Académique Documents
Professionnel Documents
Culture Documents
Penetration Testers
Michael “theprez98” Schearer
Agenda
n What is SHODAN?
n Basic Operations
n Penetration Testing
n Case Study 1: Cisco Devices
n Case Study 2: Default Passwords
n Other Examples
n Issues and Known Limitations
n Conclusions
What is SHODAN?
n SHODAN is a computer search engine
designed by web developer John
Materly (http://twitter.com/achillean)
n
What is SHODAN? (cont.)
n SHODAN is a search engine, but it is
much different than content search
engines like Google, Yahoo or Bing
n Typical search engines crawl for data on
web pages and then index it for
searching
n SHODAN interrogates ports and grabs the
resulting banners, then indexes the
banners (rather than the web content)
for searching
What is SHODAN? (cont.)
n Rather than to locate specific content on a
particular search term, SHODAN is
designed to help the user find specific
nodes (desktops, servers, routers,
switches, etc.) with specific content in
their banners
n Optimizing search results requires some
basic knowledge of banners
SHODAN Search Provider
Firefox Add-on
SHODAN Helper
Firefox Add-on
Basic Operations
n Search terms are entered into a text box
(seen below)
n Quotation marks can narrow a search
n Boolean operators + and – can be used to
include and exclude query terms (+ is
implicit default)
Basic Operations
n Search terms can be
general (Apache) or
specific (Apache
2.2.3)
n Further filtering is
available by country
(two letter country
code), IP/CIDR,
hostname, and port
(21, 22, 23, and 80)
Basic Operations (cont.)
In fact, among “cisco” results these two lines are more than
Search Results
cisco 147,046
cisco-ios 144,922
cisco www-authenticate 140,889