Hello everyone, today we will talk about the third piece of information collection.
Do we usually like to put search engines such as Baidu, Sogou, etc. on the homepage of our browser? Hehe, me too
Let’s introduce to you today a very awesome search engine. Just hearing the name is very awesome - shodan is also known as the "most terrible" search engine in the circle. It is good that it has not been walled yet. . This "special tool" shodan is called the "most terrible" search engine because it is different from other search engines. It is not used to search URLs, but goes directly to the back channel of the Internet. Search all the hardware devices such as servers, routers, etc. connected to the internet space all the time.
The URL is attached:
He looks like this
Friends can use chrome to open it and it can be translated into Chinese, but it is still recommended that friends try this kind of English station more, which will greatly help our later penetration.
With the website, we can open it directly, and we can search for the specified device through shodan. At present, the most popular keywords in this circle are: webcam, cisco, netgear, linksys, SCADA, etc.
How does it work? - Through the scanning function, it scans the online devices in the entire cyberspace and retrieves the banner information returned by each device and analyzes it. With this information, it can understand which server in the cyberspace is our concern , What’s even more frightening is how many servers that can log in anonymously in cyberspace (horror~)
Here is a brief list for everyone:
banner:HTTP、ftp、ssh、Telnet
Common filter: net(192.168.1.1)
city
country (CN、US)
potr (80 21 22 23)
THE
hostname (host or domain name)
server
From the beginning, we can use it happily~ But if you want to do something indescribable, I will tell you very responsibly: "Stop here"
Basic usage:
It is a fee-based platform, and the price is very expensive.
It doesn't matter, what did we do (stunned), we found that the page can create a free account, but the function is a bit castrated, it is enough for normal use.
Once we have an account, we will start our happy journey. It is like we use Baidu. Just enter the content we want to find in the search box on the homepage. For example, we search for the most common SSH (Secure Shell Protocol, used for Telnet to other devices)
The search results contain these pieces of content. On the left is the summary data, which includes:
Results map-search results display map
Top services (Ports)-Most used services/ports
Top organizations (ISPs)-Most used organizations/ISPs
Top operating systems-the most used operating systems
Top products (Software name)-the most used product/software name
The content displayed in the middle part of the page is the search result, including:
IP address, host name, ISP, time of the entry, the country where the host is located, banner information
For detailed information, we can click on a search result and it will be OK
You will find that the URL has an IP address in the address bar above, which means that its location in the network space has been found, so we can directly access through this IP address or use other information collection methods to collect detailed information .
Usually when we collect information for penetration projects, we often use the above methods to search for content that does not particularly meet our needs, and the efficiency will be reduced. Then we often need to use filtering methods to search, below Simply list a few common rules for everyone
country: Search for the specified country, for example country: "CN"
city: search for a specified city, for example city:"beijing"
hostname: search for a specified host or domain name, for example hostname: "google"
port: Search for the specified port or service, for example port: "25"
isp: Search for the specified ISP provider, for example, isp:"China Telecom"
product: Search for the specified operating system/software/platform, such as product: "Apache httpd"
org: Search for a specified organization or company, for example, org:"google"
net: Search for the specified IP address or subnet, for example, net: "202.106.0.0/24"
version: Search for the specified software version, for example version: "1.2.1"
geo: Search for a specified geographic location, the parameter is latitude and longitude, for example geo: "21.8133, 112.1838"
before/after: Search for data before and after the specified collection time, the format is dd-mm-yy, for example before: "05-03-20"
For example: apache city: "beijing" The effect of searching Beijing's apache server is as follows
And, what's more interesting is that you can click the "explore" button, which will get the ranking of various search postures shared by the big guys in the circle, as follows
After querying, we can also use the map "maps" button above to see a map similar to Google Earth as follows
In the back, it is to help us the most troublesome report in our work, click create report to generate it directly
Okay, this is the end of this introduction. We can also discuss other ways to use this powerful and terrifying search engine. We can use it a lot to discover more functions, and we can also use the postures shared by the great gods. To use it flexibly.
Finally, share a small benefit (all on Baidu~~)
The default account secret of a certain brand of webcam
Camera default account secret
@ IP network camera admin, password: 12345
@ Network camera admin, password: 888888
@ Network Camera Admin, password: 111111