Shodan- That Device Search Engine
-
Upload
inmobi-technology -
Category
Technology
-
view
394 -
download
13
Transcript of Shodan- That Device Search Engine
![Page 1: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/1.jpg)
That device search engine
![Page 2: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/2.jpg)
Shameless ripoff of xkcd.com/1385/
![Page 3: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/3.jpg)
What’s Shodan?
• Search engine for the Internet connected devices by John Matherly (@achillean).
• Probes devices on specific ports, aggregates the output and indexes aka Google for TCP banners
• Has a powerful API, Python & Ruby libraries
• Integration with Maltego, Metasploit & Armitage.
![Page 4: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/4.jpg)
Things Shodan can find
• Routers, Switches, Printers, Cameras, SCADA gear, Power plants, Wind farms, SSH servers, Telnet servers, Televisions, Refrigerators, Embedded devices, Gas station pumps yaddayadda.
• Essentially devices that are connected to the Internet for anyone to connect and spit out some kind of banners.
![Page 5: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/5.jpg)
Cameras == Boring
![Page 6: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/6.jpg)
Search Filters
• Country, City, Long & Lat(Geo)
• Hostname, OS, Port, Network(Net).
• Time frame(After/Before).
• SSL but only for $$$.
![Page 7: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/7.jpg)
Applying Shodan?
»Penetration Testing
![Page 8: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/8.jpg)
Applying Shodan?
»Penetration Testing
»Business Intelligence
![Page 9: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/9.jpg)
Applying Shodan?
»Penetration Testing
»Business Intelligence
»Internet Cartography
![Page 10: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/10.jpg)
Shodan – Penetration Testing
• Millions of widely open devices or awfully configured devices in the wild.
• A couple of well crafted searches & filters == thousands of vulnerable devices.
• Search for a combination of ports like port:502,22(modbus & ssh).
![Page 11: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/11.jpg)
Shodan – Penetration Testing
• Search for most sold devices and brand(cameras, routers) in a region, understand the headers, craft a search query == thousands of devices with default login.
• Panasonic: admin/12345• Samsung Electronics: root/root or admin/4321• Samsung Techwin (old): admin/1111111• Samsung Techwin (new): admin/4321• Sony: admin/admin• TRENDnet: admin/admin• Toshiba: root/ikwd• Vivotek: root/<blank>• WebcamXP: admin/ <blank>
(Default password according to portforward.com)
![Page 12: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/12.jpg)
Shodan – Penetration Testing
• If you want more trouble, Government tenders are a good place to understand what devices are being used by them
![Page 13: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/13.jpg)
Business Intelligence
• For people to empirically measure who is using what sort of technology on the Internet.
• Shodan has amazing support for exporting data in various formats but the feature comes only with few $$$ tag.
![Page 14: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/14.jpg)
Internet Cartography
• Some people do things for the fun!
• Pinging all MineCraft Servers:• https://www.shodan.io/search?query=port%3A25565+
product%3A%22Minecraft%22
![Page 15: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/15.jpg)
Pinging all the devices on Internet
By Matherly
![Page 16: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/16.jpg)
Industrial Control Systems on Internet
![Page 17: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/17.jpg)
Shodan Metasploit
• Available auxiliary modules.
• auxiliary/gather/Shodansearch
• 50 results by default, 10000 for a paid account
![Page 18: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/18.jpg)
Shodan Maltego
• Shodan maltego entities from https://static.Shodan.io/downloads/Shodan-maltego-entities.mtz
• Shodan seed: https://cetas.paterva.com/TDS/runner/showseed/Shodan
• 5 Transforms – searchShodan, searchShodanByDomain, searchShodanByNetblock, toShodanHost, searchExploits
• 2 Entities – Service, Exploit.
![Page 19: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/19.jpg)
Shodan-Python
• $ easy_install shodan
• Shodan REST API is extremely powerful and the documentation is fairly good.
• Libraries for Ruby & Node.js exist
![Page 20: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/20.jpg)
Shodan - Miscellaneous
• Shodan Maps
• Shodan Exploits
• Shodan Terminal
![Page 21: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/21.jpg)
Shutting The Door On Shodan
• Allow only necessary communication, Don’t put everything on Internet just because you can, if you run web servers on SCADA gear..
• For devices you need to put on Internet, Sanitize banners and configure the devices properly.
• Access controls.
• Exhaustive discussion on the topic at : http://www.manufacturing.net/articles/2013/12/shutting-the-door-on-shodan
![Page 22: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/22.jpg)
(Mandatory) Caution!!
• Be extremely cautious while using Shodan. You could find yourself doing something very illegal without even realizing.
• For Lawyers and most Businesses there isn’t a lot of distinction between curiosity & crime
![Page 23: Shodan- That Device Search Engine](https://reader034.fdocuments.in/reader034/viewer/2022052204/559f191a1a28abd7198b4598/html5/thumbnails/23.jpg)
•Questions?