SlideShare a Scribd company logo

shodan.pptx

Download as PPTX, PDF
D
DeepP7

showdan

Engineering
1 of 10
By Collin Donaldson
What is it? • Shodan is a search engine that allows you to look for devices connected to the internet using service banners. • When you connect to a server listening on a given port, the server (usually) responds with a service banner. • Service Banner: A block of text about the given service being performed.
The How • Shodan uses a technique called “Banner Grabbing” • Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. • Indexes banners instead of web content • Admins can use it to keep tabs on the services and systems on their networks • Hackers can use it to expose potential targets
Potential Targets • Routers • Webcams • SCADA systems • Traffic Lights • Note: Be careful what you try to access!
Service Banner Example We now have the HTTP, Server (Boa is a lightweight server for embedded systems such as Androids), and the default password.
Getting Started: Create an Account
Familiarize Yourself • Shodan has similar features and functionality to other search engines, but the searches are quite different • Check out “popular searches” for some starting tips • You can filter by banner type, port, OS, country, latitude/longitude, etc. • Example: cisco country:IN port:5060 net:125.63.65.0/24 • Result on next Slide
Citycom Networks Pvt, New Delhi, India
Some Useful Search Terms • Use net:your.ip.add.ress o r net:your.ip.add.0/24 to pen-test your own network • "iis/5.0“ for Internet Information Services • Network/Company Type names (“Cisco”, “Apache”, “Telnet”, etc.) • Search software for your type of target (i.e. “webcamxp” is common webcam software).
User Authentication • Some servers require authentication • Use lists of common default usernames and passwords such as http://www.phenoelit.org/dpl/dpl.html • You could also use more advanced tools like Cain and Abel if you really want to break a password.

Recommended

Footprint basics
Footprint basicsFootprint basics
Footprint basics
penetration Tester
 
Server operating system
Server operating systemServer operating system
Server operating system
Tapan Khilar
 
Playing with shodan
Playing with shodanPlaying with shodan
Playing with shodan
decode _dev
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testing
devanshdubey7
 
Cloud description
Cloud descriptionCloud description
Cloud description
thanuambika
 
BITM3730 11-22.pptx
BITM3730 11-22.pptxBITM3730 11-22.pptx
BITM3730 11-22.pptx
MattMarino13
 
Networking Best Practices for Your Serverless Applications
Networking Best Practices for Your Serverless ApplicationsNetworking Best Practices for Your Serverless Applications
Networking Best Practices for Your Serverless Applications
Chris Munns
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
Mark John Lado, MIT
 

Recommended

Footprint basics
Footprint basicsFootprint basics
Footprint basics
penetration Tester
 
Server operating system
Server operating systemServer operating system
Server operating system
Tapan Khilar
 
Playing with shodan
Playing with shodanPlaying with shodan
Playing with shodan
decode _dev
 
Automated tools for penetration testing
Automated tools for penetration testingAutomated tools for penetration testing
Automated tools for penetration testing
devanshdubey7
 
Cloud description
Cloud descriptionCloud description
Cloud description
thanuambika
 
BITM3730 11-22.pptx
BITM3730 11-22.pptxBITM3730 11-22.pptx
BITM3730 11-22.pptx
MattMarino13
 
Networking Best Practices for Your Serverless Applications
Networking Best Practices for Your Serverless ApplicationsNetworking Best Practices for Your Serverless Applications
Networking Best Practices for Your Serverless Applications
Chris Munns
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
Mark John Lado, MIT
 
SHODAN search Engine
SHODAN search EngineSHODAN search Engine
SHODAN search Engine
Yash Diwakar
 
Android OS and its Features
Android OS and its FeaturesAndroid OS and its Features
Android OS and its Features
Harshad Lokhande
 
Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
Amazon Web Services
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
RajeshP153
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
Jyoti Yadav
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
Harry Essel
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Rohith Shankar
 
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech TalksDeep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Amazon Web Services
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
martinvoelk
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hosting
imrose khan
 
Forefront UAG
Forefront UAGForefront UAG
Forefront UAG
James Tramel
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
Amazon Web Services
 
Internet
InternetInternet
Internet
jana_bhuva
 
Web Browsers.pptx
Web Browsers.pptxWeb Browsers.pptx
Web Browsers.pptx
HariomMangal1
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web Fendamentals
Hiren Mistry
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014
Uri Cohen
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
AmitDeshai
 
Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.ppt
amrabdallah9
 
handbook on reinforce concrete and detailing
handbook on reinforce concrete and detailinghandbook on reinforce concrete and detailing
handbook on reinforce concrete and detailing
AshishSingh1301
 

More Related Content

Similar to shodan.pptx

Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech TalksDeep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Amazon Web Services
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
raniseetha
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
AmitDeshai
 

Similar to shodan.pptx (20)

SHODAN search Engine
SHODAN search EngineSHODAN search Engine
SHODAN search Engine
 
Android OS and its Features
Android OS and its FeaturesAndroid OS and its Features
Android OS and its Features
 
Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416Hack proof your aws cloud cloudcheckr_040416
Hack proof your aws cloud cloudcheckr_040416
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Eba ppt rajesh
Eba ppt rajeshEba ppt rajesh
Eba ppt rajesh
 
1. web technology basics
1. web technology basics1. web technology basics
1. web technology basics
 
Week two lecture
Week two lectureWeek two lecture
Week two lecture
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech TalksDeep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
Deep Dive on Lambda@Edge - August 2017 AWS Online Tech Talks
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hosting
 
Forefront UAG
Forefront UAGForefront UAG
Forefront UAG
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
Internet
InternetInternet
Internet
 
Web Browsers.pptx
Web Browsers.pptxWeb Browsers.pptx
Web Browsers.pptx
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web Fendamentals
 
Internet terminologies
Internet terminologiesInternet terminologies
Internet terminologies
 
Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
 

Recently uploaded

Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..
MaherOthman7
 
Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...
IJECEIAES
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
Alexander Litvinenko
 
electrical installation and maintenance.
electrical installation and maintenance.electrical installation and maintenance.
electrical installation and maintenance.
benjamincojr
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating System
Sampad Kar
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
drjose256
 

Recently uploaded (20)

Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.ppt
 
handbook on reinforce concrete and detailing
handbook on reinforce concrete and detailinghandbook on reinforce concrete and detailing
handbook on reinforce concrete and detailing
 
Software Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdfSoftware Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdf
 
Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..
 
Basics of Relay for Engineering Students
Basics of Relay for Engineering StudentsBasics of Relay for Engineering Students
Basics of Relay for Engineering Students
 
Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2
 
Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, Functions
 
5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
Geometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfGeometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdf
 
electrical installation and maintenance.
electrical installation and maintenance.electrical installation and maintenance.
electrical installation and maintenance.
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating System
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
 
NO1 Best Powerful Vashikaran Specialist Baba Vashikaran Specialist For Love V...
NO1 Best Powerful Vashikaran Specialist Baba Vashikaran Specialist For Love V...NO1 Best Powerful Vashikaran Specialist Baba Vashikaran Specialist For Love V...
NO1 Best Powerful Vashikaran Specialist Baba Vashikaran Specialist For Love V...
 

shodan.pptx

  • 2. What is it? • Shodan is a search engine that allows you to look for devices connected to the internet using service banners. • When you connect to a server listening on a given port, the server (usually) responds with a service banner. • Service Banner: A block of text about the given service being performed.
  • 3. The How • Shodan uses a technique called “Banner Grabbing” • Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. • Indexes banners instead of web content • Admins can use it to keep tabs on the services and systems on their networks • Hackers can use it to expose potential targets
  • 4. Potential Targets • Routers • Webcams • SCADA systems • Traffic Lights • Note: Be careful what you try to access!
  • 5. Service Banner Example We now have the HTTP, Server (Boa is a lightweight server for embedded systems such as Androids), and the default password.
  • 7. Familiarize Yourself • Shodan has similar features and functionality to other search engines, but the searches are quite different • Check out “popular searches” for some starting tips • You can filter by banner type, port, OS, country, latitude/longitude, etc. • Example: cisco country:IN port:5060 net:125.63.65.0/24 • Result on next Slide
  • 8. Citycom Networks Pvt, New Delhi, India
  • 9. Some Useful Search Terms • Use net:your.ip.add.ress o r net:your.ip.add.0/24 to pen-test your own network • "iis/5.0“ for Internet Information Services • Network/Company Type names (“Cisco”, “Apache”, “Telnet”, etc.) • Search software for your type of target (i.e. “webcamxp” is common webcam software).
  • 10. User Authentication • Some servers require authentication • Use lists of common default usernames and passwords such as http://www.phenoelit.org/dpl/dpl.html • You could also use more advanced tools like Cain and Abel if you really want to break a password.