OSINT using SHODAN

You may have heard the term OSINT(“Open Source Intelligence”) The basics is that you can use public sources to get information about a target during your recon.

There are many tools that are available to perform this task such as Google, Maltego, SHODAN etc,

one of the tools that really puts a perspective not only on what can be found but just how insecure some devices are.

Meet SHODAN https://www.shodan.io/

Shodan was created as a search engine for devices for example if you search “DLINK” you will find all of the Dlink routers and devices found by the crawler. The crawler looks for devices with publically reachable ports such as HTTP or Telnet.

You can also search by service type such as DNS and you will see all devices that have port 53 open lets take a look.

 

Here is the SHODAN main page you can perform some basic  searches without a login but you will need an account for full site access

shodan main page

A search on Dlink devices brings up the following results I have removed the IP’s

Dlink results

 

As you can see from above the search engine has found  some services on these devices that are exposed to the internet lets drill down on one of them to see what the results are

 

As you can see from above the device has NTP exposed to the internet a big NONO as we are aware NTP is used in a lot of DDoS attacks.

You can get creative with your searches I am not going to do that in this article but you can take some time to explore the tool.

This tool sheds a lot of light on the issues that are facing this industry a lot of consumer devices and even corporate devices improperly configured and exposing these services to the internet.

Whats more is that some of these devices still have the default credentials !!!!

Let me know what you think about this tool

Sean

Leave a Reply

Your email address will not be published. Required fields are marked *