OSINT #3 – Shodan

Another week, another tool – this time, one of my most often used OSINT tools: Shodan. Having learnt about this tool after few years ago [yes, I was late to the party – note from the Editor], it has quickly become my favorite way to find out common vulnerabilities in a device-specific way. Instead of having to trawl through various sources or hope that my search engine skills were enough to help me understand the threats that all our local devices face, it’s all there in one place. 

If you’ve never used Shodan before, I advise that you sign up and have a look at the features that are on offer. Although I’m usually wary of open-source intelligence tools which come with a price tag, the range of Shodan’s toolset is really something worth investigating. 

How do I use Shodan? 

Shodan is intuitive to get your head around, but that’s possibly only true if you go in knowing what you want to find out. Thanks to its extensive features, you can find threat maps and trend graphs that help you build a fuller understanding of the threat landscape while you hunt for specific vulnerabilities in your equipment. 

With the growing number of cybersecurity professionals who got into the business from a developer entry point, the developer services will be a very happy addition. Not only can you get the Shodan interface through the Shodan Developer API, but you can also access the vast stores of the Shodan InternetDB and the GeoNet API to collect data, hunt for threats in the wild, and then use tools from other servers. The GeoNet remote tool usage feature is something that you will rarely find elsewhere. 

If you’re working solo, you might be more interested in research projects, Shodan Exploits allows you access to their exploit database and Metasploit.  

Shodan’s Features 

This is just a snapshot of what Shodan has to offer – like I say, it’s a very diverse toolset that would require some real investigation to get the best out of. Here are some of the main features which you can leverage to your advantage. 

Network security 

By loading your device types into Shodan, you can have a comprehensive view of all exposed services that are within your network. This delivers real-time notifications for anything that seems amiss – a useful, but common feature for tools of this kind. 

Internet intelligence 

This isn’t just about threat intelligence, although that is also available. This is about finding out who is using what products and how they are changing over time – we’re not talking about a guidebook to understanding what your CEO uses at home, but rather a long-term, data-driven view of technology and how it is changing. 

The most useful aspect of this is giving you access to the internet-spanning weekly web crawls, including different vulnerabilities for different hardware as they become known. This is something that should be useful for anyone in cybersecurity – not only are your own hardware types being monitored by Shodan, but you can find out more about prospective new hardware or potential pentesting targets as well. 

“Beyond the web” 

Amusingly named beyond the web by the Shodan team, this feature is discovering vulnerabilities in hardware that isn’t the conventional workstation set-up. This includes basic hardware such as mobile phones, but also much more specialized machines such as refrigerators, power plants, and Minecraft servers. In fact, the games section is particularly in-depth, which is useful and somewhat rare outside of a few specialized repositories! 

And a little something extra… 

Although not a key feature that will revolutionize your workday (for those of you only interested in boosting productivity to never before seen levels, you may want to skip to the next section), the developers behind Shodan evidently have a bit of a sense of humor. The best example is Shodan 2000 – a web app interface for the Shodan database that is kitted out with a mock 80s cyberpunk aesthetic and comes with accompanying synthware music. 

Obviously, this will only serve as a distraction on very important threat intelligence missions. But, for people who still fantasize about living the Matrix or have read a little bit too much Baudrillard, this is an excellent way to do your job and inject a bit of fun into your day too. Check it out at 2000.Shodan.io. 

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.