I was looking for cool security stuff on the Internet as I do, and I came across this story The Futility of Security By Obscurity on Dark Reading that pointed me to this online search engine called Shodan created by John Matherly.
Shodan is an online search engine for computers. Not news, tweets, blogs, and lolcats, but machines. You can search for machines on the internet that have certain criteria, for example, Using the following query:
I got this sample of the machines in Australia that use ASP.NET:
I could have searched for all machines that returned an HTML response code of 403 (forbidden) or 200 (OK) as well:
In fact you can search on any of these criteria.
Let's say, hypothetically speaking of course, that a bad guy wanted to cause a little DOS annoyances to Apache servers. They could search for systems in Russia running Apache prior to 2.2.14 with a query like: apache 2.2.11 country:RU and get the following results: (sample)
So what does this mean? Well for starters, now Script Kiddies can find all the likely targets they want. Machines that you have set up to handle your personal home network serving your MP3 collection out to you at your office are not safe just because you didn’t tell anyone they were there. Sure people have done port and IP scans for decades, but firewalls and disabling ICMP made your machine vanish from those prying eyes.
While poking around, I even stumbled upon someone's Secure Computing SG management Console for their Secure Computing SG300 router.
(in case you are curious, no, they had not changed the default Admin password…I heard that anyway.)
Now, does this search engine offer anything that could not have been found out with IP scans, trace routes and a bit of caffeine? No, probably not, but this sure puts a nice GUI front end on it and takes the guesswork out of banner grabbing and other skulduggery.
At the moment, it is primarily focused on web server hunting, but John Matherly who created Shodan, is going to be expanding it to FTP, Telnet and SSH. Drop him a line on the site, he's taking suggestions for priorities.
And one more cool tidbit, It uses OpenSearch, which means you can add it to the list of search engines providers usable from the search bar in IE. 🙂