The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by MOHAMAD LUQMAN HAKIM MOHD ZAINUDIN, 2021-03-25 00:21:49

Shodan Report

Shodan Report

NTC 1062 - Network Vulnerability
Assessment

Title : Shodanhq

TTO: Ms Hairun Nisa Daud STUDENT ID
GROUP MEMBERS: NWS19010034
NO NAME NWS19010059
NWS19010052
1. Nicholas Yong Zhen Qi NWS18070061
2. Luqman Hakim Bin Mohd Zainudin
3. Muhammad Syahmi Bin Raim
4. Muhammad Daniel Haiqal bin Zin Azran

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Table of Contents

Introduction....................................................................................................................................... 2
Objective............................................................................................................................................ 3
Basic Usage ...................................................................................................................................... 4

Using filters .................................................................................................................................... 6
Search Examples ........................................................................................................................... 7
Use cases ...................................................................................................................................... 7
Combining filters ............................................................................................................................ 8
Advanced Usage............................................................................................................................ 8
Conclusion ........................................................................................................................................ 9
References ...................................................................................................................................... 10

1|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Introduction

Shodan is a search engine for finding specific devices, and device types, that exist online.
The most popular searches are for things like webcam, linksys, cisco, netgear, SCADA,
etc. It works by scanning the entire Internet and parsing the banners that are returned by
various devices. Using that information, Shodan can tell you things like what web server
(and version) is most popular, or how many anonymous FTP servers exist in a particular
location, and what make and model the device may be.

2|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Objective

The objective of this project is to learn more about shodan in a way on how to use it and to further
our understanding about reconnaissance in chapter 2 that previously we have learnt.

3|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Basic Usage
You start by navigating to the main page, and then entering into the search field, like you
would any other search engine.
For this search, I looked for “VNC”.

4|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

From there you can pivot to a few key areas in the results. Starting on the left sidebar,
we see a good amount of summary data:
 Results map
 Top services (Ports)
 Top organizations (ISPs)
 Top operating systems
 Top products (Software name)
Then in the main section we get the full results list, including:

 IP address
 Hostname
 ISP
 When the entry was added to the database
 The country it’s located in
 The banner itself

5|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Then, for even more information you can click details, which takes you into that host itself:

Here you see the data about the host on the left, the list of ports that were found at the top
right, and then the individual port details and banners from each port as you go down the
page. It’s a clean layout.
Using filters
As with any search engine, Shodan works well with basic, single-term searches, but the
real power comes with customized queries.
Here are the basic search filters you can use:
 city: find devices in a particular city
 country: find devices in a particular country
 geo: you can pass it coordinates
 hostname: find values that match the hostname
 net: search based on an IP or /x CIDR
 os: search based on operating system
 port: find particular ports that are open
 before/after: find results within a timeframe

6|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Search Examples
You can drop the quotes sometimes, on some queries, but you often need them. I
recommend you just use them all the time, because that always works.
Find Apache servers in San Francisco = apache city: “San Francisco”
Find Nginx servers in Germany = nginx country:“DE”
Find GWS (Google Web Server) servers = “Server: gws” hostname:“google”
Find Cisco devices on a particular subnet = cisco net:“216.219.143.0/24”
So you basically have some sort of base search term you’re looking for (shown in orange)
and then you narrow down your search using the filters like we see above.
Use cases
You can use the “Explore” button on the main Shodan site to look at common searches
and results, which are illuminating. You’ll find things like:
1. Webcams
2. SCADA
3. Traffic lights
4. Routers
5. Default passwords
6. Etc.

7|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Combining filters
To combine filters, simply keep adding them on. You can also do this by clicking filters in
the left sidebar for a given result set. So if you want to search for Nginx servers in San
Francisco, that are running on port 8080, that are also running Tomcat, you could do the
following:
Apache city:“San Francisco” port:“8080” product: “Apache Tomcat/Coyote JSP engine”

Advanced Usage
Here are a few other cool things you can do with the service.
1. Data Export: You can export your results in various formats using the top menu after
you’ve performed a search.
2. Browser Search: You can configure your browser to search Shodan when you search
from the URL bar.
3. Shodan Free Account: You should create and log in to your free account when you
search, as the interface is pretty nerfed if you don’t, e.g. not being able to see host
information, etc.
4. Premium Accounts: A premium account is a one-time payment of $45 and it gives you
increased access to the API. Full details and docs are available
at https://developer.shodan.io.

8|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

Conclusion
When used properly and ethically, Shodan can be an invaluable tool to improve
vulnerability assessment and penetration testing as the IoT (Internet of Things)
continues to expand and security should no longer be considered an afterthought in
today’s connected society.

9|Page

NTC 1062 – Network Vulnerability Assessment

E LE CTRICAL E NGINE E RING D E P ARTME NT

References
1. Daniel Miessler. (July 10, 2020). A Shodan Tutorial and Primer.

https://danielmiessler.com/study/shodan/

10 | P a g
e


Click to View FlipBook Version