Shodan – Search Engine for the IoT
As most of you know, Google, Bing, Yahoo and other popular search engines, crawl the Web looking web pages, images and other types of files. But there are other types of search engines too.
Today, we’re going to tell you about a search engine for the IoT (Internet of Things), called “Shodan”.
Shodan scours the Internet’s back channels and deeps scans the internet, looking for devices connected to the Internet – and many of devices that are part of what we call the IoT (Internet of Things). Shodan looks for refrigerators, printers, smart TVs, traffic lights, servers, printers, security cameras, webcams, routers and other devices connected to and making up what we call the Internet.
Shodan collects information on about one billion connected devices and services each month.
The information gleaned from Shodan, in the wrong hands may be used for nefarious deeds… but for us, it’s just interesting stuff, and something we think you should be aware of.
There’s been a lot written about how the IoT consists of tens of millions of connected devices, many of which have very little, if any, security to prevent unwanted access and/or control.
But what is Shodan, exactly? Well, according to Cybary ( Voted Best Cybersecurity Education Provider 2016)
What Is Shodan?
A web search engine is a software system that’s designed to search for information on the World Wide Web. As we all know, the information we usually get through search engines (like Google, Yahoo or Bing) is a mix of web pages, images and other types of files. Some search engines also mine data in databases or open directories. I will not address in detail how the search engines work, since it’s a vastly complex subject, but they all maintain the following processes in near real time:
Different from the “traditional” search engines, Shodan lets the user find specific types of computers (routers, servers, etc.) connected to the internet using a variety of filters to make your your searching more specific.
Some have described Shodan as a search engine for hackers, and have even called it “the world’s most dangerous search engine“. It was developed by John Matherly in 2009, and, unlike other search engines, the information it displays can be invaluable to hackers. According to Shodan.io:
‘Shodan is the world’s first search engine for Internet-connected devices.’
How does it work?
You start by navigating to the home page, and entering text into the search bar, like you’d do with any other search engine. In the search above, I looked for a specific IP address, but I could have searched for a specific word, like we usually do while browsing the internet. The most popular searches are for things like webcams, linksys, cisco, netgear, SCADA and other relevant keywords.
But how does Shodan actually work? It works by scanning the entire Internet and parsing the service banners, which are the meta-data that the server (or device) returns to the client…
All information obtained is stored in a database and provided to the public through the website without the need of an account. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.
Shodan currently returns 10 results to users without an account and 50 results to those with one. If users want to remove the restriction, they’re required to provide a reason and pay a fee. With an account, you also get access to more filters…
You can read the rest of this article here.
If you’d like to explore the IoT with Shodan, just visit https://www.shodan.io and explore. Type in things like refrigerators, printers, iphones, security cameras, etc. and search. You don’t have to sign up for an account o use the site. You’ll get up to 10 search results without signing up. If you want more search results, sign-up for a free account, and you’re good to go for up to 50 search results per search. If you want more than that, someone is going to want to know why. I don’t think I’d want to go that far.
Happy exploring? How about interesting exploring?