Keynote – Shodan for Pentesting –
Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in finding computers running a certain piece of software (such as Apache)? Or if you want to know which version of Microsoft IIS is the most popular? Or you want to see how many anonymous FTP servers there are? Maybe a new vulnerability came out and you want to see how many hosts it could infect? Traditional web search engines don’t let you answer those questions.
The Session Initiation Protocol (SIP) is used for Voice over IP communications and is now being indexed by Shodan. Search the data to see what VoIP products are out there.
Shodan API for Developers
Learn how to access Shodan, Exploit DB and Metasploit information using a web-based API. Libraries are available in Python, Perl and Ruby, head on over to the Shodan API documentation for tutorials on how to get started.
Find servers based on supported ciphers and various SSL criteria (version, protocol, issuer etc.). SHODAN doesn’t just grab the banner and certificate for HTTPS, it also performs an in-depth SSL scan to identify which ciphers the server accepts and rejects. * Requires the HTTPS add-on
SHODAN grabs the system description from SNMP services and makes it available for searching.
Most devices have switched to SSH for secure remote access, there remain a surprising amount of Telnet services running. This is an on-going survey to locate the last of them on the internet and find out more about where they’re located and what infrastructure they’re powering. * Requires the Telnet add-on
Still in the experimental stages, see the latest data as it comes in to SHODAN. It provides a real-time feed of port 80 data alongside other relevant information from external security sources. » View now
This optional feature automatically stores and lets you bookmark your search queries alongside the summary information (total # results, country breakdown). Great for keeping track of search results or saving interesting queries for later.