Monday, December 7, 2009

SHODAN - Computer Search Engine

SHODAN is a search engine that allows you to find servers/routers/etc. It scans the Internet and indexes the headers that come back. What this means is that instead of finding an exploit that works on a target system, you can grab any exploit then find a system vulnerable to it

To demonstrate, let us find an FTP server in China with anonymous access. To do that, I typed FTP port:21 country:CN. In response, SHODAN gives a list of systems matching the criteria:

Running an FTP command with a IP address from the list confirms that the server exists:

Please remember that it is illegal (in most countries) to scan and/or fingerprint a system without proper authorisation from the owner. Considering SHODAN capabilities, one should consider a question of ethical aspects of the "cloud hacking".


1 comment:

  1. Excellent Blog every one can get lots of information for any topics from this blog nice work keep it up.