Shodan and Censys: Finding Hidden Parts On the Internet With Special Search Engines

Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance Camera, Smart TV, SCADA networks and leading to traffic light management systems are exposed to the internet.

In 2016 impact of Mirai botnet attack, which was orchestrated as a distributed denial-of-service attack affects 300,000 vulnerable Internet of Things devices.

IoT device data privacy and integrity is another rising pain, voice assistive devices such as Amazon Echo and Google Home.

Shodan and Censys

The benefits of Google docks help you find the data you are looking on the Internet. There are also special search engines for information security professionals that help to discover devices that are accessible from the Internet.

IPv4 Hosts

  • Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port.
  • Discovered open ports have accurate banner versions, WHOIS information and the geographic location of the server.

Operating Systems:

  • Detecting old versions of Windows operating systems ( Windows XP ) on the Internet.
  • Appropriate filter ( windows XP ) could find any operating systems on the internet.

Web Server:

  • Check the web server versions with query Server: <web server versions>
  • It’s very useful to audit any vulnerable versions of web servers on the internet.

Web application Firewalls:

  • Discovering web application firewalls on target.


  • Discover Cisco, Netgear and more vulnerable routers in your country.
  • Over 65,000 Vulnerable Routers already Abused by Multi-purpose Proxy Botnet.

Media & Entertainment:

  • Discover satellite television servers in various countries.

Database servers:

  • Discovering Database servers of any organizations is also possible with these search engines.

Home Automation

  • Searching HA bridge ( Home automation gateways such as an Amazon Echo/ Philips Hue).
  • Finding Amazon Echo/ Google Home IoT devices using Shodan.
  • Discovered remote access of Bedroom, living room lights.
  • Remote commands such as “On”, “Off” commands to turn off or turn on the lights.

Industrial Control System

  • Search for ICS/SCADA ( Industrial control systems/Supervisory Control and Data Acquisition) Devices in your country.
  • Above figure illustrates that anyone on the internet can access Industrial devices and manipulate misconfigured SCADA devices.

Shodan’s search is powerful to find any vulnerable devices on the internet. It can be part of your penetration test to easier to discover new things on the internet.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Recent Posts

FBI Hacks Back Hive Ransomware Gang’s Infrastructure – Website Seized

As a result of an international law enforcement operation, the sites utilized by the Hive…

6 hours ago

Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

The source code of Yandex, the largest IT company in Russia and commonly referred to…

20 hours ago

Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

A joint Cybersecurity Advisory (CSA) from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency…

1 day ago

U.S. Sues Google for Dominance Over Digital Advertising Technologies

Recently, the US Justice Department along with the eight states filed a lawsuit against Google,…

2 days ago

Top FinTech API Security Challenges

A recent report reveals that the number of attacks on financial service APIs and web applications worldwide…

3 days ago

Wireshark 4.0.3 Released – What’s New!

The Wireshark Team has recently unveiled the latest iteration of their widely-utilized packet analyzer, Wireshark…

3 days ago