by them
13. Business Intelligence
• For people to empirically measure who is
using what sort of technology on the Internet.
• Shodan has amazing support for exporting
data in various formats but the feature comes
only with few $$$ tag.
14. Internet Cartography
• Some people do things for the fun!
• Pinging all MineCraft Servers:
• https://www.shodan.io/search?query=port%3A25565+
product%3A%22Minecraft%22
19. Shodan-Python
• $ easy_install shodan
• Shodan REST API is extremely powerful and
the documentation is fairly good.
• Libraries for Ruby & Node.js exist
21. Shutting The Door On Shodan
• Allow only necessary communication, Don’t put
everything on Internet just because you can, if
you run web servers on SCADA gear..
• For devices you need to put on Internet, Sanitize
banners and configure the devices properly.
• Access controls.
• Exhaustive discussion on the topic at :
http://www.manufacturing.net/articles/2013/12/shutting-the-door-on-shodan
22. (Mandatory) Caution!!
• Be extremely cautious while using Shodan.
You could find yourself doing something very
illegal without even realizing.
• For Lawyers and most Businesses there isn’t a
lot of distinction between curiosity & crime