(updated) SHODAN - Computer Search Engine released

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well.

I’ve just looked upon the new search engine. My first impression was : Holy s.., it could find a lot of buggy servers, websites, devices and so on.

But when playing again with google dorks (GHDB), it happens to look (hope i’m not mistaken), that Shodan is a kind of GUI for google dorks. More than that would say the author, but the project is still great and unfortunately could save hours for kiddies to find new vulnerable targets.

So i spent a night playing with it and was suprised by the number of vulnerable targets : Opened Cisco-IOS routers, vulnerable Databases, old days IIS 2.0, unbelievable servers with Windows NT 3.51, opened IBM http servers and much more. (Hint : use the phenoelit default password to look for exact name of device. You’ll get amazed)

Guys from SecuObs have even found Webcams and a lot of other devices. Read their good article (French)

You can also narrow down the results using the following search parameters:

* country:2-letter country code
* hostname:full or partial host name
* net:IP range using CIDR notation (ex: 18.7.7.0/24 )
* port:21, 22, 23 or 80

Test Shodan online

Update :

Download Shodan Firefox Extension