WEBVTT

0
00:00.610 --> 00:07.990
Now that you have an idea of how powerful and at the same time dangerous Shodan is let's move on and

1
00:07.990 --> 00:13.940
see how  it works behind the scenes. When used properly and ethically

2
00:13.940 --> 00:20.470
Shodan can be an invaluable tool to help you improve vulnerability assessment and penetration testing 


3
00:20.600 --> 00:29.770
as the IoT continues to expand. A typical search engine like Google crawls for data on web pages and 


4
00:29.920 --> 00:33.660
then index them for searching. SHODAN 


5
00:33.670 --> 00:41.950
on the other hand interrogates ports and grabs the resulting banners, then indexes the banners

6
00:42.250 --> 00:49.810
for searching rather than the web content. Rather than locating specific content on a particular search term, 

7
00:49.810 --> 00:57.040
SHODAN is designed to help the user find specific IoT devices that are connected to the Internet with 


8
00:57.040 --> 01:04.870
specific content in their banners.Optimizing Shodan search results requires some basic knowledge 


9
01:04.990 --> 01:12.190
of banners because Shodan works by scanning specific ports of random IP addresses on the Internet 

10
01:12.490 --> 01:20.330
and performing what is known as Banner Grabbing. Banner grabbing is defined as a technique used 


11
01:20.390 --> 01:29.460
to gain information about a computer system on a network and the service running on its open ports. Banner grabbing  

12
01:29.460 --> 01:37.740
can be performed manually or in an automated fashion like Shodan. The manual way to perform 


13
01:37.830 --> 01:45.140
a banner grab is by using a network utility like Telnet or Netcat.

14
01:45.310 --> 01:55.400
For example I'll grab the banner of a Linux machine that has port 22 open telnet the IP address

15
01:55.490 --> 02:06.260
of the machine and port22.  This has opened a connection to that IP address and got a response

16
02:06.290 --> 02:08.310
from the remote server.

17
02:08.330 --> 02:18.180
In this case I targeted the port 22 of an open ssh server and the result was the exact version that

18
02:18.180 --> 02:19.910
is running on that server

19
02:19.920 --> 02:27.860
right now. A hacker having that valuable information can then search for exploits for that specific version.

20
02:29.790 --> 02:34.170
I'm copying and then pasting the ssh version on Google.

21
02:41.340 --> 02:50.080
Shodan works by performing this banner grabbing action over and over again for all possible combinations

22
02:50.200 --> 02:54.260
of IP addresses and ports on the Internet.

23
02:54.260 --> 03:02.740
Shodan's basic algorithm works by picking a random IP for address and then a port from a list with

24
03:02.740 --> 03:09.640
ports of interest; then it will do a banner grab and see if the device responds in a way that

25
03:09.640 --> 03:10.730
is known.

26
03:11.140 --> 03:20.400
Then it starts all over again   by picking a new random IPv4 and a port. If a device is connected 

27
03:20.460 --> 03:21.840
to the Internet

28
03:21.900 --> 03:30.710
it probably is on Shodan too. The basic search for such a device is performed by its IP address.

29
03:34.810 --> 03:35.240
Let's

30
03:35.250 --> 03:42.960
suppose you want to check that this IP address is on Shodan. You simply paste it here and search

31
03:43.020 --> 03:43.890
for the address;

32
03:48.580 --> 03:54.680
and it was found. If you like to have more in-depth knowledge of Shodan

33
03:54.760 --> 03:58.920
I highly recommend the book written by its creator himself.