The increase of need to remote work or public networks has a result lot of misconfigure devices to publish in the Internet.
Shodan can find out any vulnerability or security hole from a misconfiguration that can help you to resolve it and stay protected.
What is Shodan?
Shodan is a search engine for any device published on the Internet. Think about something like Google but instead to search Websites , search devices like routers, webcams, Firewalls ,IoT Devices ,etc. …
Security researchers always search for these devices to found a security hole before the bad guys. With more than 9 billion IoT Devices connected in 2021 (Source: Number of Internet of Things (IoT) Connected Devices Worldwide 2021/2022: Breakdowns, Growth & Predictions) it’s very difficult.
Shodan can help you to find vulnerable devices in the Internet and learn how can protect these devices.
How to use it
Using Shodan to search for any device in the Internet it’s very easy. Below you can see the two most common ways that you can search in the Shodan.
How to use the Explore
When you first open the Shodan page you will see something like this
When you click in the Explore you will find the following sections
Categories
In this section devices categorized by
- Industrial Control Systems
- Databases
- Network Infrastructure
- Video Games
It’s easier if you want to general search for devices in any of the specific categories without use search queries.
Let’s say that we would like to find all the Databases which published in the Internet.
Click on Databases and select what type of database you prefer to search.
Let’s select MySql.
A new page appear with the results
- Total Search
- Top Countries
- Top Organizations
Top Voted
This section include the most popular devices by category. For example as you can see in printscreen Webcam include 12.519 devices.
Top Voted is a dynamic list and include the devices with the more searches.
As a Security Analyst you can use this list as indicator for the devices which are more vulnerable.
Why? Because if a device scanned lot of times it means that has identified from bad or good guys with security holes.
If you take a look you will see that the most devices are Webcam and Cam.
Recently Shared
Recently Shared are search queries that shared from the Shodan community. If you are new in Shodan Recently shared can help you to find quickly search queries.
People are able to Share Search Queries that has run with other to use.
Also If you are interesting to learn how can write search queries in Shodan Recently shared is your friend. You can help you a lot in the beginning.
Let’s see what we can do with recently shared
How to use the Search Bar
If you are using the Shodan or you want to search for specific device then the Search bar is the tool that you must use.
Let’s say that you are working in a company with lot of Servers and Services publish in the Internet.
You want to identify any security hole in each service or Server. Then you will use the search bar to run the appropriate search queries base on your requests.
Let’s take a look deeper with the search bar.
When you are run a search query you will open a new page with the following cards
General Information
In General Information you will find the following info
- Hostnames
- Domain
- Country
- City
- Organization
- ISP
- ASN
Web Technologies
Gathering information’s regarding the web technologies that use the server/service
Vulnerabilities
This card appear only if the Server has Vulnerabilities.
Include any vulnerability that the Server has and not resolve it yet.
Open Ports
Gathering information’s regarding the Open Ports and the details for each one.
How to use Filters in Search Query
I understand that the time is valuable for everyone. So i will try to give few examples for the filters and how can use it in search queries.
Before continue i would like to inform you that you must create an account to use any filter in the search queries.
You can create an account free with limitations that we will explain in Packets and Prices
Let’s see what we can do
os: Find devices base on the Operating System
Let’s type in search bar
os:”windows server 2008″ or
os: "windows xp"
country: Find devices base on the Country
country:"GR"
port: Find devices base on open port that you will give
port: "21"
org: Locate devices of any specific organization
city: Locate devices in specific City
city "Athens"
vuln: Locate devices with specific vulnerability
Let’s see the Exchange Servers with the last vulnerability
vuln :"CVE-2021-34523"
“default password” Locate any device with default password which give it by the vendor
So let’s write down a more advance search query
os:"windows server 2003" country:"CY" city:"Nicosia"
Plans and Prices
You can use shodan for free but with lot of limitations.
Below you can find all the Plans and the prices for each one. If you want more details or to compare differences between the Plans you can go in Choose your Plan Page
No Account
You can use Shodan but it’s very limited. It’s only for a new user first time in Shodan
Free Account
With the free account you have a daily limit to 50 searches. You can use filters in search queries but it still has lot of limitations
Become a Member
This plan cost only 49$ once without including any subscription. It’s a very helpful plan for those that they don’t need so many features or they don’t have the budget.
It’s suitable for those that they want to try Shodan with more advance features but they don’t want to pay every month.
The plan include the following features
- Network Monitoring
- Shodan CLI
- Map the Internet
- Search the Images
- Documentation for Developers
- Shodan API for integration
If you want to learn more about the Plan you can visit the Choose your Plan Page and go in the Bottom to read the differences
Freelancer
It costs 59$/month. You have 1 million search per month and lot of other features that you can find in Shodal Plan Page
Small Business
It costs 299$/month. You have 20 million searh per month with all the Freelancer features plus some more
Corporate
It costs 899$/month. You have unlimited search results per month. Include all the available features that has the Shodan.
Is Legal Shodan?
Yes Shodan is Legal because any info which scan it’s already expose in the Internet. It’s not gather secretly any info.
The problem is in misconfiguration of the device and the jurisdiction of the person who will found it.
It’s a tool that can use it to do the Internet more secure. Why not?
Who can use it and who must pay?
Shodan it’s a very helpful tool for anyone that works in IT Security industry and not only.
Can help Security Analyst to identify security holes in the devices that use in his company environment or in his clients.
Can help Researchers to identify the most unsecure devices by design and not by misconfigurations and avoid them to purchase it or use it.
IT Managers or Head of IT in Enterprises can help them to create a secure environment while can identify any security hole in all the infrastructure which exposed in the Internet.
Developers can use the Shodan API to integrate the Shodan with the application that develop.
Home users can identify easily without need to has an IT experience what home devices are exposed to the Internet but must be protected.
But do you must pay to use the Shodan?
Depends. If you want to use it only for general searching or search a Home Device and nothing else then it doesn’t.
If you want to use continuously to monitoring for vulnerabilities Server or services which exposed in the Internet then you must definitely pay the Shodan.
Integrate Shodan API
A very interesting feature is the Shodan Api that can use it to integrate in your own application. With API can make automation and scanning a range of the devices that you can use in a text file.
A very helpful tool for any developer because he doesn’t need to write a code to scan the devices that wants.
Conclusions
Shodan is an intelligence tool that use it from Security Analyst , Cybersecurity specialist and any IT in the security industry who works to do the Internet more secure.
It’s not illegal and it’s not gather any personal information.
It has different Plans that can cover any requirement.
Are you an IT or a Home user? Why not protect your digital privacy and you assets?