Imagine that an internet service scans all devices connected to the internet 24/7, tests for known security vulnerabilities, reports services which are configured with default settings. It even offers it partially free of charge to people. It may be useful to some, and frightening to others.
About Shodan.io
Shodan (Sentient Hyper Optimized Data Access Network) by citing its own site, is a search engine for Internet-connected devices. The information that this search engine can provide can be used in the areas given below;
- Network Security
- Market Research
- Cyber Risks
- Internet of Things
Shodan continuously scans the devices connected to the internet and parses the information such as models, versions and location of the devices with the banner information it receives from the relevant ports. The most popular searches are for things like webcam, linksys, cisco, netgear, SCADA, etc.
How It Works
When Shodan scans a random IP, it checks mostly if the following ports are open.
- SMTP
- IMAP
- SIP
- SNMP
- Telnet
- SSH
- FTP
- HTTP/HTTPS/TCP 8443/TCP 8080
- RSTP
If these ports are open, it tries to get the following information with the banner information the port returns.
- Location
- Version
- Model
- Default username and password used or not
For example, following is a FTP banner;
Another example for a HTTP banner;
How to Use
The simplest use is actually the use of the search field at the top left of the screen. Lets search “remote desktop protocol”.
As you can see from the screenshot, on the left there is analyitic information such as top countries, top organizations. On the right is an example screenshot of the search.
Using filters allows us to make more specific searches. Below you can find some simple filters that can be used.
- geo: specify coordiantes
- country
- city
- hostname
- net
- os
- port
- before/after: specify within a timeframe
Now let’s create a search for IP’s which are MS Sql port open to Internet in Turkey.
country:”tr” port:”1433"
If you want to see more details for a specific IP, simply click on it.
The scary part is that there are also vulnerabilities related to this IP.
You can combine these filters easly.
You don’t have to use a Web interface to use Shodan. You can also use Shodan Cli, which is a python library.
It can be easily downloaded with pip.
Examples for Shodan Cli,
Shodan has also made available an API for those who want to automate the work. For detailed information, please refer to help.shodan.io.
Conclusion
It is a bit thought-provoking that such scary information is accessible to everyone and is legal. Corporate businesses can control themselves with such services, but small or medium businesses can be threatened by those who have access to these services and know how to use them. For example, Remote Desktop services or databases that have not patched the necessary patches or configured with default user information and are exposed to the Internet can become legitimate targets of ransomware attacks with this service. You can say everyone should responsible his own security, but I think it is necessary to discuss whether it is ethical to target him legally or not.
