Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine that can gather information about Internet-connected devices. This is such as gathering information about a web application or finding vulnerable web cameras that you can easily access. This is a tool worth learning about if you are a web application penetration tester and want to execute a quick port and vulnerability scan.
How to use Shodan
From the website
To do a Shodan search quickly, you can head to their website (https://www.shodan.io/dashboard) and simply enter the domain name of the website. The example below is a search on crucialbits.com.
(Note: Searches are limited if you do not have an account. Making an account is free.)
Sometimes no results are found. For example, the search on tastyfix.com, as shown below, does not produce any results.
Thus, a more reliable way to search would be to use the IP address of the website. Below is the search using the IP address of tastyfix.com. (If you do not know how to find the IP address of a website, you can use the Nmap tool. Here is a guide on the Nmap tool)
As seen, it displays information such as:
- Vulnerabilities found
- Ports open
- Port services
From the command line (CLI)
The example of running Shodan from the command line is done on a Kali Linux machine.
Below are the instructions if you have not installed shodan on your machine yet. More information on the installation process can be found here.
Before you can run shodan, you will need to initialize it with an API key. This requires you to create an account with them. Creating an account is free.
Once you have created your account, browse to the account overview. You will find your API key here, as shown below.
Next, use this command to initialize Shodan:
shodan init <API key>
It should then display “Successfully initialized”.
(Note: You may need to initialize shodan every time you restart your machine)
To execute the same search as on the Shodan website, use the “host” argument along with the IP address of the website you want to scan. (If you do not know how to find the IP address of a website, you can use the Nmap tool. Here is a guide on the Nmap tool.)
The command used here is:
shodan host <IP address>
The example below is a search on the tastyfix.com website. As seen, it displays similar information to what is shown on the website.
Here are the other options available on the shodan command line tool that you can explore.
In conclusion, Shodan is a tool to find information about internet devices. It can be used for both information gathering and vulnerability scanning for penetration testing. What has been covered in this blog is only a snippet of Shodan’s features. I recommend exploring shodan to take advantage of more of its features, so it can be a powerful asset for your next penetration test.