Null HYD Playing with shodan null
- 1. Playing with SHODAN Scan,Try,Pwn!! *The presenter or NULL-Hyd is not responsible for you actions and abuse of the Cyber Securit
- 2. #about me • I’m U.M.K. Dikshit 21yr Coder, Hacker and student. • Microsoft Certified and World Finalist for NASA Space Apps 2014. • Selected for SpaceX Project by NASA. • Volunteer for Mozilla Firefox,CFI and many more… • Tech enthusiast, Gaming freak and books lover. fb.me/kalyan.dikshit| @dikshit_umk | dikshitrocks93@gmail.com
- 3. #Agenda • History of SHODAN • What is SHODAN? • Tools used by SHODAN • Search terms • Basic Operations by SHODAN
- 4. #history • #searchinwikipedia SHODAN (Sentient Hyper-Optimized Data Access Network) is a fictional artificial intelligence and the main antagonist of the cyberpunk-horror themed action role- playing video games System Shock and System Shock 2. • Developed by John Matherly (@achillean)and launched in 2009 but conceived the idea in 2003. • Search for computers based on software, geography, operating system, IP address and more.
- 5. #What is SHODAN? • Typical search engines crawl for data on web pages and then index it for searching • SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching • Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners • Optimizing search results requires some basic knowledge of banners
- 6. #What is SHODAN? (2) • Raw Search Engine used for scanning devices that are connected to Internet. • Some excerpts By @achillean on Reddit. The 2 main purposes of Shodan are: Security research/ Penetration testing Business/ Market intelligence • If you want to find out how many vulnerable embedded web servers there are, use Shodan. • If you want to find out which countries have the most home automation systems, use Shodan. • If you want to see which company has the biggest presence in a region for a type of software (apache vs nginx in China?), you can use Shodan.
- 7. #tools used by SHODAN • Bulk searching and processing of SHODAN queries can be performed using SHODAN Diggity (part of SearchDiggity, Bishop Fox's free search engine attack tool suite). • This free tool provides an easy-to-use scanning interface to the popular hacking search engine via the SHODAN API. • SHODAN Diggity comes equipped with convenient list of 167 search queries ready in a pre-made dictionary file, known as the SHODAN Hacking Database (SHDB). • This dictionary helps target various technologies including webcams, printers, VoIP devices, routers, switches, and even SCADA/Industrial Control Systems (ICS) to name just a few
- 8. #search terms • Unlike other Search Engines’s where we type a problem which is like a sentence,but in SHODAN we use search terms. • They may be device manufacturer ,model name,product ver., services. • Some search terms are: Dir-60x Cisco-ios 200 Netgear IIS x.0 Zhone SLMS Default+admin Raspberry Raspbian x.0 and many more..
- 9. #Operations Search: Search terms are entered into a text box. Quotation marks can narrow a search. Boolean operators + and – can be used to include and exclude query terms (+ is implicit default). Login: Create and login using a SHODAN account; or Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID Login is not required, but country and net filters are not available unless you login Export requires you to be logged in Filters: Country: Filters results by two letter country code Hostname: Filters results by specified text in the hostname or domain Net: Filter results by a specific IP range or subnet OS: Search for specific operating systems Port: Narrow the search for specific services State/Postal Code: Search with the State or Postal Code.
- 10. #Operations (2) Hostname Filter: Search results can be filtered using any portion of a hostname or domain name Ex: “apache hostname:.nist.gov” Find “apache” servers in the .nist.gov domain Net/OS Filter: The net filter allows you to refine your searches by IP/CIDR notation. The OS filter allows you to refine searches by operating system Port Filter: SHODAN can filter your search results by port More ports/services coming (send requests to the developer via Twitter). Export: SHODAN lets you export up to 1,000 results per credit in XML format Credits can be purchased online Sample data export file is available
- 11. #Products SHODAN has many projects under it, which is started by many people and contributed code to the “GitHub” .
- 12. #Demo Time