What is Shodan and How to use it?

Here you can find out what is shodan search engine and how can use it.

The increase of need to remote work or public networks has a result lot of misconfigure devices to publish in the Internet.

Shodan can find out any vulnerability or security hole from a misconfiguration that can help you to resolve it and stay protected.

What is Shodan?

Shodan is a search engine for any device published on the Internet. Think about something like Google but instead to search Websites , search devices like routers, webcams, Firewalls ,IoT Devices ,etc. …

Security researchers always search for these devices to found a security hole before the bad guys. With more than 9 billion IoT Devices connected in 2021 (Source: Number of Internet of Things (IoT) Connected Devices Worldwide 2021/2022: Breakdowns, Growth & Predictions) it’s very difficult.

Shodan can help you to find vulnerable devices in the Internet and learn how can protect these devices.

How to use it

Using Shodan to search for any device in the Internet it’s very easy. Below you can see the two most common ways that you can search in the Shodan.

How to use the Explore

When you first open the Shodan page you will see something like this

When you click in the Explore you will find the following sections

Categories

In this section devices categorized by

  • Industrial Control Systems
  • Databases
  • Network Infrastructure
  • Video Games

It’s easier if you want to general search for devices in any of the specific categories without use search queries.

Let’s say that we would like to find all the Databases which published in the Internet.

Click on Databases and select what type of database you prefer to search.

Let’s select MySql.

A new page appear with the results

  • Total Search
  • Top Countries
  • Top Organizations


Top Voted

This section include the most popular devices by category. For example as you can see in printscreen Webcam include 12.519 devices.

Top Voted is a dynamic list and include the devices with the more searches.

As a Security Analyst you can use this list as indicator for the devices which are more vulnerable.

Why? Because if a device scanned lot of times it means that has identified from bad or good guys with security holes.

If you take a look you will see that the most devices are Webcam and Cam.

Shodan Top Voted



Recently Shared

Recently Shared are search queries that shared from the Shodan community. If you are new in Shodan Recently shared can help you to find quickly search queries.

People are able to Share Search Queries that has run with other to use.

Also If you are interesting to learn how can write search queries in Shodan Recently shared is your friend. You can help you a lot in the beginning.

Let’s see what we can do with recently shared

Shodan Recently Shared


How to use the Search Bar

If you are using the Shodan or you want to search for specific device then the Search bar is the tool that you must use.

Let’s say that you are working in a company with lot of Servers and Services publish in the Internet.

You want to identify any security hole in each service or Server. Then you will use the search bar to run the appropriate search queries base on your requests.

Let’s take a look deeper with the search bar.

When you are run a search query you will open a new page with the following cards



General Information


In General Information you will find the following info

  • Hostnames
  • Domain
  • Country
  • City
  • Organization
  • ISP
  • ASN
Shodan General Information from specific device



Web Technologies

Gathering information’s regarding the web technologies that use the server/service

Shodan Web Technologies used by device




Vulnerabilities

This card appear only if the Server has Vulnerabilities.

Include any vulnerability that the Server has and not resolve it yet.

Shodan Vulnerabilities from specific device




Open Ports

Gathering information’s regarding the Open Ports and the details for each one.

Shodan Open Ports from specific device


How to use Filters in Search Query

I understand that the time is valuable for everyone. So i will try to give few examples for the filters and how can use it in search queries.

Before continue i would like to inform you that you must create an account to use any filter in the search queries.

You can create an account free with limitations that we will explain in Packets and Prices

Let’s see what we can do

os: Find devices base on the Operating System

Let’s type in search bar

os:”windows server 2008″ or

os: "windows xp"
Shodan Search Query


country: Find devices base on the Country

country:"GR"
Shodan Search Query


port: Find devices base on open port that you will give

port: "21"
Shodan Search Query


org: Locate devices of any specific organization


city: Locate devices in specific City

city "Athens"

vuln: Locate devices with specific vulnerability

Let’s see the Exchange Servers with the last vulnerability

vuln :"CVE-2021-34523"

“default password” Locate any device with default password which give it by the vendor

So let’s write down a more advance search query

os:"windows server 2003" country:"CY" city:"Nicosia" 
Shodan Search Query


Plans and Prices

You can use shodan for free but with lot of limitations.

Below you can find all the Plans and the prices for each one. If you want more details or to compare differences between the Plans you can go in Choose your Plan Page


No Account

You can use Shodan but it’s very limited. It’s only for a new user first time in Shodan


Free Account

With the free account you have a daily limit to 50 searches. You can use filters in search queries but it still has lot of limitations


Become a Member

This plan cost only 49$ once without including any subscription. It’s a very helpful plan for those that they don’t need so many features or they don’t have the budget.

It’s suitable for those that they want to try Shodan with more advance features but they don’t want to pay every month.

The plan include the following features

  • Network Monitoring
  • Shodan CLI
  • Map the Internet
  • Search the Images
  • Documentation for Developers
  • Shodan API for integration

If you want to learn more about the Plan you can visit the Choose your Plan Page and go in the Bottom to read the differences


Freelancer

It costs 59$/month. You have 1 million search per month and lot of other features that you can find in Shodal Plan Page


Small Business

It costs 299$/month. You have 20 million searh per month with all the Freelancer features plus some more


Corporate

It costs 899$/month. You have unlimited search results per month. Include all the available features that has the Shodan.


Is Legal Shodan?

Yes Shodan is Legal because any info which scan it’s already expose in the Internet. It’s not gather secretly any info.

The problem is in misconfiguration of the device and the jurisdiction of the person who will found it.

It’s a tool that can use it to do the Internet more secure. Why not?


Who can use it and who must pay?

Shodan it’s a very helpful tool for anyone that works in IT Security industry and not only.

Can help Security Analyst to identify security holes in the devices that use in his company environment or in his clients.

Can help Researchers to identify the most unsecure devices by design and not by misconfigurations and avoid them to purchase it or use it.

IT Managers or Head of IT in Enterprises can help them to create a secure environment while can identify any security hole in all the infrastructure which exposed in the Internet.

Developers can use the Shodan API to integrate the Shodan with the application that develop.

Home users can identify easily without need to has an IT experience what home devices are exposed to the Internet but must be protected.

But do you must pay to use the Shodan?

Depends. If you want to use it only for general searching or search a Home Device and nothing else then it doesn’t.

If you want to use continuously to monitoring for vulnerabilities Server or services which exposed in the Internet then you must definitely pay the Shodan.


Integrate Shodan API

A very interesting feature is the Shodan Api that can use it to integrate in your own application. With API can make automation and scanning a range of the devices that you can use in a text file.

A very helpful tool for any developer because he doesn’t need to write a code to scan the devices that wants.


Conclusions

Shodan is an intelligence tool that use it from Security Analyst , Cybersecurity specialist and any IT in the security industry who works to do the Internet more secure.

It’s not illegal and it’s not gather any personal information.

It has different Plans that can cover any requirement.

Are you an IT or a Home user? Why not protect your digital privacy and you assets?

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Leave a Comment