I was thinking about making a new post and since I was walking around Shodanlooking at our systems, I said why not? Well, Shodan is a search engine like Google but a little different, we can search everything that is connected to the internet.
This is great as a tool but it is a delight for many because due to ignorance many people have devices connected to the Internet with user and pass by default that can be found in Shodan quite fast or outdated systems.
You remember the post Tuning in Google, in which we talked about GoogleDorks, well in Shodan we also have search filters that if we add it to python using the API they offer instead of web, its potential is tremendous, you also have libraries for other languages here.
In order to use the API you have to have query credits where depending on the chosen plan you can have up to unlimited queries. In the free version you have 100 query credits, each query credit gives you up to 100 results which means that you can download 10000 results every month for free.
Let's install the python library on our lab machine. If you have followed our posts it would be as simple as running
sudo pip3.7 install shodan
And with the following command we will see the help
shodan
We already have it installed but we will not be able to use it until we connect to the APi, to do this we launch
shodan init XXXXyourAPIXXXX
We are not going to expand on its use, we leave it to you to investigate. We will just show you a small example and leave you some filters.
You can find the API filters herein its web site
Some of the web filters are:
os: Filter by operating system
country: Filter by country
city: Filter by city
net: Filter by network segments
geo: Filter by specifying coordinates
hostname: Filter by hostname
port. Filter by port
With these few filters we can start playing to see the potential of Shodan.
A small example to make people aware of the danger of leaving a Windows remote desktop exposed on the Internet, since Shodan will find it and you will start to be a target for many people, due to all the vulnerabilities that Windows remote desktop suffers, having all the chances to end up with an encrypted system. It would be enough to simply put in the Shodan web search engine
country:ES port:3389
And it will show you more than 35000 computers currently. As you will see if you have a computer with remote desktop exposed to the Internet, sooner or later you will get a surprise.
So far for today, but first tell you, do not do what you do not want to do to you. Have a nice weekend.
TL.
Este sitio web utiliza cookies para mejorar su experiencia. Asumiremos que está de acuerdo con esto, pero puede optar por no participar si lo desea.Cookie SettingsAceptarRechazar
Privacidad & Cookies
Resumen de privacidad
Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. Fuera de estas cookies, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funciones básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Sin embargo, la exclusión de algunas de estas cookies puede afectar su experiencia de navegación.
Las cookies necesarias son absolutamente esenciales para que el sitio web funcione correctamente. Esta categoría solo incluye cookies que garantizan funcionalidades básicas y características de seguridad del sitio web. Estas cookies no almacenan ninguna información personal.
No hay comentarios