Jump to content

Shodan - IoT Recon Toolkit


cwade12c
 Share

Recommended Posts

Shodan is an Internet of Things search engine that allows you to search and scan a wide variety of devices using a wide array of filters. Some will limit their information gathering to things that they see on the web. You can go beyond this, and Shodan is a tool to help with that: phones, controllers, refrigerators, etc. Shodan has powerful dashboards, community curated filters, and a powerful API to let you plug right into their platform.

Here is a HackerSploit video covering some of the basics of Shodan:

 

And if you want to check out the engine for yourself...well, here you go!

Link to website: https://www.shodan.io/

  • I Like This! 1
Link to comment
Share on other sites

This is amazing... This has so many applications, and looks to be an amazing tool for data analytics and market research. I think this could even be useful at my work.

Link to comment
Share on other sites

Shodan is crazy powerful. My advice in using it would be: always think about it, before engaging in your next action.

  • I Agree! 1
Link to comment
Share on other sites

There are some pretty badass resources out there for Shodan. A good place to start to really see some of the crazy shit you can do with it, and as well as to avoid a visit from the Department of Homeland Security, can be located here:

 

This is a badass talk. Dan is a kick-ass Defcon speaker.

Also, this quick guide will introduce you to shodan:

https://www.hackeracademy.org/hacking-with-shodan-how-to-use-shodan-guide/

Here are some cool pentensting related projects, that use Shodan:

https://awesomeopensource.com/projects/shodan

  • Thank You! 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • cwade12c
      By cwade12c
      TinEye uses image recognition technology to provide a free reverse image search engine. This can be useful for information gathering purposes, or to find out more about a product. All you do is upload an image (or paste a direct URL to an image), and it will show you results to other pages / profiles that contain (or have contained) that image. They also offer Firefox and Chrome extensions to make the process a bit easier.

      https://tineye.com/
       
    • cwade12c
      By cwade12c
      Sn1per is an opensource AIO offensive security framework that includes features such as:
      Attack Surface Discovery Penetration Testing Visual Recon IT Asset Inventory Vulnerability Management Web Application Scans Reporting OSINT Collection Continuous Scan Coverage Domain Takeover Tools There are also many help topics and integration guides listed directly in the README.
      Link to repository: https://github.com/1N3/Sn1per
    • cwade12c
      By cwade12c
      URLCrazy is a domain typo generator that looks useful for testing domain typos and variations, which can have a ton of uses: typo squatting, URL hijacking, phishing, etc. Other use cases might include detecting who is using variations of your domain name (to inform your users), which can help protect your brand and inform your users.

      Link to the repository: https://github.com/urbanadventurer/urlcrazy
    • cwade12c
      By cwade12c
      The Recon-ng Framework provides a web-based environment to conduct reconnaissance quickly and easily. It is written in python and has a look similar to Metasploit, is modular, and has a development guide for building new modules. Here is an included video introduction to help you learn more about and get started with Recon-ng:
       
      Link to the repository: https://github.com/lanmaster53/recon-ng
    • cwade12c
      By cwade12c
      I'd recommend checking this tool out if you are conducting some recon to gain an overview of HTTP-based attack surface. According to the Aquatone Github repository,
      You can also use it alongside other tools, like Amass, Nmap, Masscan, etc.
      Link to the tool: https://github.com/michenriksen/aquatone
×
×
  • Create New...