Slide deck for my first presentation which took place at 2600 Edinburgh.
This presentation is a fun, audience engagement piece. With members of audience guessing the tool from the web interface.
To view all slides, please download as slides include animation.
1. The Potential of the
Hacker’s Search Engine
@TheHairyJ • Jamie • 4th Yr Cyber Security at Edinburgh Napier
2. What is Shodan?
● Search engine for Internet-
connected devices
● Can be filtered to find specific
devices
● Available on Shodan.io
Matherly, J. (2016). Complete Guide to Shodan. leanpub, p.3.
Matherly, J. (2014). Inside The World's Most Dangerous
Search Engine.
3. Overview
● Using distributed, randomized,
web crawlers that run 24/7
● Utilizes stateless scanning to
increase speed of scanning
● A form of passive recon!
● Making it a great OSINT tool
4. Randomizing
1. Generate a random IPv4
address
2. Generate a random port to test
from the list of ports Shodan
understands
3. Check this address on the
given port and if successful
grab the banner
4. Goto 1
Matherly, J. (2016). Complete Guide to Shodan. leanpub
5. Stateless
Scanning*
● No waiting for handshake
SYN
● x equals hash of the recipient IP
SYN-ACK
● once receiving x + 1
● recipient does x – 1 to reveal IP
SYN Cookies/Zmap/Massscan
*Simplified
6. ● There is a delay!
● In 2014, reported multi day lag
● Timestamps can alleviate this
Latency
7.
8.
9. DISCLAIMER
The following slides showcase the extent of the unsecure internet. Slides will feature
pictures of devices. These pictures have been obtained passively by the presenter or
from other researchers’ work. No access to the devices featured has took place by
the presenter.
The presenter would like to make it abundantly clear that he is not responsible for you
being arrested, if you go actively pursuing access to devices like those featured. See
Computer Misuse Act 1990 Section 1.
The presenter would also like to make it clear, that taking publishing pictures of the
following ‘orange’ slides are at the photographers own risk.
10. How can Shodan
be used?
● “Search the Internet of Things,
perform market research and
check the external security of
your business.”
Shodan (@shodanhq) | Twitter
12. “Universities are the most insecure organizations out there”
35,792
27,607
9,574
2,352
1,154
734
252
Massachusetts Institute of Technology
University of Texas
University of Oxford
University of Edinburgh
Strathclyde University
University of Glasgow
Edinburgh Napier University
Educational Institutions Results on
Shodan
Matherly, J. (2014). Inside The World's Most Dangerous Search Engine.
13.
14. @EdinburghShodan
● Daily tweets of the total count
of devices Shodan can find in
Edinburgh .
● Also got one for Glasgow too!
what Shodan is
How it works
What it can be used for
What it can find
Where it is currently growing academically and practically
If Google and Yellow Pages had a baby that did computer stuff
Another way is to say
A population Census of the internet
Shodan is essentially a database
Uses these methods to create a database of results
Creating a passive approach
Bias
Blocking
Mean Emails
Saves Time which is important to give quality data
High Failure rate
Not the internet currently
Maybe a day or so behind
3G/4G devices
What Shodan.io looks like
Backbone
This is the output for the api too!
So if you have just finished your scripting class, or learning regex, you might want to look into this for some extra-curricualar work
This uses filtering – unable to do so unless you have an account. But don’t fret! Shodan is free if you have an ac.uk or any educational email address.
Answers:
1 - iKettle
2 – CSGO Servers
3 – Minecraft Servers
4 – Mongolian MongoDBs
5 - Evil Corp servers from Mr Robot
6 – VoIP
7 – University of Glasgow
3 – Area 51
Fringe drop / School term increase
UK
Western Europe
French Cities
German Cities
US Cities
1 – Printer
2 – RDP
3 – Pub Camera
4 – House Camera
5 – Shop Camera
6 – Weed Grower
7 – PLC/Air Con/ Vent/ Temp
8 - ? Best answer wins
9 – Fluid Mgmt System(Pool)
10 – Butchers
11 – Cinema
12 – Train Toyset
13 – Xray
14 – French Hydro Electric Plant
15 - Crematorium
Make sure to use filters to remove RDPs to get to the juicy bits