Top 40 Shodan Dorks for Finding Sensitive Io-T Data

Please note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. With its ever-growing database and ease of use, Shodan has become one of the most popular tools used by security researchers for gathering IoT intelligence. Shodan provides a great starting point for researchers performing any information gathering task. By being able to filter data by its location, software version, when it was last seen and much more, Shodan can help researchers target specific research points, making their work easier and more efficient. Shodan is great for marketing teams and software vendors too, allowing you to filter out different versions of software running on a server. Furthermore, with the location filters available, one can also find the number of instances running in a certain country, city or district. Shodan employs cybersecurity fingerprinting as a way to find and tag devices, similar to the way human fingerprints identify a person. Various bits of information and services running on an IP address help identify the device running on that IP address. For example, looking up the issuer of an SSL certificate attached to an IP address can often help identify the manufacturer of the device with which the IP is associated. Today we will explore the top Shodan dorks to find sensitive data from IoT connected devices. Most popular Shodan dorks Thanks to its internet scanning capabilities, and with the numerous data points and filters available in Shodan, knowing a few tricks or "dorks"-like the famous Google Dorks can help filter and find relevant results for your IP intelligence research. To begin using Shodan dorks-in a practice known as "Shodan dorking", you'll first need to log in-or create an account and log in to your Shodan account by clicking on the "Login or Register" button on the right-hand side: After which you can log in to or create your Shodan account. Keep in mind this list is presented in random order. There's no Shodan dork more important than any other; they're merely used for different purposes. Let's begin. Databases Databases often hold critical bits of information. When exposed to the public internet, whether for ease of development access or simply due to misconfiguration, can open up a huge security hole. To find MongoDB database servers which have open authentication over the public internet within Shodan, the following search query can be used: MongoDB also has a web management application similar to phpMyAdmin called Mongo Express Web GUI, which we can find with the following query: Similarly, to find My SQ-L-powered databases: To lookup popular Elastic search-powered instances: And to look up Postgre SQ-L databases: Exposed ports Searching for services running on open ports accessible on the public internet, like FTP servers, SS-H servers and others, is possible by using the following queries. For FT-P, querying for pro ftpd, a popular FT-P server: To look for FT-P servers that allow anonymous logins: To query for Open SS-H, a popular SS-H server: For Telnet, querying for port 23: To look up EXIM-powered mail servers on port 25: Memcached, commonly seen on port 11211, has been a major source of UD-P amplification attacks leading to huge DDoS attacks. Services running Memcached available on the public internet are often exploited for these attacks: Jenkins is a popular automated build, deploy and test tool, often the starting point of any software being built for release. It can be found via the following query: DN-S servers DN-S servers with recursion enabled can be a huge source of network threats. To find these servers, one can use the query: Network infrastructure To find devices running a specific version of a Router-OS operating system that powers routers, switches and other networking equipment from the company MikroTik, we use the following search query: This allows us to find those switches, routers and other networking gear running an older an...

Om Podcasten

Listen to all the articles we release on our blog while commuting, while working or in bed.