ShodanHQ Queries For Penetration Tester
Have you ever heard SHODAN Search Engine?
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
SHODAN also lets you use boolean operators (‘+’, ‘-‘ and ‘|’) to include/ exclude certain terms. By default, every search term has a ‘+’ operator assigned to it.
In addition to boolean operators, there are special filters to narrow down the search results.
Black at pentestit.com has already collect some queries and you can find it here.
We try to collect SHODAN queries related to vulnerable servers, systems, and applications. Hopefully, it will updated daily ?
Jan, 21st 2011
http://www.shodanhq.com/?q=xampp
http://www.shodanhq.com/?q=1.3.22+port%3A80
http://www.shodanhq.com/?q=proftpd%201.3.2+port%3A21
http://www.shodanhq.com/?q=Fedora
http://www.shodanhq.com/?q=CentOS
http://www.shodanhq.com/?q=Debian
http://www.shodanhq.com/?q=webdav
http://www.shodanhq.com/?q=litespeed –> (Exploit: http://www.exploit-db.com/exploits/13850/)
http://www.shodanhq.com/?q=savant –> (Exploit: http://www.exploit-db.com/exploits/10434/)
http://www.shodanhq.com/?q=webSCADA
http://www.shodanhq.com/?q=admin+password
http://www.shodanhq.com/?q=tomcat-5.5
Jan, 23rd 2011
http://www.shodanhq.com/?q=airlive
http://www.shodanhq.com/?q=ubnt
http://www.shodanhq.com/?q=vxworks –> (More info: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html)
http://www.shodanhq.com/?q=camera
http://www.shodanhq.com/?q=GoAhead
http://www.shodanhq.com/?q=lighttpd+1.4.16 –> (Exploit: http://www.exploit-db.com/exploits/4391/)
http://www.shodanhq.com/?q=storage+nas
http://www.shodanhq.com/?q=protected+area
http://www.shodanhq.com/?q=cpanel
http://www.shodanhq.com/?q=AirStation%3A+Enter+%27%27root%27%27
http://www.shodanhq.com/?q=exchange
http://www.shodanhq.com/?q=owa
http://www.shodanhq.com/?q=xerox+port%3A80
http://www.shodanhq.com/?q=DD-WRT
http://www.shodanhq.com/?q=admin%2B1234
http://www.shodanhq.com/?q=SiemensGigaset-Server%2F1.0
http://www.shodanhq.com/?q=3COM
http://www.shodanhq.com/?q=realvnc
Jan, 26th 2011
http://www.shodanhq.com/?q=NetBuilder
http://www.shodanhq.com/?q=Asterisk+PBX
http://www.shodanhq.com/?q=Avaya
http://www.shodanhq.com/?q=huawei
http://www.shodanhq.com/?q=Zhone%20SLMS
http://www.shodanhq.com/?q=WindWeb
Feb, 9th 2011
http://www.shodanhq.com/?q=SmartAX
http://www.shodanhq.com/?q=Ericsson+Television+Web+server
http://www.shodanhq.com/?q=intranet