Shodan is a special search engine that can be used to find internet connected devices and accurate information about various websites. With Shodan, you can find out what operating system a device is using, or find local FTPs with open anonymous access. Shodan can be used like Google, only Shodan indexes server metadata. For best results, you should use inline filters.
Steps
Step 1. Visit the Shodan website at
Step 2. Click “Register” in the upper right corner of the Shodan home page
Step 3. Enter your username, email address and password, click “Submit.” Shodan will send a confirmation email.
Step 4. Open the confirmation email, click on the link provided in the email to activate your account
The login screen will open in a new browser window.
Step 5. Log into Shodan using your username and password
Step 6. In the search bar, enter the parameters in string format
For example, if you want to find all US devices using default passwords, type “default password country: US.”
Step 7. Click “Search” to start the search process
The page will refresh and show all devices matching the specified search parameters in the list.
Step 8. Narrow your search by adding new filters
Here are examples of common search filters:
- city: You can narrow your search by designating a city. For example, "city: moscow."
- country: You can limit your search to one country by designating it with a two-letter code. For example, "country: US."
- hostname: Search can be limited to hostname. For example, "hostname: facebook.com."
- Operating system: Limit the search for devices to the desired operating system. For example, "microsoft os: windows."
Step 9. Select a system from the list to learn more about it
You can, for example, find out the IP of the system, coordinates, SSH and HTTP settings, as well as the server name.
Advice
- To narrow your search, you can purchase additional Shodan extensions. Click “Buy” in the upper right corner of the home page to buy filters and extensions.
- If you are in charge of information security in your organization, use Shodan to check systems for potential compromise by third parties. For example, check if your organization is using predefined passwords by typing “default password” in the search bar. Default passwords significantly reduce the security of information.