SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. SHODAN is the brainchild of John Matherly aka @achillean

Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:

apache

You can also narrow down the results using the following search parameters:

country:2-letter country code

hostname:full or partial host name

net:IP range using CIDR notation (ex: 18.7.7.0/24 )

port:21, 22, 23 or 80

How about something really bad. Hopefully, the webmasters below are taking steps to upgrade from IIS 4

Get all web (port:80) hosts running ‘IIS 4.0′ in United States (country:US)

IIS 4.0 country:US port:80

Gain root shell access exploiting built in shell (ash)

The query below is not confirmed but shows the power of SHODAN. Thanks to HDMoore

http://shodan.surtri.com/?q=port:23+”list+of+built-in+commands”

Mike Andrews was one of the coolest and most knowledgeable professors I had the opportunity of learning from, while at school @ Florida Tech.

Currently, Mike is currently working as the Principle consultant at Foundstone/McAfee, taking a break from teaching.

At school, we did not have video tape lectures, but I did find this video of Mike talking at Google on how to break web software, how web applications are attacked and walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.

[googlevideo]5159636580663884360[/googlevideo]