ShodanHQ Queries For Penetration Tester

Have you ever heard SHODAN Search Engine?

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.

SHODAN also lets you use boolean operators (‘+’, ‘-‘ and ‘|’) to include/ exclude certain terms. By default, every search term has a ‘+’ operator assigned to it.

In addition to boolean operators, there are special filters to narrow down the search results.

Black at pentestit.com has already collect some queries and you can find it here.
We try to collect SHODAN queries related to vulnerable servers, systems, and applications. Hopefully, it will updated daily 😀

Jan, 21st 2011

http://www.shodanhq.com/?q=xampp
http://www.shodanhq.com/?q=1.3.22+port%3A80
http://www.shodanhq.com/?q=proftpd%201.3.2+port%3A21
http://www.shodanhq.com/?q=Fedora
http://www.shodanhq.com/?q=CentOS
http://www.shodanhq.com/?q=Debian
http://www.shodanhq.com/?q=webdav
http://www.shodanhq.com/?q=litespeed –> (Exploit: http://www.exploit-db.com/exploits/13850/)
http://www.shodanhq.com/?q=savant –> (Exploit: http://www.exploit-db.com/exploits/10434/)
http://www.shodanhq.com/?q=webSCADA
http://www.shodanhq.com/?q=admin+password
http://www.shodanhq.com/?q=tomcat-5.5

Jan, 23rd 2011

http://www.shodanhq.com/?q=airlive
http://www.shodanhq.com/?q=ubnt
http://www.shodanhq.com/?q=vxworks –> (More info: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html)
http://www.shodanhq.com/?q=camera
http://www.shodanhq.com/?q=GoAhead
http://www.shodanhq.com/?q=lighttpd+1.4.16 –> (Exploit: http://www.exploit-db.com/exploits/4391/)
http://www.shodanhq.com/?q=storage+nas
http://www.shodanhq.com/?q=protected+area
http://www.shodanhq.com/?q=cpanel
http://www.shodanhq.com/?q=AirStation%3A+Enter+%27%27root%27%27
http://www.shodanhq.com/?q=exchange
http://www.shodanhq.com/?q=owa
http://www.shodanhq.com/?q=xerox+port%3A80
http://www.shodanhq.com/?q=DD-WRT
http://www.shodanhq.com/?q=admin%2B1234
http://www.shodanhq.com/?q=SiemensGigaset-Server%2F1.0
http://www.shodanhq.com/?q=3COM
http://www.shodanhq.com/?q=realvnc

Jan, 26th 2011

http://www.shodanhq.com/?q=NetBuilder
http://www.shodanhq.com/?q=Asterisk+PBX
http://www.shodanhq.com/?q=Avaya
http://www.shodanhq.com/?q=huawei
http://www.shodanhq.com/?q=Zhone%20SLMS
http://www.shodanhq.com/?q=WindWeb

Feb, 9th 2011

http://www.shodanhq.com/?q=SmartAX
http://www.shodanhq.com/?q=Ericsson+Television+Web+server
http://www.shodanhq.com/?q=intranet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Thomas Gregory

Jai Guru Deva. What the eyes see and the ears hear, the mind believes. Gamer. Free thinker. Pwning @Spentera !