Shodan (website)
   HOME

TheInfoList



Click Here for Items Related To - Shodan (website)
OR:
Shodan (website) on:   [Wikipedia]   [Google]   [Amazon]

Shodan is a
search engine A search engine is a software system designed to carry out web searches. They search the World Wide Web in a systematic way for particular information specified in a textual web search query. The search results are generally presented in a ...
that lets users search for various types of servers (
webcam A webcam is a video camera which is designed to record or stream to a computer or computer network. They are primarily used in videotelephony, livestreaming and social media, and security. Webcams can be built-in computer hardware or peripheral d ...
s, routers, servers, etc.) connected to the
internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
using a variety of filters. Some have also described it as a search engine of service banners, which are
metadata Metadata is "data that provides information about other data", but not the content of the data, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive metadata – the descriptive ...
that the
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server. Shodan collects data mostly on web servers (
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
/ HTTPS – ports 80, 8080, 443, 8443), as well as
FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...
(port 21),
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...
(port 22),
Telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
(port 23),
SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...
(port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060), and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video streams. It was launched in 2009 by
computer programmer A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software. A programmer is someone who writes/creates ...
John Matherly, who, in 2003, conceived the idea of searching devices linked to the Internet. The name Shodan is a reference to
SHODAN SHODAN (Sentient Hyper-Optimized Data Access Network) is a fictional artificial intelligence and the main antagonist of the cyberpunk-horror themed video games ''System Shock'' and ''System Shock 2''. Character design SHODAN is an artificial in ...
, a character from the ''
System Shock ''System Shock'' is a 1994 first-person action-adventure video game developed by LookingGlass Technologies and published by Origin Systems. It was directed by Doug Church with Warren Spector serving as producer. The game is set aboard a space s ...
'' video game series.


Background

The website began as Matherly's pet project, based on the fact that large numbers of devices and computer systems are connected to the Internet. Shodan has since been used to find systems including
control system A control system manages, commands, directs, or regulates the behavior of other devices or systems using control loops. It can range from a single home heating controller using a thermostat controlling a domestic boiler to large industrial c ...
s for water plants,
power grid An electrical grid is an interconnected network for electricity delivery from producers to consumers. Electrical grids vary in size and can cover whole countries or continents. It consists of:Kaplan, S. M. (2009). Smart Grid. Electrical Power ...
s and a cyclotron.


Media coverage

In May 2013,
CNN Money CNN Business (formerly CNN Money) is a financial news and information website, operated by CNN. The website was originally formed as a joint venture between CNN.com and Time Warner's ''Fortune'' and ''Money'' magazines. Since the spin-off of Time ...
released an article detailing how Shodan can be used to find vulnerable systems on the Internet, including traffic light controls. They show screenshots of those systems, which provided the warning banner "''DEATH MAY OCCUR !!!''" upon connecting. In September 2013, Shodan was referenced in a
Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also re ...
article claiming it was used in order to find the security flaws in
TRENDnet TRENDnet is a global manufacturer of computer networking products headquartered in Torrance, California, in the United States. It sells networking and surveillance products especially in the small to medium business (SMB) and home user market seg ...
security cameras. The next day, Forbes followed up with a second article talking about the types of things that can be found using Shodan. This included
Caterpillar Caterpillars ( ) are the larval stage of members of the order Lepidoptera (the insect order comprising butterflies and moths). As with most common names, the application of the word is arbitrary, since the larvae of sawflies (suborder Sym ...
trucks whose onboard monitoring systems were accessible, heating and security control systems for banks, universities, and corporate giants, surveillance cameras, and fetal heart monitors. In December 2015, various news outlets, including
Ars Technica ''Ars Technica'' is a website covering news and opinions in technology, science, politics, and society, created by Ken Fisher and Jon Stokes in 1998. It publishes news, reviews, and guides on issues such as computer hardware and software, sci ...
, reported that a security researcher used Shodan to identify accessible
MongoDB MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Serve ...
databases on thousands of systems, including one hosted by Kromtech, the developer of the
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
security tool
MacKeeper MacKeeper is a cleanup utility for macOS. MacKeeper was developed by ZeoBIT, later acquired by Kromtech, and is currently owned by Clario Tech. MacKeeper has a troubled and litigious history. Zeobit settled a class action lawsuit accusing them ...
. In November 2021, PCMagazine described how Shodan was used by
AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile tel ...
to detect
Internet of Things The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other comm ...
devices infected with malware.


Usage

The website scans the Internet for publicly accessible devices. Shodan currently returns 10 results to users without an account and 50 to those with one. If users want to remove the restriction, they are required to provide a reason and pay a fee. The primary users of Shodan are cybersecurity professionals, researchers and law enforcement agencies. While cybercriminals can also use the website, some have access to botnets that could accomplish the same task without detection.


References


External links

* {{DEFAULTSORT:Shodan Internet search engines Internet properties established in 2009 2009 establishments in the United States