It’s possible to scan all Internet looking for devices and network components. But it’s not so easy. If you would like to get more information about that, check these materials Fyodor - Nmap: Scanning The Internet. Interesting, right?
Today it’s easier. Theres few web search engines which allows everyone to search for computers, printers, video recorders, NAS servers and any other device connected to the Internet. If these devices are not correctly setup you can even gain access to them. But you shouldn’t do that, more or less it is illegal.
How it works is simple. The website crawls the Internet for publicly accessible devices and display results.
The primary users of these systems are cybersecurity professionals, researchers and law enforcement agencies but also cybercriminals.
Here is the list of device search engines.
Shodan
Shodan is the world’s first search engine for Internet-connected devices.
Here you can find an interesting way to display data from Shodan https://2000.shodan.io/
Shodan have it’s own command line interface. Also there is interesting tool using Shodan Api called SearchDiggity.
Example of use:
Find Apache servers in New York:
1 | apache city:"New York" |
Find Nginx servers in Germany:
1 | nginx country:"DE" |
Find Cisco devices on a particular subnet:
1 | cisco net:"216.219.143.0/24" |
The basic search filters you can use:
city: find devices in a particular citycountry: find devices in a particular countrygeo: you can pass it coordinateshostname: find values that match the hostnamenet: search based on an IP or /x CIDRos: search based on operating systemport: find particular ports that are openbefore/after: find results within a timeframe
CenSys
Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.
Example of use:
Search for hosts with the HTTP Server Header “Apache” in Germany
1 | 80.http.get.headers.server: Apache and location.country_code: DE |
Telnet and FTP hosts in Germany:
1 | location.country_code: DE and protocols: ("23/telnet" or "21/ftp") |
ZoomEye
ZoomEyeis a Cyberspace Search Engine recording information of devices, websites, services and components etc.
Example of use:
Search by application:
1 | app: application name |
Search by location:
1 | country: country code (for example: UK, IT, ES, FR, CN, JP..) |
Search by port:
1 | port: port number |
Search by OS:
1 | os: name of the operating system (for example os:linux) |
Search by service:
1 | service: service name |
Search by hostname:
1 | hostname: hostname (for example hostname:google.com) |
Search by IP Address:
1 | ip: ip address (for example ip:8.8.8.8) |
Search by CIDR:
1 | cidr: cidr segment (for example cidr:8.8.8.8/24) |
Search by site:
1 | site: domain name (for example site:google.com) |
Search by HTTP Headers:
1 | headers: headers in HTTP request |
Search by SEO keywords:
1 | keywords: keywords defined inside <meta name="Keywords"> |
Search by description:
1 | desc: description inside <meta name="description"> |
Search by title:
1 | title: title inside <title> |
FoFa
The Chinese equivalent of Shodan.
FoFa also has a client version.
Example of use:
1 | title="abc" |
1 | title="powered by" && title!=discuz |
More complex:
1 | title!="powered by" && body=discuz |
Ivre
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Zmap, Masscan, Bro and p0f) to gather data (network intelligence), stores it in a database (MongoDB), and provides tools to analyze it.
Example of use:
This tool is not available to public. You need to install, configure and gather data on your own before use.