Google is a search engine for human readable content. Shodan does the same for machine readable content.
You can:
- search for specific IP addresses, and it will show you the active ports, and running services.
- search for a specific response header in the set of countries
- browse through the screenshots of open VNC & RDP
- open webcams
- and more…
The free accounts can use any feature, but the list of results is limited. But if you really want to look under the deck of the internet, the subscription is worth it.
Is this an ad? Good news everyone we’re becoming more like Reddit every day!
I’m not affiliated with the company in any way, there’s not even a reflink. I just find the service useful and fun.
At first I wasn’t sure whether to post it here or not, but since it’s certainly more tech related than the business model of twitter and reddit, which is being discussed here pretty often, I decided to go for it.
Stupid question, but what’s Shodan and why should I get it?
Shodan is good for violating other people’s privacy without them knowing it lol
Well, if you buy a cheap insecure camera, and point it to a giant satellite dish in some kind of space observatory, you can’t be surprised that people will want to have a look. At that point, you’re basically asking for it. /s
Yeah… that was a good find. I sent the link to a friend immediately, and we were yelling like children “it’s turning, it’s turning!” every time it was repositioned.
That’s cool AF. Shodan shows lots of cool things that I don’t think anybody minds being seen, but it also gives search results that could be used nefariously. It’s probably the coolest and creepiest tech product I’ve ever seen.
Well, if you ever asked yourself “How can I nmap the whole internet without wasting months of my life?” Shodan is for you. Otherwise, it’s probably not.
If you’re still curious anyway, I’m not the best person to pitch it to you… but I know just the right guy - Viss, and his DefCon presentation. Shodan is a tool that can help you find stuff that he talks about.
TOTES MCGOATS©
Here is an alternative Piped link(s): https://piped.video/watch?v=5xJXJ9pTihM
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Good bot
5 bucks for network monitoring made it a deal for me. Thanks 🙂
I believe it was the fictional artificial intelligence that became self-aware and tried to take over the world in the game System Shock, and later System Shock 2.
That one I knew, but thanks anyway 🙂
I rarely use shodan, so I’d probably never pay for a subscription. Especially since I’ve never really hit any limit in the free plan. But I got the lifetime membership two years ago for $0.99. Even for the current $5 that’s a no brainer.
Same here and the network monitoring isn’t a bad bonus.
Whats that?
Look at you, hacker
Well, for one they don’t make it easy to be able to block them. For another, they basically advertise intrusion vectors to would-be nefarious actors.
Being connected online is advertising intrusion vectors to would-be nefarious actors
One random use I found years ago was that I could instantly search for Comcast business boxes and then export the IPs as a csv, run a headless browser script to try default login creds, then scrape the wireless Mac, ssid, and password which I could plot on a map using wigle wifi wardriving data. It’s pretty cool. Maybe the monitoring service will come in handy if it ever notifies me of anything I should be concerned about on any of my IPs, hard to turn down a $5 lifetime pass.
Awh man! 10:22 my time and the deal is over.
Well crap. I was waiting until the end of the day to buy it. That’s too bad…
Edit: I guess that information was in the image, but would have been nice if it was in the post text too…
Website must be getting hammered, because I can’t navigate anywhere.
Shodan getting hug-of-death’ed.
Yeah that was an instant purchase. Thanks OP!
Is this a honeypot?
Well I guess I got it during that last sale because I’m already a member. Cool
I don’t think I’ve actually ever used it though
Same thing happened to me few years back. I forgot I got the membership last time there was a promotion :D
I’ve used it in the past to pirate foreign broadcast TV, but lately I just occasionally check my own stuff, or our customers stuff when there’s a problem. It’s nicer than nmap, and good enough for the initial part of the analysis.
pirate foreign broadcast TV
I wish to subscribe to your newsletter. I’m guessing a search for open RTMP ports, geolocation, and a few other criteria?
I was running tvheadend with dvb-t usb stick at the time, and one day wondered, who else might be running it. There were quite a few all over the world.
That’s how they get ya
awesome, thanks for sharing!
I really hate Shodan and Censys.
Why?