Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shodan.

Published byしゅんすけ のあき Modified over 6 years ago

Similar presentations

Presentation on theme: "Shodan."— Presentation transcript:

1 Shodan

2 Shodan Overview Shodan can be used to search many online devices based on software, geography, operating system, IP address, and more. You can use the search engine directly You can also change your browser search engine to search Shodan directly from the browser Firefox Chrome The screenshot shows example search results:

3 Shodan Overview Typical search engines crawl for data on web pages and then index it for searching SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching The different filters available to search Shodan are: IP address, hostname, port, latitude and longitude, operating system, city, country, and device data. Michael “theprez98” Schearer DefCon18

4 Shodan Overview Rather than locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners Optimizing search results requires some basic knowledge of banners Regular Expressions are also convenient tools for searching on SHODAN Michael “theprez98” Schearer DefCon18

5 Shodan Credits Each credit will export up to 10,000 results

6 Press Coverage

7 How is Shodan being used?
According to a CNN Money article, “typical users include: Penetration testers, security professionals, academic researchers and law enforcement agencies” Cybercriminal activity Generally used as a starting point For example: finding unprotected servers to upload rootkits. For more intensive activity, cybercriminals have access to various other, more useful, tools

8 SHODAN Impact University of Arizona
Printer and router settings could be located. No authentication protocols were being used Simply possessing the IP address was sufficient

9 Security cameras at ASU can be accessed by searching for a specific security cam server. All cameras on this server were unprotected. (Server:gen5th/ ) Details of security procedures and location of security devices can be used maliciously by attackers. SHODAN Impact

10 Gathering From Shodan Python
Scripts can be made to quickly save query data from shodan. Reusing code from already existing scripts is helpful

11 Accessing Shodan

12 Accessing Shodan via Python
The Shodan API allows search engines access through Python and Ruby Shodan has Python and Ruby library information available A complete tutorial can be found at: In this tutorial, we show how to access Shodan via Python. 1) Obtain an API key Register an account (or use existing Google/Facebook/Twitter accounts) at: Click on the create API key in the right column of the Shodan home page. Your API key will be located here.

13 Accessing Shodan via Python
2) Install Python and Shodan API library. Download python version at Be sure to get version 2.x (currently 2.7.6) NOT 3.x Download “easy_install” program at Run the above python script first, then add %PYTHON_HOME%\Scripts as PATH environment variable in your OS. In command line mode, type:

14 Accessing Shodan via Python
3) Write Python programs to do searches in Shodan. The following code snippet shows how to execute a search query and extract information from the search results. In addition to “ip” and “data” shown in this example, you can also access “country”, “hostnames”, “os”, “port”, “updated”, etc. from the search results. For a complete documentation, see:

15 Other Downloads Depending on the version of Python and the Shodan API version downloaded, simplejson may need to be installed. The Shodan install may also be completed by downloading the .tar.gz file at the link below, then install via the command line. When in doubt, there is generally a tutorial available to help you out

16 In Browser Searching (non scripted)
Firefox 1. Click on the down pointing arrow in the search box in the upper right hand corner of your screen 2. Scroll down and select “Search Using Shodan” This should become visible after you have been to the shodan site. Chrome 1. Click on the three horizontal bars in your browser’s upper right hand corner. When you hover over this it says “Customize and Control Google Chrome” 2. Click on settings 3. Scroll down to the Search section and click the “Manage search engines…” button 4. At the bottom it will say “Other search engines”, insert the following 5. You will have to select it as the default to get it to appear in the upper box with the rest of the available search engines - Once it is listed with the rest, you can reselect your default search engine.

17 Useful Links SHODAN www.shodanhq.com Python (2.7.6 Documentation)
SHODAN API Documentation (as well as banner specifications) Python API Documentation Regular Expressions (comprehensive) Regular Expressions (shorter page)

Download ppt "Shodan."

Similar presentations

Support.ebsco.com EBSCOadmin Branding Tutorial. Welcome to the EBSCOadmin Skinning and Branding tutorial, where you will learn how to customize EBSCOhost.

Support.ebsco.com EBSCOadmin Branding Tutorial. Welcome to the EBSCOadmin Skinning and Branding tutorial, where you will learn how to customize EBSCOhost.
Holdings Management Overview

Holdings Management Overview
Excel Vocabulary.

Excel Vocabulary.
© 2011 Delmar, Cengage Learning Chapter 1 Getting Started with Dreamweaver.

© 2011 Delmar, Cengage Learning Chapter 1 Getting Started with Dreamweaver.
Customizing the MOSS 2007 Search Results November 2007 Rafael Perez.

Customizing the MOSS 2007 Search Results November 2007 Rafael Perez.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Microsoft Excel 2003 Illustrated Complete Excel Files and Incorporating Web Information Sharing.

Microsoft Excel 2003 Illustrated Complete Excel Files and Incorporating Web Information Sharing.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
® Microsoft Office 2010 Appendix A: Introduction to SkyDrive and Office Web Apps.

® Microsoft Office 2010 Appendix A: Introduction to SkyDrive and Office Web Apps.
Free Software Alternatives: Avast! Anti-virus

Free Software Alternatives: Avast! Anti-virus
Chapter 1 Getting Started With Dreamweaver. Explore the Dreamweaver Workspace The Dreamweaver workspace is where you can find all the tools to create.

Chapter 1 Getting Started With Dreamweaver. Explore the Dreamweaver Workspace The Dreamweaver workspace is where you can find all the tools to create.
New School Websites Teacher Pages. Visit the SCUSD Website for videos tutorials: www.scusd.edu/website-training-teachers For more information.

New School Websites Teacher Pages. Visit the SCUSD Website for videos tutorials: For more information.
Getting Started with Dreamweaver

Getting Started with Dreamweaver
How to Download and Install a Sharp Print Driver on a Mac.

How to Download and Install a Sharp Print Driver on a Mac.
Microsoft Windows LEARNING HOW USE AN OPERATING SYSTEM 1.

Microsoft Windows LEARNING HOW USE AN OPERATING SYSTEM 1.
“MyDAP 101” A Brief Introduction https://mydap.dau.mil January 2012 1.

“MyDAP 101” A Brief Introduction January
Web Technologies Website Development Trade & Industrial Education

Web Technologies Website Development Trade & Industrial Education
Copyright ©: 1995-2011 SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Getting online Suitable for: Beginner.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Getting online Suitable for: Beginner.
Getting Started with Application Software

Getting Started with Application Software
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

Similar presentations

Ads by Google