Tuesday, October 15, 2024
HomeInfosec- ResourcesShodan and Censys: Finding Hidden Parts On the Internet With Special Search...

Shodan and Censys: Finding Hidden Parts On the Internet With Special Search Engines

Published on

Malware protection

Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port. It’s useful to audit any vulnerable versions.

Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance cameras, Smart TVs, SCADA networks, and leading to traffic light management systems are exposed to the internet.

In 2016 impact of the Mirai botnet attack, which was orchestrated as a distributed denial-of-service attack affects 300,000 vulnerable Internet of Things devices.

- Advertisement - SIEM as a Service

IoT device data privacy and integrity is another rising pain, voice assistive devices such as Amazon Echo and Google Home.

Shodan and Censys

The benefits of Google Docks help you find the data you are looking for on the Internet. There are also special search engines for information security professionals that help to discover devices that are accessible from the Internet.

IPv4 Hosts

  • Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port.
  • Discovered open ports have accurate banner versions, WHOIS information, and the geographic location of the server.

Operating Systems:

  • Detecting old versions of Windows operating systems ( Windows XP ) on the Internet.
  • An appropriate filter ( windows XP hostname:.in ) could find any operating systems on the internet.

Web Server:

  • Check the web server versions with query Server: <web server versions>
  • It’s very useful to audit any vulnerable versions of web servers on the internet.

Web application Firewalls:

  • Discovering web application firewalls on target.

Router:

  • Discover Cisco, Netgear, and more vulnerable routers in your country.
  • Over 65,000 Vulnerable Routers are already Abused by Multi-purpose Proxy Botnet.

Media & Entertainment:

  • Discover satellite television servers in various countries.

Database servers:

  • Discovering the Database servers of any organization is also possible with these search engines.

Home Automation

  • Searching HA bridge ( Home automation gateways such as an Amazon Echo/ Philips Hue).
  • Finding Amazon Echo/ Google Home IoT devices using Shodan.
  • Discovered remote access to Bedroom, and living room lights.
  • Remote commands such as “On”, and “Off” commands to turn off or turn on the lights.

Industrial Control System

  • Search for ICS/SCADA ( Industrial control systems/Supervisory Control and Data Acquisition) Devices in your country.
Shodan and Censys
  • The above figure illustrates that anyone on the internet can access Industrial devices and manipulate misconfigured SCADA devices.

Shodan’s search is powerful to find any vulnerable devices on the internet. It can be part of your penetration test to easier to discover new things on the internet.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates.

Also, Read

TOP 10 Best Torrent Search Engines 2023

Top 10 Deep Web Search Engine Alternatives for Google and Bing – 2023

An easy and beginner guide to SEARCH ENGINE OPTIMIZATION

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...

8 Common Hacking Techniques & 3 Ways to Avoid Them All

Hackers come in many forms with sophisticated Hacking Techniques, While there has been a...