So let me tell you about a little thing called Shodan. To put it simply, this terrifyingly beautiful website is a search engine for the Internet of Things. It’s powerful, thorough, and just downright fun to play with. Shodan will take your search and discover all devices connected to the internet related to the query. You can make it a board search (all devices with port 21 open) or pin point specific devices (devices with the host name “wordpress” with port 8443 open and running on Apache httpd in the US). Oh, did I mention that it’s free? Pretty f***ing insane, right? Your free account will have a few restrictions, one being that you can only view the first 5 pages of results, but it’s nothing compared to the God-like power that’s now at your finger tips.
This is Shodan. Ignore the “Refrigerators” part… I swear you can search for more than that. Once you create a free account and login, you can begin searching the world for anything and everything connected to the internet. Let’s start off with a basic search, just looking for the keyword “WordPress”.
As expected, we got thousands of results back. Anything that contained the string “wordpress” was returned. On the left side, you’ll see your results sorted by country, port/service, organization, and operating system. We can select one of them to narrow down our search. Let’s only return results from the United States.
Notice that the “Top Country” section is now replaced by a “Top City” section so we can continue fine-tuning our search if we wanted. Let’s get rid of some junk results by defining where the string ‘wordpress’ should show up by using the hostname operator.
Well that helped a lot. We can see that the first result is some kind of remote service, and the third result has an open DNS port. We could continue narrowing down the results, but it looks like we have some interesting stuff we can look into. Shodan is very flexible and has lots of search options you can use to target your searches:
|Internet Service Provider||isp||isp:”Hostwinds LLC”|
Time For Some Fun
Now that you have a pretty good understanding of Shodan, let’s have a little fun. We literally have the world of technology at our finger tips, we might as well do something a little more interesting. We can click on the “Explore” button at the top and see a list of the top searches and most recent searches:
Nothing shocking here. A bunch of creepy people looking to spy through open webcams, some SCADA port searches, and I have no idea what Dreambox is but I’m sure it’s interesting. Let’s try the basic “default password” search:
Well that’s a concerning amount of results. Again, we just gave it a key term to search for and it may pick up some false positives. I’m going to narrow this down by country and look within the U.S. The third result looks like it could be interesting:
Normally, I’d scrub these pictures of any sensitive information (IP address, system information, etc.) but you’re probably doing this along with me (or about to try it yourself) and seeing the same results. We can take a closer look at the details for that third result. Under the header, we see some very (shockingly) helpful information:
Well, the only thing left to do is give it a try. Lo and behold… the default credentials works:
Lesson #1: Change the damn default password.
Lesson #2: There’s no hiding on the internet.
I hope you enjoy using this tool as much as I do. You’ll come across some really interesting devices (network controlled refrigerator temperature controller, like what?).
Disclaimer: Please use Shodan responsibly. Manipulating any system that you do not own is illegal. This is meant to be a research tool, please be sure to put on your white hat before walking out into the cyber world.