Shodan IoT search engine for cybersecurity professionals
what if you’re interested in measuring which countries are becoming more connected? Or if you want to know which version of Microsoft IIS is the most popular? Or you want to find the control servers for malware? Maybe a new vulnerability came out and you want to see how many hosts it could affect? Traditional web search engines don’t let you answer those questions. but shodan IoT will answer them.
What is Shodan IoT?
Shodan itself is a search engine for Internet-connected devices. Web search engines, such as Google and Bing, are great for finding websites. Also, let say that shodan is a search engine used to find Internet of Things (IoT) connected devices around the world.
How Shodan works
Shodan gathers information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet then Shodan queries it for various publicly available information.
Also, the types of devices that are indexed can vary tremendously: ranging from small desktops up to nuclear power plants and everything in between. When using Shodan the information gained from Shodan services can be applied to many areas.
- Network Security: keep an eye on all devices at your company that are facing the Internet
- Market Research: find out which products people are using in the real-world
- Cyber Risk: include the online exposure of your vendors as a risk metric
- Internet of Things: tracking the growing usage of smart devices
- Tracking Ransomware: measure how many devices have been impacted by ransomware
Shodan provides a platform that ensures accurate, consistent, and up-to-date information on Internet-facing devices.
Difference between Shodan IoT from Google
The most fundamental difference is that Shodan crawls the Internet whereas Google crawls the World Wide Web. However, the devices powering the World Wide Web only make up a tiny fraction of what’s actually connected to the Internet. Shodan’s goal is to provide a complete picture of the Internet.
Another difference with Google is that Shodan requires you to understand the search query syntax. For example, you can’t simply enter a power plant into Shodan and expect to get proper results.
Also, to get the most out of Shodan it’s important to understand the search query syntax.
How to use Shodan IoT
As you know already what shodan is. now let us see how you can navigate it by using its official website. Shodan.io. We are going to discuss 4 services offers by Shodan.
- Main Shodan: https://www.shodan.io
- Shodan Maps (membership required): https://maps.shodan.io
- Shodan Images (membership required): https://images.shodan.io
- Command Line Shodan
All of the above websites access the same Shodan data but they’re designed with different use cases in mind.
you might like also Protection of online privacy with 6 best anonymous browser
Main Shodan IoT Search Engine
This is the first Shodan interface for accessing the data gathered.
By default, When you search something via Shodan search engine the search query will look at the data collected within the past 30 days. This means that the results you get from the website are recent and provide an accurate view of the Internet at the moment.
In addition to searching, Shodan gives you the possibility to download your search reports. Also you can create your report and with the functionality share you can share your report if needed.
Warning: Shared search queries are publicly viewable. Do not share queries that are sensitive or you don’t want others to know about.
Shodan Maps provides a way to explore search results visually instead of the text-based main website. It displays up to 1,000 results at a time and as you zoom in/ out Maps adjusts the search query to only show results for the area you’re looking at.
All search filters that work for the main Shodan website also work on Maps. From a technical perspective, Shodan Maps is the same as the main Shodan website except it automatically adds a geo filter to your search query to restrict search results to the area that you’re looking at on the map.
Also, you need a Shodan Membership account to use Shodan Maps services.
For a quick way to browse all the screenshots that Shodan collects check out Shodan Images. It is a user-friendly interface around the has_screenshot filter and is one of the services that’s included with the Shodan Membership.
Also, the image data is gathered from 5 different sources:
- Remote Desktop (RDP)
- X Windows
Each image source comes from a different port/ service and therefor has a different banner. This means that if you only want to see images from webcams you could search for HTTP. To search for VNC you can search using RFB and for RTSP you simply search with RTSP.
The images can also be found using the main Shodan website or Shodan Maps by using the search query has_screenshot:true:
Installation of Shodan Command Line
The command-line interface (CLI) for Shodan is provided alongside the Python library. This means that you need to have Python installed on your computer in order to use the Shodan CLI. Once you have Python configured then you can run the following command to install the Shodan CLI:
pip install -U --user shodan
Also, to confirm that it was properly installed you can run the command:
It should return show you a list of possible sub-commands for the Shodan CLI