7 Steps to Start Searching with Shodan
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
August 29, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt9d7e3e67ee22e302/64f0d52f523617f7d6948984/Image_1.jpg?width=700&auto=webp&quality=80&disable=upscale)
In the toolkit carried by hackers under any shade of hat, a search engine has become an essential component. Shodan, a search engine built to crawl and search Internet-connected devices, has become a go-to for researchers who want to quickly find the Internet-facing devices on an organization's network.
With skilled use, Shodan can present a researcher with the devices in an address range, the number of devices in a network, or any of a number of different results based on the criteria of the search.
There are many ways to approach Shodan, but the following seven steps will get you started in the right direction. Have you already begun with Shodan? Are you a Shodan ninja? What tips do you have for beginners? Share your thoughts in the comments.
(Image: Shodan)
John Matherly, who developed Shodan (which he released in 2009), also wrote an e-book about it. "The Complete Guide to Shodan" is a useful reference for understanding and getting the most out of the search engine. For instance, Matherly's book explains precisely what Shodan's crawlers do and how they do it. This is important for understanding what the search engine can and cannot do.
The book also explains how to build multipart queries and, in an appendix, lists all of the filters available for searching. In Shodan, the filter is quite powerful, enabling a search to become very specific along a variety of different axes. Most of what's in the book is available from other sources as well, but the low-cost e-publication provides a handy way of having all the information in a single place within your electronic reference shelf.
It's possible to go to the shodan.ai website and enter a search term, get results, and feel good to go. For many security purposes, though, tying Shodan to part of the security infrastructure through API calls will dramatically increase the search engine's power and usefulness.
Through the API, Shodan results can be fed directly into security information and event management systems and other security analytics engines to bolster the data set used for network defense. Search results can be fed into the systems in a variety of different formats, from .XLS up to the "firehose" of constantly streamed live data.
Shodan provides API calls in a number of different languages and frameworks. In addition, many different API use examples are available on Github and in online forums that can serve as the basis for applications and glue apps that tie Shodan to other products. One place to get started is with the series of tools by Bishop Fox, which includes ShodanDiggity as part of the SearchDiggity kit.
While Shodan is powerful, it's not the same as a standard search engine, such as Bing or Google. For example, if you're looking for a quote from a 19th century author, Shodan's not your tool. That's why the combination of Shodan and another browser can be especially powerful.
How would you use two browsers together? Well, if you're beginning your journey as a pen tester, it might go something like this: You've turned to Shodan to search for a particular device. Let's say you've become specific and searched for a particular manufacturer and model. And you've narrowed down the physical location and IP range to your target system. Now you use Google to search for the default user name and password for that device. Once found, you see whether the target has passed "Basic Security 101."
The real point is that there are many different types of information to be found about IoT devices, and Shodan can't find all of them. It's a powerful tool but not the only tool you should have in your kit.
In the toolkit carried by hackers under any shade of hat, a search engine has become an essential component. Shodan, a search engine built to crawl and search Internet-connected devices, has become a go-to for researchers who want to quickly find the Internet-facing devices on an organization's network.
With skilled use, Shodan can present a researcher with the devices in an address range, the number of devices in a network, or any of a number of different results based on the criteria of the search.
There are many ways to approach Shodan, but the following seven steps will get you started in the right direction. Have you already begun with Shodan? Are you a Shodan ninja? What tips do you have for beginners? Share your thoughts in the comments.
(Image: Shodan)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024