Shodan

Shodan Overview Shodan can be used to search many online devices based on software, geography, operating system, IP address, and more. You can use the search engine directly http://www.shodanhq.com You can also change your browser search engine to search Shodan directly from the browser Firefox Chrome The screenshot shows example search results:

Shodan Overview Typical search engines crawl for data on web pages and then index it for searching SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching The different filters available to search Shodan are: IP address, hostname, port, latitude and longitude, operating system, city, country, and device data. Michael “theprez98” Schearer DefCon18

Shodan Overview Rather than locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners Optimizing search results requires some basic knowledge of banners Regular Expressions are also convenient tools for searching on SHODAN Michael “theprez98” Schearer DefCon18

Shodan Credits Each credit will export up to 10,000 results

Press Coverage

How is Shodan being used? According to a CNN Money article, “typical users include: Penetration testers, security professionals, academic researchers and law enforcement agencies” Cybercriminal activity Generally used as a starting point For example: finding unprotected servers to upload rootkits. For more intensive activity, cybercriminals have access to various other, more useful, tools http://money.cnn.com/2013/04/08/technology/security/shodan/index.html

SHODAN Impact University of Arizona Printer and router settings could be located. No authentication protocols were being used Simply possessing the IP address was sufficient

Security cameras at ASU can be accessed by searching for a specific security cam server. All cameras on this server were unprotected. (Server:gen5th/1.35.00) Details of security procedures and location of security devices can be used maliciously by attackers. SHODAN Impact

Gathering From Shodan Python Scripts can be made to quickly save query data from shodan. Reusing code from already existing scripts is helpful

Accessing Shodan

Accessing Shodan via Python The Shodan API allows search engines access through Python and Ruby Shodan has Python and Ruby library information available A complete tutorial can be found at: https://developer.shodan.io/ In this tutorial, we show how to access Shodan via Python. 1) Obtain an API key Register an account (or use existing Google/Facebook/Twitter accounts) at: http://www.shodanhq.com/account/register Click on the create API key in the right column of the Shodan home page. Your API key will be located here.

Accessing Shodan via Python 2) Install Python and Shodan API library. Download python version 2.7.6 at http://www.python.org/download/ Be sure to get version 2.x (currently 2.7.6) NOT 3.x Download “easy_install” program at https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py Run the above python script first, then add %PYTHON_HOME%\Scripts as PATH environment variable in your OS. In command line mode, type:

Accessing Shodan via Python 3) Write Python programs to do searches in Shodan. The following code snippet shows how to execute a search query and extract information from the search results. In addition to “ip” and “data” shown in this example, you can also access “country”, “hostnames”, “os”, “port”, “updated”, etc. from the search results. For a complete documentation, see: https://developer.shodan.io/

Other Downloads Depending on the version of Python and the Shodan API version downloaded, simplejson may need to be installed. https://pypi.python.org/pypi/simplejson/ The Shodan install may also be completed by downloading the .tar.gz file at the link below, then install via the command line. https://pypi.python.org/pypi/shodan/1.0.1 When in doubt, there is generally a tutorial available to help you out

In Browser Searching (non scripted) Firefox 1. Click on the down pointing arrow in the search box in the upper right hand corner of your screen 2. Scroll down and select “Search Using Shodan” This should become visible after you have been to the shodan site. Chrome 1. Click on the three horizontal bars in your browser’s upper right hand corner. When you hover over this it says “Customize and Control Google Chrome” 2. Click on settings 3. Scroll down to the Search section and click the “Manage search engines…” button 4. At the bottom it will say “Other search engines”, insert the following 5. You will have to select it as the default to get it to appear in the upper box with the rest of the available search engines - Once it is listed with the rest, you can reselect your default search engine.

Useful Links SHODAN www.shodanhq.com Python (2.7.6 Documentation) http://docs.python.org/2/ SHODAN API Documentation (as well as banner specifications) https://developer.shodan.io/api/requirements Python API Documentation https://developers.shodan.io/python/index.html Regular Expressions (comprehensive) http://www.regular-expressions.info/ Regular Expressions (shorter page) https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions