You certainly know what Google is: it’s a search engine that finds websites. However, it only scratches the surface of what we can find on the Internet. Just because something isn’t on Google, doesn’t mean it’s unfindable.
Shodan is also a search engine, but one designed specifically for IoT devices. It scours the invisible parts of the Internet most people won’t ever see. Any connected device can show up in a search, including:
-
Servers
-
Printers
-
Webcams
-
Traffic lights
-
Security cameras
-
Control systems
Shodan runs its scans 24/7, ensuring all its data is up to date. While most regular Internet users won’t need Shodan, cybersecurity experts, academic researchers, and government agencies are among the most active users of the engine.
No security expert can afford to ignore the challenges of an ever-expanding Internet of Things (IoT) landscape. There are already over 10 billion connected devices active today, and that figure is expected to reach 64 billion by 2025.
While those devices benefit businesses and consumers immensely, leading to a $3 trillion IoT market, protecting all those endpoints won’t be easy. One of the primary challenges of IoT security is awareness: how do you keep track of vulnerabilities across millions of endpoints?
That’s where an online tool known as Shodan comes into play.
How Does Shodan Work ?
The Algorithm
Shodan (Sentient Hyper-Optimized Data Access Network) is often referred to as the world’s first search engine for Internet-connected devices. Upon scanning the entire internet, the search engine sends queries to connected IoT devices for publicly available information related to them. The servers of such devices return their service banners to the user. Shodan also supports customized queries using filters like city, country, hostname, OS, etc. to find out the corresponding details.
In a nutshell, the algorithm Shodan uses runs like this:
-
Generate a random IPv4 address.
-
Collect a real-time list of connected devices online.
-
Query a supported port.
-
Check the IPv4 address on the port.
-
Grab a service banner. It means practically that Shodan identifies the following info:
-
Repeat.
These are the ports that Shodan scans for:
-
Port 554 – Real Time Streaming Protocol
-
Port 5060 – SIP
-
Port 25 – SMTP
-
Port 161 – SNMP
-
Port 23 – Telnet
-
Port 993 – IMAP
-
Port 22 – SSH
-
Port 21 – FTP
-
Ports 8443, 443, 8080, and 80 – HTTPS/HTTP
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM