Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance Camera, Smart TV, SCADA networks and leading to traffic light management systems are exposed to the internet.
IoT device data privacy and integrity is another rising pain, voice assistive devices such as Amazon Echo and Google Home.
Shodan and Censys
The benefits of Google docks help you find the data you are looking on the Internet. There are also special search engines for information security professionals that help to discover devices that are accessible from the Internet.
- Shodan and Censys can scan Internet-facing systems, finding open ports and services that listen on a port.
- Discovered open ports have accurate banner versions, WHOIS information and the geographic location of the server.
- Detecting old versions of Windows operating systems ( Windows XP ) on the Internet.
- Appropriate filter ( windows XP hostname:.in ) could find any operating systems in the internet.
- Check the web server versions with query Server: <web server versions>
- It’s very useful to audit any vulnerable versions of web servers on the internet.
Web application Firewalls:
- Discovering web application firewalls on target.
Media & Entertainment:
- Discover satellite television servers in various countries.
- Discovering Database servers of any organizations is also possible with these search engines.
- Searching HA bridge ( Home automation gateways such as an Amazon Echo/ Philips Hue).
- Finding Amazon Echo/ Google Home IoT devices using shodan.
- Discovered remote access of Bedroom, living room lights.
- Remote commands such as “On”, “Off” commands to turn off or turn on the lights.
Industrial Control System
- Search for ICS/SCADA ( Industrial control systems/Supervisory Control and Data Acquisition) Devices in your country.
- Above figure illustrates that anyone on the internet can access Industrial devices and manipulate misconfigured SCADA devices.
Shodan’s search is powerful to find any vulnerable devices on the internet. It can be part of your penetration test to easier to discover new things on the internet.