Last updated: January 21, 2019

Every one of us used a serach engine like: Google or Bing to find some interesting stuff on the Internet. Seach engines crawl the entire web and index every word contains on thouese pages and rank them. This mechanism allows users to find information that thay are looking for. But over all serch engines that we can use, there is one more, very specific. This search engine insteda of indexing content of webside indexes banners pulled from each IP address. In other words, when we connect to an IP address, the device provides a banner identifying itself and some of it’s parameters.

This kind of information can be very usful for searching for vurnalable or unprotectd devices. As nearly every device is connected to the Internet, such a search engine would enable us to find all the devices of a particular type, i.e. Cisco routers or of a particular region and even SCADA¹ systems. With so many new Internet of Things² devices entering the market place every day without proper security, such information would be a treasure trove for hackers.

This kind of search engine does exist and developed by John Matherly in 2009 and it is named Shodan.

Nearly 180,000 Chromecasts are directly connected to the Internet - most of them are located in South Korea: https://t.co/4WqKe4V4Cb pic.twitter.com/wReeCbdXHa

— Shodan (@shodanhq) January 3, 2019

Shodan is an excellent tool for finding systems connected to web of a variety of types. We can use it to find systems running obsolete and vulnerable software, if we know how to look.

Shodan provided interesting vulnerability statistics for:

• Poland
• Germany
• USA
• UK
• China
• Russia
• Sweden
• Switzerland
• Norway

Crawler scans each IP address, there are 4.3B IPv4 IP addresses, and attempts to pull and collect the banner information from each device. This information in the banner usually includes the manufacturer of the device and some key parameters. It’s important to note here that Shodan indexes the data that is presented in the banner. It has no way of knowing whether the banner is accurate. Some firms that are vigilant about security actually replace these banners with fake or bogus banners to throw off Shodan or attackers.

---

Reference:

1. Shodan - Computer Search Engine - Main Site
2. Shodan - from Wikipedia

Annotations:

1. Supervisory Control and Data Aquistition (SCADA) is a control system architecture that uses computers, networked data communications and graphical user interfaces for high-level process supervisory management, but uses other peripheral devices such as programmable logic controller (PLC) and discrete PID controllers to interface with the process plant or machinery. The use of SCADA has been also considered for management and operations of project-driven-process in construction. ↩

2. The Internet of Things (IoT) is the network of devices such as vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data. ↩