Show Menu
Cheatography

A quick cheatsheet of useful shodan search parameters.

Shodan:

A search engine for IoT and Internet connected devices
Shodan is a search engine that specia­lizes in indexing Intern­et-­con­nected devices and systems. Unlike tradit­ional search engines that index web pages, Shodan searches for devices connected to the Internet, such as servers, routers, webcams, industrial control systems, and other Internet of Things (IoT) devices.

Search parameters

 
Shodan uses search parameters to help you narrow down your search, the following sections will offer some of the most useful parame­ters.

General Query Terms

city:”­[city name]”
Devices in a specific city.
org:”[­org­ani­zation name]”
Devices related to a certain organi­zation.
countr­y:”­[co­untry]”
Devices in a specified country.
region­:”[­reg­ion]”
Devices in a specific region.
postal­:”[­postal code]”
Devices in a specific postal code.
latitu­de:­”[l­ati­tude]” longit­ude­:”[­lon­git­ude]”
Devices at specific coordi­nates.
os:”[o­per­ating system]”
Devices running a specific OS.
net:”[IP range]”
Devices within a certain IP range.
port:”­[port number]”
Devices open on a specific port.
 

IoT Search Terms

“smart tv”
Searches for intern­et-­con­nected smart TVs.
“IP camera” “default login”
IP cameras with default login creden­tials.
These are general terms that are suggested ways to target certain types of devices and should be used with other modifiers to narrow down the inform­ation.

Applic­ations and Services

produc­t:”­[pr­oduct name]”
Devices running a specific product.
versio­n:”­[ve­rsion]”
Devices with a specific version number.
“X-Pow­ere­d-By: PHP/[v­ers­ion]”
PHP versio­n-s­pecific servers.
“server: Apache”
Finds Apache web servers.
iis:[v­ersion number]
Servers running Microsoft IIS.
“server: nginx”
Devices running Nginx server.
 

Security and Vulner­ability Terms

“Cisco IOS” “http auth”
Cisco IOS devices with HTTP authen­tic­ation.
“default login” “router”
Routers with default login creden­tials.
vuln:”­[CV­E-ID]”
Searches for vulner­abi­lities with a specific CVE ID.
“Server: Apache” -“mod_ssl” -“OpenSSL”
Apache servers potent­ially without SSL encryp­tion.
“heart­bleed” vuln
Searches for vulner­abi­lities related to Heartb­leed.
“Etern­alBlue” vuln
Devices vulnerable to Eterna­lBlue.
These are general terms that are suggested ways to target certain types of services and should be used with other modifiers to narrow down the inform­­ation.
       
 

Metadata

  • Languages:
  • Published: 6th May, 2024

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Security+ 601 Exam Cheat Sheet