Shodan and ZoomEye The two foreign search engines in the latter part of the country, which are different from the search engines of Baibu Google, can be used to search for online devices in the network space. You can search the designated equipment through them, or search for specific types of devices. The most popular search contents are webcam, Linksys, Cisco, Netgear, SCADA and so on.
Basic use method
It's like using Google to enter what you want to search in the search box of the home page, for example, search for "SSH" below.
The search results above contain two parts, with a large number of summary data on the left, including:
- Results map - search results show map
- Top services (Ports) - the most used service / port
- Top organizations (ISPs) - the most used organization /ISP
- Top operating systems - the most used operating system
- Top products (Software name) - the most used product / software name
Then, in the middle of the main page, we can see the following search results:
- IP address
- host name
- The purpose of this item is to include the time of collection.
- The host country in which the host is located
- Banner information
If you want to know the specific information of each entry, you need to click on the links of each item. At this point, URL will become this format.
Https://www.shodan.io/host/[IP] So we can also view details by directly accessing the specified IP.
In the above picture, we can see the physical address of the host from the top of the map, get the relevant information from the left side, and the port list of the target host on the right side and the details.
Using search filtering
If the search results are not satisfactory, just like using the keyword search directly before and the search results may be unsatisfactory, then we need some specific commands to filter the search results. The common filtering commands are as follows:
Hostname Search for the specified host or domain name, for example
Port Search for specified ports or services, for example
Country : search for designated countries, for example
City Search for designated cities, for example
Org Search for a designated organization or company, for example
ISP Search for the designated ISP supplier, for example
Isp: "China Telecom"
Product : search for the specified operating system / software / platform, for example
Product: "Apache httpd"
Version Search for the specified software version, for example
Geo Search for the specified geographic location, for example
Geo: "31.8639, 117.2808"
Before/after : search the data before and after the specified time. The format is DD-MM-YY, for example.
Net Search for the specified IP address or subnet, for example
Find the Apache server in Hefei: Apache city: "Hefei"
Find the Nginx server located in China: nginx country: "CN"
Find the HUAWEI device for the specified segment: Huawei net: "22.214.171.124/24"
As mentioned above, adding the specified filter key after the basic keyword can help us quickly find out what we are interested in. Of course, there's a faster and more interesting way to click on the Explore button on the right-hand side of the Shodan search bar, and you get a lot of search syntax that others share. What's so interesting about the grammar you've been sharing? Let's take a casual look at it.
Let's just pick a user sharing syntax called "NetSureveillance Web". From the following description information, we can basically know that this is a weak password vulnerability. In order to facilitate testing, let's add grammar information to a country.
Server : Uc-httpd 1.0.0 200 OKCountry "CN"
Let's just select a page to enter and use admin account and empty password to enter smoothly.
Reprinted to Xiaix's Blog