Shodan and Censys  - Shodan and Censys - Finding Hidden parts of Internet With Special Search Engines

Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance Camera, Smart TV, SCADA networks and leading to traffic light management systems are exposed to the internet.

In 2016 impact of Mirai botnet , which was orchestrated as a distributed denial of service affects 300,000 vulnerable Internet of Things devices.

IoT device data privacy and integrity is another rising pain, voice assistive devices such as Amazon Echo and Home.

Shodan and Censys

The benefits of Google docks help you find the data you are looking on the Internet. There are also for information security professionals that help to discover devices that are accessible from the Internet.

IPv4 Hosts

  • Shodan and Censys can scan Internet-facing systems, open ports and services that listen on a port.

- Screenshot 21 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 23 - Finding Hidden parts of Internet With Special Search Engines

  • Discovered open ports have accurate banner versions, WHOIS information and the geographic location of the server.

Operating Systems:

  • Detecting old versions of Windows operating systems ( Windows XP ) on the Internet.

- Screenshot 65 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 28 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 26 - Finding Hidden parts of Internet With Special Search Engines

 

- Screenshot 38 1 - Finding Hidden parts of Internet With Special Search Engines

  • Appropriate filter ( windows XP hostname:.in ) could find any operating systems in the internet.

Web Server:

  • Check the web server versions with query Server: <web server versions>

- Screenshot 48 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 31 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 33 1 - Finding Hidden parts of Internet With Special Search Engines

  • It’s very useful to audit any vulnerable versions of web servers on the internet.

Web application Firewalls:

  • Discovering web application firewalls on target.

- Screenshot 37 1 - Finding Hidden parts of Internet With Special Search Engines

Router:

  • Discover , Netgear and more vulnerable routers in your country.

- Screenshot 40 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 42 1 - Finding Hidden parts of Internet With Special Search Engines

  • Over 65,000 Vulnerable Routers already Abused by Multi-purpose Botnet.

Media & Entertainment:

  • Discover satellite television servers in various countries.

- Screenshot 44 1 - Finding Hidden parts of Internet With Special Search Engines

Database servers:

  • Discovering Database servers of any organizations is also possible with these search engines.

- Screenshot 46 1 - Finding Hidden parts of Internet With Special Search Engines

Home Automation

  • Searching HA bridge ( Home automation gateways such as an Amazon Echo/ Philips Hue).
  • Finding Amazon Echo/ Google Home IoT devices using shodan.

- Screenshot 50 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 52 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 55 1 - Finding Hidden parts of Internet With Special Search Engines

- Screenshot 57 1 - Finding Hidden parts of Internet With Special Search Engines

  • Discovered remote access of Bedroom, living room lights.
  • Remote commands such as “On”, “Off” commands to turn off or turn on the lights.

Industrial Control System

  • Search for ICS/SCADA ( Industrial control systems/Supervisory Control and Data Acquisition) Devices in your country.

- Screenshot 19 1 - Finding Hidden parts of Internet With Special Search Engines

Shodan and Censys  - Shodan and Censys - Finding Hidden parts of Internet With Special Search Engines

 

- Screenshot 61 1 - Finding Hidden parts of Internet With Special Search Engines

 

 

  • Above figure illustrates that anyone on the internet can access Industrial devices and manipulate misconfigured SCADA devices.

Shodan’s search is powerful to find any vulnerable devices on the internet. It can be part of your penetration test to easier to discover new things on the internet.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here