Tag Archives: shodan

Shodan for the IT Pro

So there you are dropping by your customers and making sure their servers are patched and systems are running normally.  For security you make sure AV is running and the firewalls are configured, but what are you missing?  Do the customers have access to make changes to the firewalls?  Do they have marketing teams or engineering groups who stand up systems outside the company?  How can you determine what is out there for your clients??

Shodan IP Camera Search

Well that is where something like Shodan comes into play.  It is the Internet of Things search engine.  You can search for everything from IP web cameras to industrial control systems.  But what does that all mean to the IT Consultant just trying to keep their clients online and running?  Well lets talk about those engineers or marketing people.  Shodan allows you to search for everything from IP addresses/networks, protocols/ports, and keywords.  The free version will let you search for the basic web protocols – 80, 443, 23, 21, etc… Using the a paid subscription you will gain access to searches for any ports as well as the ability to run reports.  This has been a well known tool to those of us in the Information Security industry, whether we are performing recon activities for a penetration test or building intelligence for organizational threat assessment.  Or just simply identifying possible shadow IT systems deployed without our knowledge.

Shodan Organization Search

So what value is this to the IT pro?  Well you can perform checks of your clients IP space or perform an organization search – org:”Your Company Name”.  This will typically display the information from the TLS certificate.  From there you can review the IP and host names and run additional checks on the network ranges.  This is just he tip of the ice berg with what is available from Shodan.  They have APIs available that can be used with scripting languages such as Python and even Powershell.  Scripts can be written to schedule regular checks on specific terms or searches of known address spaces.  This becomes a great resource for those smaller organizations that do not have the large budgets to perform full threat assessments or implement threat intelligence practices.  And at the very least it makes for a fun Saturday morning activity while you have your coffee.