Web信息收集之搜索引擎-Shodan Hacking

Web信息收集之搜索引擎-Shodan Hacking

• 一、Shodan Hacking简介
• 1.1 ip
• 1.2 Service/protocol
• 1.3 Keyword
• 1.4 Cuuntry
• 1.5 Product
• 1.6 Version
• 1.7 Hostname
• 1.8 os
• 1.9 net
• 1.10 port
• 1.11 综合示例

一、Shodan Hacking简介

https://www.shodan.io
Shodan（撒旦搜索引擎）是由Web工程师John Matherly（马瑟利）编写的，被称为“最可怕的搜索引擎”，可扫描一切联网的设备。除了常见的Web服务器，还能扫描防火墙、路由器、交换机、摄像头、打印机等一切联网设备。

1.1 ip

114.114.114.114

1.2 Service/protocol

http
http country:”DE”
http country:”DE” product:”Apache httpd”
http product:”Apache httpd”

ssh
ssh default password
ssh default password country:”JP”

1.3 Keyword

基于关键词搜索的思路是根据banner信息（设备指纹）来搜索

“default password” country:”TH”
FTP anon successful

1.4 Cuuntry

Cuuntry:cn
Cuuntry:us
Cuuntry:jp

1.5 Product

Product:”Microsoft IIS httpd”
Product:”nginx”
Product:”Apache httpd”
Product:MySQL

1.6 Version

Product:Mysql version:”5.1.73”
Product:”Microsoft IIS httpd” version:”7.5”

1.7 Hostname

Hostname:.org
Hostname:.edu

1.8 os

Os:”Windows Server 2008 R2”
Os:”Windows 7 or 8”
Os:”Linux 2.6.x”

1.9 net

Net:110.180.13.0/24

1.10 port

port:80
port:22

1.11 综合示例

搜索日本区开启80端口的设备:

country:jp port:"80"
country:jp port :"80" product: "Apache httpd"
country:jp port:"80" product: "Apache httpd" city: "Tokyo"
country:jp port:"80" product: "Apache httpd" city:"Tokyo" os:"Linux 3.x"

搜索日本区使用Linux2.6. x系统的设备:

country:jp os:"Linux 2.6.x"
country:jp os:"Linux 2.6.x" port:"80"
country:jp os:"Linux 2.6.x" port:"80" product:"Apache httpd"

搜索日本区使用Windows Server 系统的设备:

country:jp os: "Windows Server 2008 R2"
country:jp os : "Windows Server 2003" port: "445"
country:jp os : "Windows Server 2003" port: "80"

搜索日本区使用Microsoft IIS的设备:
country:jp product: "Microsoft iis httpd" version:"7.5"