๐ฅShodan Dork ๐
Hunting IoT Devices online! ๐
by Snooptz
๐ฅณ Salutations, folks!
Thanks for popping by! ๐ฅณ
๐ Today, we will go through Shodan Dork,
what it is & what we can do with it! ๐
๐ฅ To start, What’s Shodan? ๐ฅ
๐Shodan is a powerful and specialized search engine designed to help users search for internet-connected devices & systems. It indexes vast information about these devices & systems, including open ports, operating systems, and software.
Shodan can be used for multiple purposes, such as security research, IoT device discovery, & vulnerability scanning. It’s a valuable tool for identifying vulnerabilities or weak points in networks & systems, allowing users to secure their digital assets proactively.
- However, it’s essential to use Shodan responsibly & ethically.
In the wrong hands, it could be used for illegal or malicious purposes, such as hacking into private networks or cyber-attacks. It’s essential only to use Shodan for legitimate purposes & ensure that any information obtained is used in compliance with ethical guidelines & legal regulations.
๐ฅ Shodan Dork? ๐
Shodan dork queries are a powerful tool for searching for specific information indexed by the Shodan search engine. Shodan is a specialized search engine for internet-connected devices and systems. By using Shodan Dorks, users can easily search for and find devices and systems that may be vulnerable to attack or have specific configurations useful for research or analysis.
Shodan dork queries can be used to search for information on the internet, including IP addresses, open ports, & other configurations related to IoT devices, routers, servers, or other systems. Users can customize their search according to their specific needs, for example, by searching for devices with specific open ports, running particular software or operating systems, or located in a specific geographical area.
Some examples of Shodan dorks include:
- “port: 80 country: US” to find all devices with port 80 open in the United States
- “Apache country: US” to find all devices running the Apache web server in the United States
- “webcams country: FR” to find all devices running WebcamXP in France
Shodan dork queries can be used for various purposes, including security research, IoT device discovery, and vulnerability scanning. However, it must be noted that using this information for malicious purposes is illegal and unethical. Therefore, using Shodan dork queries must be done responsibly & ethically, thus, with the intent of improving security or safety online.
⚡ Here are 60 Shodan dork queries categorized by their purpose: ⚡
1. General Shodan Dork Queries: ๐ป
- “shodan” — This query will return all devices indexed by Shodan.
- “hostname” — Use this query to find devices based on their hostname.
- “net:CIDR” — This query will return all devices within a specified network.
- Example: “net:192.168.1.0/24” will return all devices within the 192.168.1.0/24 network.
- “os:OS” — This query will find all devices running a specific operating system.
- Example: “os:Windows” will return all devices running Windows.
- “port:PORT” — This query will return all devices with a specific open port.
- Example: “port:80” will return all devices with port 80 open.
- “http.title:TITLE” — This query will find all devices with a specific title on their homepage.
- Example: “http.title:’Welcome to nginx!’” will return all devices with the title “Welcome to nginx!” on their homepage.
- “http.component:COMPONENT” — This query will find all devices with a specific web component.
- Example: “http.component:WordPress” will return all devices running WordPress.
- “org:ORG” — This query will find all devices belonging to a specific organization.
- Example: “org:Microsoft” will return all devices belonging to Microsoft.
- “city:CITY” — This query will find all devices in a specific city.
- Example: “city:New York” will return all devices located in New York.
2. IoT Device Discovery Shodan Dork Queries: ๐ฒ
- “port:1883” — This query will return all devices with the MQTT protocol open.
- “port:502” — This query will return all devices with the Modbus protocol open.
- “port:161” — This query will return all devices with the SNMP protocol open.
- “port:5900” — This query will return all devices with the VNC protocol open.
- “port:1911” — This query will return all devices with the Niagara AX platform open.
- “port:23 product:telnet” — This query will return all devices with open Telnet port.
- “port:80 product:axis” — This query will return all devices running AXIS cameras.
- “port:5060 product:asterisk” — This query will return all devices running Asterisk.
3. Vulnerability Scanning Shodan Dork Queries: ๐ฆ
- “port:3389 os:windows” — This query will return all devices running Windows with the RDP port open.
- “port:21 product:ftp” — This query will return all devices with open FTP port.
- “port:445 os:windows” — This query will return all devices running Windows with the SMB port open.
- “port:3306 product:mysql” — This query will return all devices with open MySQL port.
- “port:873 product:rsync” — This query will return all devices running Rsync.
- “port:11211 product:memcached” — This query will return all devices running Memcached.
- “port:5432 product:postgresql” — This query will return all devices running PostgreSQL.
- “port:27017 product:mongodb” — This query will return all devices running MongoDB.
4. Webcam Shodan Dork Queries: ๐ฆ
- “webcamxp” — This query will return all devices running WebcamXP.
- “inurl:view/view.shtml” — This query will return all devices with a specific URL pattern.
- “intitle:’Live View / — AXIS’” — This query will return all devices running AXIS cameras.
- “intitle:’Live View / — AXIS 206M’” — This query will return all devices running AXIS 206M cameras.
- “intitle:’Live View / — AXIS 210'” — This query will return all devices running AXIS 210 cameras.
“intitle:’Live View / — AXIS 213'” — This query will return all devices running AXIS 213 cameras.
5. Industrial Control Systems (ICS) Shodan Dork Queries: ๐ญ
- “port:102 product:s7” — This query will return all devices with the Siemens S7 protocol open.
- “port:44818” — This query will return all devices with the EtherNet/IP protocol open.
- “port:502 product:modbus” — This query will return all devices with the Modbus protocol open.
- “port:789 product:bacnet” — This query will return all devices with the BACnet protocol open.
- “port:1911 product:niagara” — This query will return all devices with the Niagara AX platform open.
- “port:44818 product:ethernetip” — This query will return all devices running Ethernet/IP.
“port:44818 product:profinet” — This query will return all devices running Profinet.
6. Network Devices Shodan Dork Queries: ๐
- “port:23 product:telnet” — This query will return all devices with open Telnet port.
- “port:80 country:US” — This query will return all devices with port 80 open in the United States.
- “port:443 country:JP” — This query will return all devices with port 443 open in Japan.
- “port:8080 city:Chicago” — This query will return all devices with port 8080 open in Chicago.
- “port:3128 hostname:proxy” — This query will return all devices with port 3128 open and hostname containing the word “proxy.”
Conclusions
Shodan queries can be used to search for information on the internet, including IP addresses, open ports, and other configurations related to IoT devices, routers, servers, and other systems. However, it’s essential to use Shodan queries with caution and always prioritize the safety and security of digital assets. Misusing Shodan queries for illegal or malicious purposes, such as hacking into private networks or cyber-attacks, could have serious consequences. Using this tool for legitimate purposes and ensuring that any information obtained is used in compliance with ethical guidelines and legal regulations is crucial.
Shodan queries can be a valuable tool for identifying vulnerabilities and weak points in networks and systems, allowing users to secure their digital assets proactively. However, it’s important to note that using this tool for malicious purposes is illegal and unethical. Therefore, using Shodan queries must be done responsibly and ethically, and with the intent of improving security and safety on the internet.
Queries Recap
- "shodan" - This query will return all devices indexed by Shodan.- "hostname" - Use this query to find devices based on their hostname.- "net:CIDR" - This query will return all devices within a specified network.- Example: "net:192.168.1.0/24" will return all devices within the 192.168.1.0/24 network.- "os:OS" - This query will find all devices running a specific operating system.- Example: "os:Windows" will return all devices running Windows.- "port:PORT" - This query will return all devices with a specific open port.- Example: "port:80" will return all devices with port 80 open.- "http.title:TITLE" - This query will find all devices with a specific title on their homepage.- Example: "http.title:'Welcome to nginx!'" will return all devices with the title "Welcome to nginx!" on their homepage.- "http.component:COMPONENT" - This query will find all devices with a specific web component.- Example: "http.component:WordPress" will return all devices running WordPress.- "org:ORG" - This query will find all devices belonging to a specific organization.- Example: "org:Microsoft" will return all devices belonging to Microsoft.- "city:CITY" - This query will find all devices in a specific city.- Example: "city:New York" will return all devices located in New York.- “port:1883” — This query will return all devices with the MQTT protocol open.- “port:502” — This query will return all devices with the Modbus protocol open.- “port:161” — This query will return all devices with the SNMP protocol open.- “port:5900” — This query will return all devices with the VNC protocol open.- “port:1911” — This query will return all devices with the Niagara AX platform open.- “port:23 product:telnet” — This query will return all devices with open Telnet port.- “port:80 product:axis” — This query will return all devices running AXIS cameras.- “port:5060 product:asterisk” — This query will return all devices running Asterisk.- “port:3389 os:windows” — This query will return all devices running Windows with the RDP port open.- “port:21 product:ftp” — This query will return all devices with open FTP port.- “port:445 os:windows” — This query will return all devices running Windows with the SMB port open.- “port:3306 product:mysql” — This query will return all devices with open MySQL port.- “port:873 product:rsync” — This query will return all devices running Rsync.- “port:11211 product:memcached” — This query will return all devices running Memcached.- “port:5432 product:postgresql” — This query will return all devices running PostgreSQL.- “webcamxp” — This query will return all devices running WebcamXP.- “inurl:view/view.shtml” — This query will return all devices with a specific URL pattern.- “intitle:’Live View / — AXIS’” — This query will return all devices running AXIS cameras.- “intitle:’Live View / — AXIS 206M’” — This query will return all devices running AXIS 206M cameras.- “intitle:’Live View / — AXIS 210'” — This query will return all devices running AXIS 210 cameras.“intitle:’Live View / — AXIS 213'” — This query will return all devices running AXIS 213 cameras.- “port:102 product:s7” — This query will return all devices with the Siemens S7 protocol open.- “port:44818” — This query will return all devices with the EtherNet/IP protocol open.- “port:502 product:modbus” — This query will return all devices with the Modbus protocol open.- “port:789 product:bacnet” — This query will return all devices with the BACnet protocol open.- “port:1911 product:niagara” — This query will return all devices with the Niagara AX platform open.- “port:44818 product:ethernetip” — This query will return all devices running Ethernet/IP.- “port:23 product:telnet” — This query will return all devices with open Telnet port.- “port:80 country:US” — This query will return all devices with port 80 open in the United States.- “port:443 country:JP” — This query will return all devices with port 443 open in Japan.- “port:8080 city:Chicago” — This query will return all devices with port 8080 open in Chicago.- “port:3128 hostname:proxy” — This query will return all devices with port 3128 open and hostname containing the word “proxy.”
Last Note:
It’s important to remember that hacking is illegal.
Attempting to access systems or devices without proper authorization can result in severe legal consequences, including fines, imprisonment, or damage to your reputation. Hacking can also cause harm to innocent parties, such as individuals or businesses affected by cyber-attacks. Using ethical & legal means to conduct security research & protect digital assets is crucial. Remember, the author of this text is not responsible for any actions taken by individuals who use the information provided for unlawful purposes.
I recently started an affiliate program with Ledger; from post to post, you might see their Ad.
Please share feedback & thoughts, as all are most than welcome!
๐ช️ — Surf Safe & Stay Shield! — ๐
--- Thanks !⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡⚡
Comments
Post a Comment