● Shodan can be used to search many online devices based on software, geography, operating system, IP address, and more.
● You can use the search engine directly http://www.shodanhq.com
● You can also change your browser search engine to search Shodan directly from the browser
○ Firefox
○ Chrome
● The screenshot shows example search results:

● Typical search engines crawl for data on web pages and then index it for searching
● SHODAN interrogates ports and grabs the resulting banners, then indexes the banners (rather than the web content) for searching
● The different filters available to search Shodan are: IP address, hostname, port, latitude and longitude, operating system, city, country, and device data.
Michael “theprez98” Schearer DefCon18

● Rather than locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content in their banners
● Optimizing search results requires some basic knowledge of banners
● Regular Expressions are also convenient tools for searching on SHODAN
Michael “theprez98” Schearer DefCon18

Each credit will export up to 10,000 results

According to a CNN Money article, “typical users include:
● Penetration testers, security professionals, academic researchers and law enforcement agencies”
Cybercriminal activity
● Generally used as a starting point
○ For example: finding unprotected servers to upload rootkits.
● For more intensive activity, cybercriminals have access to various other, more useful, tools http://money.cnn.com/2013/04/08/technology/security/shodan/index.html

Printer and router settings could be located.
No authentication protocols were being used
Simply possessing the IP address was sufficient

Security cameras at ASU can be accessed by searching for a specific security cam server. All cameras on this server were unprotected. o (Server:gen5th/1.35.00)
Details of security procedures and location of security devices can be used maliciously by attackers.

o Scripts can be made to quickly save query data from shodan.
o Reusing code from already existing scripts is helpful

● The Shodan API allows search engines access through
Python and Ruby
○ Shodan has Python and Ruby library information available
○ A complete tutorial can be found at: https://developer.shodan.io/
In this tutorial, we show how to access Shodan via Python.
● 1) Obtain an API key
○ Register an account (or use existing Google/Facebook/Twitter accounts) at: http://www.shodanhq.com/account/register
○ Click on the create API key in the right column of the Shodan home page. Your API key will be located here.

● 2) Install Python and Shodan API library.
○ Download python version 2.7.6
at http://www.python.org/download/
○ Be sure to get version 2.x (currently 2.7.6) NOT 3.x
○ Download “easy_install” program at https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
○ Run the above python script first, then add %PYTHON_HOME%\Scripts as PATH environment variable in your OS.
● In command line mode, type:

● 3) Write Python programs to do searches in Shodan.
○ The following code snippet shows how to execute a search query and extract information from the search results.
● In addition to “ip” and “data” shown in this example, you can also access
“country”, “hostnames”, “os”, “port”, “updated”, etc. from the search results.
● For a complete documentation, see: https://developer.shodan.io/

● Depending on the version of Python and the Shodan
API version downloaded, simplejson may need to be installed.
○ https://pypi.python.org/pypi/simplejson/
● The Shodan install may also be completed by downloading the .tar.gz
file at the link below, then install via the command line.
○ https://pypi.python.org/pypi/shodan/1.0.1
● When in doubt, there is generally a tutorial available to help you out

Firefox
1.
Click on the down pointing arrow in the search box in the upper right hand corner of your screen
2.
Scroll down and select “Search Using Shodan”
This should become visible after you have been to the shodan site.
Chrome
1.
Click on the three horizontal bars in your browser’s upper right hand corner.
When you hover over this it says “Customize and Control Google Chrome”
2.
Click on settings
3.
Scroll down to the Search section and click the “Manage search engines…” button
4. At the bottom it will say “Other search engines”, insert the following
5.
You will have to select it as the default to get it to appear in the upper box with the rest of the available search engines - Once it is listed with the rest, you can reselect your default search engine.

SHODAN www.shodanhq.com
Python (2.7.6 Documentation) http://docs.python.org/2/
SHODAN API Documentation (as well as banner specifications) https://developer.shodan.io/api/requirements
Python API Documentation https://developers.shodan.io/python/index.html
Regular Expressions (comprehensive) http://www.regular-expressions.info/
Regular Expressions (shorter page) https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions