Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Shodan: A Search Engine For Hackers

It’s true that we are increasingly connected day by day, this may be due to the Internet of Things (IoT).  Internet of Things (IoT) consists of a complex network of systems and physical devices that allow devices to communicate and exchange data. The applications could be anything among them some are like infrastructure management, domestic applications, transportation, healthcare, environmental monitoring etc.
Each and Every single device is interconnected to every other in future. Then the security will be the main issue. Along with the products development cycle, Security has become a bolt-on additions to products.

Result:

Anyone can easily access the network of interconnected & insecure devices publically from the internet. Shodan is a search engine like Google. Google index the web page content over ports 80(HTTP) or 443(HTTPS) and Shodan crawls the web searching for devices  and respond to the host of another ports like 25 (SMTP), 22 (SSH), 21 (FTP), 23 (Telnet), 443, 3389(RDP) etc. Once the responding host is discovered by the Shodan, it connects to the machine and the port banner is pulled down.
A wide range of internet connected devices has been discovered by Shodan in 2009, that incudes traffic signalling equipment, domestic home appliances, webcams, firewalls, industrial control systems for nuclear power plants and electrical grids and even more than that. They all are connected to the internet without any security not even with authentication.
Webcam included the images of marijuana plantations, garages, front gardens, cash register cameras, swimming pools, ski slopes, colleges and schools and many more. There is also a paid members features on Shodan search engine.
Shodan provides the simple and powerful searching and it provides it with ease. If you have a basic account then it provides you only the limited number of results. So, if you want to access it more then you have to upgrade it. The premium features of Shodan includes plotting the host locations on maps, accessing the full search listings etc. It also gives you a feature to search using filters. It makes your search even more easier.

  • city: find devices in a particular city
  • country: find devices in a particular country
  • geo: you can pass it coordinates
  • hostname: find values that match the hostname
  • net: search based on an IP
  • os: search based on the operating system
  • port: find particular ports that are open
  • before/after: find results within a timeframe
Many of the devices that Shodan detects and indexes are not 100% safe from any unauthorised access. In this era or world nothing is static, who knowns when can any malicious exploits and vulnerabilities are being discovered and disclosed. The example is a well-known computer networking companies in the world – Juniper. Recently they disclose that some of their devices contained a hard-coded back-door password. By hard-coded back-door password, it allows anybody to supply the password against a valid user account. We can also search for Juniper firewalls by using Shodan. Around 1,800 vulnerable Juniper firewalls that are currently sitting targets right now on the internet.
If we consider the major threat to our safety and security then the attacks on networked industrial control systems will come first. It may include alist:
  • The signalling systems on transport networks
  • The traffic lights that allow us to drive safely
  • Regulate the treatment plants that deliver drinking water
  • Nuclear reactors that deliver our energy.