Shodan for Penetration Tester

Shodan , the official definition of himself Computer Search Engine (Computer Resource Search Engine), is American man John Mase Li spent nearly 10 years to build a search engine that can search almost all US industrial control and connected to the network system .

Shodan Unlike traditional search engines such as Google, use Web crawlers to traverse your entire site, but directly into the channel behind the Internet, various types of port equipment audits, and never stops looking for the Internet and all associated servers, camera, printers, routers , and so on. Shodan month will be at about 500 million server around the clock to gather information.

This engine can search, locate all devices connected to the network server. Shodan works produced by various types of port equipment system flag information (banners) audits generate search results, so when you use it, the need to understand a little knowledge of the system flag information.

Numerous industrial control computer, waterworks and power grid and other automation systems are connected to the network, some of which exist loopholes , moderate levels of hackers will be able to dive into these systems. Industrial control computer firewall protection usually at work, but the protection of a firewall can easily be connected to the network and erosion.

Recently, an unknown hacker infiltrated a water plant in southern Houston internal systems, is used in the user manual found in a default password. A user Shodan search engine had sneaked into the Lawrence Berkeley National Laboratory cyclotron. Another user is found in thousands of unprotected Cisco routers. “These systems should not be exposed to as” Mase Li said.


First, you can download shodan Firefox plugin , you can use anytime, anywhere shodan search engines.

Before you start searching, you need to apply for an account, account application is completely free. If you do not want to apply for an account, you can also use the shodan, but you can not use the country and port filters.

Now begin to talk about the basic syntax of Shodan Hacking:

Country: As the name suggests this is a country filter, mainly the result of the country geographically divided. Support more than 100 countries!
Commonly used parameters are:

country: US – United States

country: JP – Japan

country: CA – Canada

country: RU – Russia

Hostname: host or sub-domain filters to remind that, in the search subdomain when you want to add a domain name at the front. “.”
Net: Shodan’s most powerful features is the ability to search for the IP / CIDR notation.

200 OK country:VN


Port: According to the port search, commonly used ports are: HTTP (80), FTP (21), SSH (22), SNMP (161)

apache 200 OK country:VN


OS: country:VN os