Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port. It’s useful to audit any vulnerable versions.
Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance cameras, Smart TVs, SCADA networks, and leading to traffic light management systems are exposed to the internet.
In 2016 impact of the Mirai botnet attack, which was orchestrated as a distributed denial-of-service attack affects 300,000 vulnerable Internet of Things devices.
IoT device data privacy and integrity is another rising pain, voice assistive devices such as Amazon Echo and Google Home.
Shodan and Censys
The benefits of Google Docks help you find the data you are looking for on the Internet. There are also special search engines for information security professionals that help to discover devices that are accessible from the Internet.
IPv4 Hosts
- Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port.
- Discovered open ports have accurate banner versions, WHOIS information, and the geographic location of the server.
Operating Systems:
- Detecting old versions of Windows operating systems ( Windows XP ) on the Internet.
- An appropriate filter ( windows XP hostname:.in ) could find any operating systems on the internet.
Web Server:
- Check the web server versions with query Server: <web server versions>
- It’s very useful to audit any vulnerable versions of web servers on the internet.
Web application Firewalls:
- Discovering web application firewalls on target.
Router:
- Discover Cisco, Netgear, and more vulnerable routers in your country.
- Over 65,000 Vulnerable Routers are already Abused by Multi-purpose Proxy Botnet.
Media & Entertainment:
- Discover satellite television servers in various countries.
Database servers:
- Discovering the Database servers of any organization is also possible with these search engines.
Home Automation
- Searching HA bridge ( Home automation gateways such as an Amazon Echo/ Philips Hue).
- Finding Amazon Echo/ Google Home IoT devices using Shodan.
- Discovered remote access to Bedroom, and living room lights.
- Remote commands such as “On”, and “Off” commands to turn off or turn on the lights.
Industrial Control System
- Search for ICS/SCADA ( Industrial control systems/Supervisory Control and Data Acquisition) Devices in your country.
- The above figure illustrates that anyone on the internet can access Industrial devices and manipulate misconfigured SCADA devices.
Shodan’s search is powerful to find any vulnerable devices on the internet. It can be part of your penetration test to easier to discover new things on the internet.
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity updates.
Also, Read
TOP 10 Best Torrent Search Engines 2023Top 10 Deep Web Search Engine Alternatives for Google and Bing – 2023
