Back to course

Tool: Shodan Explained (The Search Engine for IoT)

Cyber Security Mastery: From Zero to Hero

Shodan: Scanning the Entire Internet

Google searches web content; Shodan searches service banners and metadata from devices connected to the internet. Shodan is an active reconnaissance tool operated by a third party, meaning it's used passively by the hacker.

How Shodan Works

Shodan continuously scans the entire IPv4 space on common ports (80, 21, 22, 23, 443, etc.) and records the response banners, which often reveal the operating system, specific software version, and configuration details.

Security Relevance

Hackers use Shodan to find:

  1. Vulnerable Services: Searching for product: 'Apache' version: 2.2.8 quickly identifies targets running obsolete, vulnerable software.
  2. Exposed Devices: Finding open webcams, industrial control systems (ICS), or databases exposed directly to the internet.
  3. Specific Organization Assets: Using filters like org: 'Target Corp' or IP ranges.

Example Search: port: 3389 country: US (Finds all RDP servers exposed in the US).