Introduction to Shodan

Introduction to Shodan

Presentation at BSides KC 2017 at Think Big Partners, Downtown Kansas City on 5/20/2017

260a95e08b7880ecd76b964203f25c87?s=128

Aaron Blythe

May 20, 2017
Tweet

Transcript

  1. 9.

    @ablythe https://nmap.org/book/legal-issues.html • When used properly, Nmap helps protect your

    network from invaders. But when used improperly, Nmap can (in rare cases) get you sued, fired, expelled, jailed, or banned by your ISP. Reduce your risk by reading this legal guide before launching Nmap.
  2. 10.
  3. 12.
  4. 13.

    @ablythe Banner Apache Server Siemens S7 ICS Metadata Hostname Operating

    System Geo-Location Randomized 24/7 Crawler From Data Centers around the world
  5. 20.

    @ablythe Heartbleed If the service is vulnerable to Heartbleed then

    the banner contains 2 additional properties. opts.heartbleed contains the raw response from running the Heartbleed test against the service. Note that for the test
 the crawlers only grab a small overflow to confirm the service is affected by Heartbleed but it doesn’t grab enough data to leak private keys. The crawlers also added CVE-2014-0160 to the opts.vulns list if the device is vulnerable. However, if the device is not vulnerable then it adds “!CVE-2014-0160”. If an entry in opts.vulns is prefixed with a ! or - then the service is not vulnerable to the given CVE. {
 "opts": { "heartbleed": "... 174.142.92.126:8443 - VULNERABLE\n", "vulns": ["CVE-2014-0160"] } } Shodan also supports searching by the vulnerability information. For example, to search Shodan for devices in the USA that are affected by Heartbleed use: country:US vuln:CVE-2014-0160
  6. 23.
  7. 24.

    @ablythe “Not for novice, need technical knowledge” - John Matherly

    From: https://danielmiessler.com/study/shodan/#gs.vY0dx58
  8. 34.

    @ablythe Limitations of the Free Versions • No more than

    5 pages deep on any search • No maps
  9. 38.

    @ablythe Is My Device on Shodan? Currently the answer is

    likely ‘no’ Reason: Routers and IPv4 However… when IPv6?
  10. 41.

    @ablythe References • John Matherly 2016, National Cyber Summit: •

    https://www.youtube.com/watch?v=Fbjka5CfbzI • John Matherly 2014, NETEXPLO • https://www.youtube.com/watch?v=pqP0F8MAy1U
  11. 43.

    @ablythe Disclaimer • Use this information for positive purposes •

    Accessing or attempting to access someone else’s devices could be punishable by law • I tell you these things so you can protect your own assets
  12. 44.
  13. 45.

    Help us get better! my talk http://bit.ly/BSidesKCT alkEval the conference

    http://bit.ly/ BSidesKCEventEval anything else http://bit.ly/IqT6zt Please provide feedback on…