SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. SHODAN is the brainchild of John Matherly aka @achillean
Lets say you want to find servers running the ‘Apache’ web daemon. A simple attempt would be to use:
You can also narrow down the results using the following search parameters:
country:2-letter country code
hostname:full or partial host name
net:IP range using CIDR notation (ex: 18.7.7.0/24 )
port:21, 22, 23 or 80
How about something really bad. Hopefully, the webmasters below are taking steps to upgrade from IIS 4
Get all web (port:80) hosts running ‘IIS 4.0’ in United States (country:US)
Gain root shell access exploiting built in shell (ash)
The query below is not confirmed but shows the power of SHODAN. Thanks to HDMoore
http://shodan.surtri.com/?q=port:23+”list+of+built-in+commands”
Wow. It would be interesting to see what else can shodan find. Definitely queried Microsoft.com to see if they host using Apache 🙂
No need for nmap with this tool for the most part.
Shodan is such an amazing powerful tool. I still use this for many research things.