Posted by & filed under Hacking & Pentesting, Tools & Methodology.

Just got a tip about this search engine – SHODAN.

SHODAN is basically a banner grabbing search engine: It scans the Internet for machines running services on common ports, contacts these and stores the banners that it gets in return. It makes these banners publicly searchable. Banners are not sensitive information, but they often contain the name of the service and it’s version number, and that’s why pentesters (and hackers) often use this to profile the service. Profiling or “fingerprinting” is an essential skill in the pentesters arsenal: The name and version may come in handy if you want to exploit a weakness in a specific service, say OpenSSL v0.9.7 or if you’re just looking for anything vulnerable to wreak havoc.

SHODAN enables the last part. It’s like Google except that instead of searching for content, you can search for vulnerable services. It also correlates the IP with the geographic location, so that you easily can find servers running Cisco IOS with their managmenet interface available on the Internet (bad idea) in for example Norway, where I’m from.

It’s kind of a continous port scan, and the implications of it is potentially harmful – it makes it very easy to identify vulnerable services that are accessible from the Internet. The legality is also a bit shady as port scanning is not considered polite, and publishing the results online, well that’s just rude.

Just like firesheep, the idea is not new, but the moment someone systemizes the information or creates a tool, suddenly everybody pays attention.

Of course this can be a great tool for pentesters. The problem I have with it is ethical; someone should really alert the sysadmins that are responsible for these services, some of them are so easy to attack that I find it funny that they are still up and running online.

Leave a Reply

  • (will not be published)