It’s possible to scan all Internet looking for devices and network components. But it’s not so easy. If you would like to get more information about that, check these materials Fyodor - Nmap: Scanning The Internet. Interesting, right?
Today it’s easier. Theres few web search engines which allows everyone to search for computers, printers, video recorders, NAS servers and any other device connected to the Internet. If these devices are not correctly setup you can even gain access to them. But you shouldn’t do that, more or less it is illegal.
How it works is simple. The website crawls the Internet for publicly accessible devices and display results.
The primary users of these systems are cybersecurity professionals, researchers and law enforcement agencies but also cybercriminals.
Here is the list of device search engines.
Shodan is the world’s first search engine for Internet-connected devices.
Here you can find an interesting way to display data from Shodan https://2000.shodan.io/
Find Apache servers in New York:
apache city:"New York"
Find Nginx servers in Germany:
Find Cisco devices on a particular subnet:
The basic search filters you can use:
city: find devices in a particular city
country: find devices in a particular country
geo: you can pass it coordinates
hostname: find values that match the hostname
net: search based on an IP or /x CIDR
os: search based on operating system
port: find particular ports that are open
before/after: find results within a timeframe
Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.
Search for hosts with the HTTP Server Header “Apache” in Germany
80.http.get.headers.server: Apache and location.country_code: DE
Telnet and FTP hosts in Germany:
location.country_code: DE and protocols: ("23/telnet" or "21/ftp")
ZoomEyeis a Cyberspace Search Engine recording information of devices, websites, services and components etc.
Search by application:
app: application name
Search by location:
country: country code (for example: UK, IT, ES, FR, CN, JP..)
Search by port:
port: port number
Search by OS:
os: name of the operating system (for example os:linux)
Search by service:
service: service name
Search by hostname:
hostname: hostname (for example hostname:google.com)
Search by IP Address:
ip: ip address (for example ip:18.104.22.168)
Search by CIDR:
cidr: cidr segment (for example cidr:22.214.171.124/24)
Search by site:
site: domain name (for example site:google.com)
Search by HTTP Headers:
headers: headers in HTTP request
Search by SEO keywords:
keywords: keywords defined inside <meta name="Keywords">
Search by description:
desc: description inside <meta name="description">
Search by title:
title: title inside <title>
The Chinese equivalent of Shodan.
FoFa also has a client version.
title="powered by" && title!=discuz
title!="powered by" && body=discuz
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Zmap, Masscan, Bro and p0f) to gather data (network intelligence), stores it in a database (MongoDB), and provides tools to analyze it.
This tool is not available to public. You need to install, configure and gather data on your own before use.