Scariest Search Engine on the Internet
Shodan is the search engine for hackers, it shows all the devices that are connected to the internet. It is one of the tools that is mostly used by bad hackers, penetration testers, security researchers, and bug bounty hunters. It discovers the devices that are connected to the internet like cameras, servers, control systems, home automation systems, and databases.
This can be used as the starting point by bad hackers to create botnets by looking for those vulnerable systems for making DDOS attacks.
Finding Default Passwords:-
Anyone with zero knowledge can simply search for default passwords and they can see a lot of internet-connected devices with the default username as "admin" and their password as "password". And typing the IP address bar with ask for login and once you are in you can literally control the complete system.
Social Engineering:-
Hackers once find the devices on shodan they try to social engineer the target and will find a way to get into it. And they can have full control over the system. They can literally control the power systems, cooling grids, and turn off or on the lights.
And also there is a command line interface for shodan, as hackers love using the terminal
-------------------------------
$ sudo pip install shodan
------------------------------
Some Useful Commands:-
------------------------------------
apache city:"London"
-----------------------------------
This will find the devices that are using the apache as there servers and also you can specify the city to find in the particular region.
HeartBleed Vulnerability:-
------------------------------
vuln:cve-2014-0160
-----------------------------
Finds the device that are still up and vulnerable to the heartbleed vulnerability.
Comments
Post a Comment