What is shodan
cudeso
3,929 views
20 slides
Jul 28, 2017
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
What is shodan.io. Shodan is not a hacking tool. It can be used by pentesters, CSIRTs, SOCs or within a vulnerability management process.
Slide Content
What is Shodan.IO?
• A search engine
• Of devices and applications
• That crawls the internet (just like Google)
• Parses the banners returned by devices and applications
• No "vulnerability scanning", it parses what is publicly available
• And lets you search its database (just like Google)
• Filter the data for country, strings, networks
• You can use it for good or bad (just like Google)
• Manual queries
• Use the API : automation and include it in your own tools
27-Jul-17
What is Shodan.IO? 2
• A search engine
• Of devices and applications
• That crawls the internet (just like Google)
• Parses the banners returned by devices and applications
• No "vulnerability scanning", it parses what is publicly available
• And lets you search its database (just like Google)
• Filter the data for country, strings, networks
• You can use it for good or bad (just like Google)
• Manual queries
• Use the API : automation and include it in your own tools
27-Jul-17
What is Shodan.IO? 2
What is Shodan.IO?
27-Jul-17
What is Shodan.IO? 3
27-Jul-17
What is Shodan.IO? 3
Free, or for a limited fee
• Basic usage is free
• Limited results
• Limited filters
• Membership for $49
• Improved API plan
• Access to for example Shodan Images
• Download search results
27-Jul-17
What is Shodan.IO? 4
• Basic usage is free
• Limited results
• Limited filters
• Membership for $49
• Improved API plan
• Access to for example Shodan Images
• Download search results
27-Jul-17
What is Shodan.IO? 4
Don't put it on the Internet!
• Shodan does not hack your systems!
• What could possibly go wrong if we connect it to the net?
• Internet connected, unprotected -> Shodan can find it
• Many of these devices shouldn't even be online at all!
• Firewalled -> Shodan can not find it
• Search query
• Simple banner string
• Refine the results with 2-3 steps
• Goldmine!
27-Jul-17
What is Shodan.IO? 5
• Shodan does not hack your systems!
• What could possibly go wrong if we connect it to the net?
• Internet connected, unprotected -> Shodan can find it
• Many of these devices shouldn't even be online at all!
• Firewalled -> Shodan can not find it
• Search query
• Simple banner string
• Refine the results with 2-3 steps
• Goldmine!
27-Jul-17
What is Shodan.IO? 5
Showcase : the scary stuff
• Let's search for "a thing"
• Honeywell
• Building / housing
• "Connected Services"
• Network connector to
"physical" device
27-Jul-17
What is Shodan.IO? 6
• Let's search for "a thing"
• Honeywell
• Building / housing
• "Connected Services"
• Network connector to
"physical" device
27-Jul-17
What is Shodan.IO? 6
Search results
• Search for "Honeywell Building Network Adapter (BNA)"
27-Jul-17
What is Shodan.IO? 7
• Search for "Honeywell Building Network Adapter (BNA)"
27-Jul-17
What is Shodan.IO? 7
Refine results / 1
• Refine for country:be
27-Jul-17
What is Shodan.IO? 8
• Refine for country:be
27-Jul-17
What is Shodan.IO? 8
Refine results / 2
• Refine for only telnet
• Available filters
• city:
• country:
• geo:
• hostname:
• net:
• os:
• port:
• before/after:
27-Jul-17
What is Shodan.IO? 9
• Refine for only telnet
• Available filters
• city:
• country:
• geo:
• hostname:
• net:
• os:
• port:
• before/after:
27-Jul-17
What is Shodan.IO? 9
Inspect results
• Zoom in on one host
• Open network ports and services
• With banner details
• Geomap
27-Jul-17
What is Shodan.IO? 10
• Zoom in on one host
• Open network ports and services
• With banner details
• Geomap
27-Jul-17
What is Shodan.IO? 10
Zoom further
• Even Google insists!
27-Jul-17
What is Shodan.IO? 11
• Even Google insists!
27-Jul-17
What is Shodan.IO? 11
Read the manual
• PDF available on the Honeywell website
• Seriously???
27-Jul-17
What is Shodan.IO? 12
• PDF available on the Honeywell website
• Seriously???
27-Jul-17
What is Shodan.IO? 12
Verify, but don't abuse
27-Jul-17
What is Shodan.IO? 13
• 2 search queries
• Shodan
• Google
• One PDF with vendor information
• One connection attempt
5' work
torify telnet <ip>
27-Jul-17
What is Shodan.IO? 13
• 2 search queries
• Shodan
• One PDF with vendor information
• One connection attempt
5' work
torify telnet <ip>
It's not hacking!
• Every tool can be either used or abused
• It's not about vulnerabilities. It's about misconfiguration.
• Or negligence
• Google is not a hacking tool either!
• Google Dorks
• Neither is curl
27-Jul-17
What is Shodan.IO? 14
• Every tool can be either used or abused
• It's not about vulnerabilities. It's about misconfiguration.
• Or negligence
• Google is not a hacking tool either!
• Google Dorks
• Neither is curl
27-Jul-17
What is Shodan.IO? 14
Prepared queries
27-Jul-17
What is Shodan.IO? 15
27-Jul-17
What is Shodan.IO? 15
Shodan Images
27-Jul-17
What is Shodan.IO? 16
27-Jul-17
What is Shodan.IO? 16
Shodan ICS Radar
27-Jul-17
What is Shodan.IO? 17
27-Jul-17
What is Shodan.IO? 17
API
• Python library
27-Jul-17
What is Shodan.IO? 18
• Python library
27-Jul-17
What is Shodan.IO? 18
Why would you use the API?
• Useful for pentesters
• Passive reconnaissance
• CSIRTs or SOCs
• Monitor their constituency
• Vulnerability management
• Get alerted when your device is listed
27-Jul-17
What is Shodan.IO? 19
• Useful for pentesters
• Passive reconnaissance
• CSIRTs or SOCs
• Monitor their constituency
• Vulnerability management
• Get alerted when your device is listed
27-Jul-17
What is Shodan.IO? 19
Make Shodan work for you!
• Use the API
• Scan your networks for newly detected services
• Query the Shodan API for new services in your network
• Have they been detected by your vulnerability scanner?
• What is the rating of your vulnerability on the disclosed services?
• High rating + Shodan : create trouble ticket
• Verify if firewall rules are correct
• Don't do security by obscurity by changing banner strings
• Fix the ACL
27-Jul-17
What is Shodan.IO? 20
• Use the API
• Scan your networks for newly detected services
• Query the Shodan API for new services in your network
• Have they been detected by your vulnerability scanner?
• What is the rating of your vulnerability on the disclosed services?
• High rating + Shodan : create trouble ticket
• Verify if firewall rules are correct
• Don't do security by obscurity by changing banner strings
• Fix the ACL
27-Jul-17
What is Shodan.IO? 20
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,929
- Slides 20
- Favorites 2
- Age 3049 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views