top of page
Search
Writer's pictureThomas Heverin

Shodan for Ethical Hacking: Five Tips in Five Minutes




This entry is the first of a series of blog entries in which we highlight a free ethical hacking tool within five minutes and provide five easy things to do with the tool.


Five-Minute Overview


Shodan is a search engine for Internet-connected devices. Using Shodan, you can find all types of devices across the world including printers, gaming servers, building automation systems, security cameras, network storage devices, and more. In ethical hacking projects, we often start off with a tool like Shodan.


Shodan grabs banners (that contain data about devices) and populates its database with the banner data. When you search in Shodan, you are searching the Shodan database.


Shodan is often called the “Google for Hackers.” If you do searches on Google, you can easily do searches in Shodan! Make sure to use the correct Shodan search syntax in your searches.


Anyone can create a free account. If you use a .edu email account you get unlimited searching and results. If you use a non-.edu email account you will face daily limits on searches and results. Create a free account and try the tips below!

Five Tips

  1. Enter “printer” to do a general search to see how many printers Shodan finds across the world.

  2. Scroll through the results to look at the data that Shodan grabbed about the printers; each individual result is represented by an IP address.

  3. On the left-hand side of the main search results page, check out the top countries, top ports, top products etc.

  4. One way to narrow down a general search is to replace the general term (such as "printer") with specific name of a printer (such as Canon or Lexmark or JetDirect).

  5. Click on one specific result to view more detailed information about that result (like ports found open in the blue boxes, hostnames, location, organization and more)

A great way to learn more about Shodan is to play around with different searches and to follow your curiosity. And of course the best way to learn is to get cybersecurity coaching via GLC!


Remember to hack ethically. You can’t try to log onto a device or change settings of a device without permission for the organization under review. Enjoy your searching!



26 views0 comments

Yorumlar


Yorumlara kapatıldı.
bottom of page