So let me tell you about a little thing called Shodan.  To put it simply, this terrifyingly beautiful website is a search engine for the Internet of Things.  It’s powerful, thorough, and just downright fun to play with.  Shodan will take your search and discover all devices connected to the internet related to the query.  You can make it a board search (all devices with port 21 open) or pin point specific devices (devices with the host name “wordpress” with port 8443 open and running on Apache httpd in the US).  Oh, did I mention that it’s free?  Pretty f***ing insane, right?  Your free account will have a few restrictions, one being that you can only view the first 5 pages of results, but it’s nothing compared to the God-like power that’s now at your finger tips.

homepage

This is Shodan.  Ignore the “Refrigerators” part… I swear you can search for more than that.  Once you create a free account and login, you can begin searching the world for anything and everything connected to the internet.  Let’s start off with a basic search, just looking for the keyword “WordPress”.

basic search

As expected, we got thousands of results back.  Anything that contained the string “wordpress” was returned.  On the left side, you’ll see your results sorted by country, port/service, organization, and operating system.  We can select one of them to narrow down our search.  Let’s only return results from the United States.

by country.png

Notice that the “Top Country” section is now replaced by a “Top City” section so we can continue fine-tuning our search if we wanted.  Let’s get rid of some junk results by defining where the string ‘wordpress’ should show up by using the hostname operator.

hostname wp

Well that helped a lot.  We can see that the first result is some kind of remote service, and the third result has an open DNS port.  We could continue narrowing down the results, but it looks like we have some interesting stuff we can look into.  Shodan is very flexible and has lots of search options you can use to target your searches:

Option Command Example
Host/Domain hostname hostname:”google”
Port/Service port port:”21”
Country country country:”United States”
City city city:”New York”
Organization/Company org org:”Amazon”
Internet Service Provider isp isp:”Hostwinds LLC”
OS/Product/Platform product product:”Apache httpd”
Product Version version version:”2.2.15”
Geo Location geo geo:”39.6949,-83.1383”
Date before/after before:”12-12-15”
IP Address/Subnet net net:”74.91.246.0/24”

Time For Some Fun

Now that you have a pretty good understanding of Shodan, let’s have a little fun.  We literally have the world of technology at our finger tips, we might as well do something a little more interesting.  We can click on the “Explore” button at the top and see a list of the top searches and most recent searches:

explore.png

Nothing shocking here. A bunch of creepy people looking to spy through open webcams, some SCADA port searches, and I have no idea what Dreambox is but I’m sure it’s interesting.  Let’s try the basic “default password” search:

default password

Well that’s a concerning amount of results.  Again, we just gave it a key term to search for and it may pick up some false positives.  I’m going to narrow this down by country and look within the U.S.  The third result looks like it could be interesting:

default password US

Normally, I’d scrub these pictures of any sensitive information (IP address, system information, etc.) but you’re probably doing this along with me (or about to try it yourself) and seeing the same results.  We can take a closer look at the details for that third result.  Under the header, we see some very (shockingly) helpful information:

default banner

Well, the only thing left to do is give it a try.  Lo and behold… the default credentials works:

logged in

Lesson #1: Change the damn default password.

Lesson #2: There’s no hiding on the internet.

I hope you enjoy using this tool as much as I do.  You’ll come across some really interesting devices (network controlled refrigerator temperature controller, like what?).

Disclaimer: Please use Shodan responsibly.  Manipulating any system that you do not own is illegal.  This is meant to be a research tool, please be sure to put on your white hat before walking out into the cyber world.

Advertisements

Join the conversation! 3 Comments

  1. […] Shodan: The Internet of Things Search Engine […]

    Like

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Jean Fleury

Naval officer, privateer, cyber security professional. Traded in my five-ship squadron for a computer and Burp Suite license.

Category

Security Research

Tags

, , , , ,