WEBVTT

0
00:01.280 --> 00:04.750
Shodan has changed the way hackers build tools,

1
00:04.850 --> 00:12.350
as it allows a large part of the target discovery phase to be automated.  Rather than scanning the entire

2
00:12.350 --> 00:13.280
Internet

3
00:13.280 --> 00:20.570
hackers can enter the right search terms to get a massive list of potential targets.

4
00:20.580 --> 00:27.390
There is also a Shodan CLI client written in  Python that allows hackers to quickly write Python


5
00:27.390 --> 00:32.180
scripts that target vulnerable devices all over the world.

6
00:33.370 --> 00:40.840
There are more than 20 billion IoT devices connected to the Internet so definitely you'll want to

7
00:40.840 --> 00:46.740
narrow your search. After you log in with a free or paid account

8
00:46.740 --> 00:54.220
a number of additional search capabilities will become available for you in the form of filters.

9
00:54.370 --> 01:00.340
The real power of Shodan comes from customized queries.

10
01:00.380 --> 01:04.600
Let's take a look at some of the most useful filters!

11
01:04.970 --> 01:12.040
If you want to geographically narrow your search use the country or city filters. Let's

12
01:12.070 --> 01:19.120
search for d-link Internet cameras in Germany.

13
01:19.150 --> 01:30.570
These are all d-link Internet cameras and I want only the cameras in Germany country: and the

14
01:30.570 --> 01:31.650
country code,

15
01:31.710 --> 01:37.070
in this case de. To use the filter type the name of the filter,

16
01:37.110 --> 01:47.980
in this case country: and then a search for a term. And these are all d-link Internet cameras

17
01:48.100 --> 01:53.330
In Germany. Now let's see what we can find in Berlin.

18
01:54.740 --> 01:56.720
city:Berlin

19
02:02.500 --> 02:05.110
and there are 6 cameras in Berlin. 

20
02:09.860 --> 02:14.310
Or we can search for Cisco devices in a particular subnet.

21
02:14.450 --> 02:20.210
Cisco net the filter : and the sumnet.

22
02:20.300 --> 02:21.970
Let's take a random subnet!

23
02:27.460 --> 02:36.520
And there are 3 Cisco devices on that subnet. We can also combine filters by adding them like this

24
02:37.940 --> 02:44.710
so if you want to search for Apache web servers in Sidney that are running on port 8080 and 

25
02:44.780 --> 02:51.970
are also running Tomcat you have to combine 3 filters: city, port and product.

26
02:52.240 --> 03:05.390
So I'm searching for Apache city:"Sydney" port:"8080" the port is listens on 

27
03:05.390 --> 03:08.780
product:"Apache Tomcat"


28
03:14.640 --> 03:20.940
and it found only a Apache web servers that also run Tomcat in Sydney.

29
03:24.740 --> 03:25.640
For example

30
03:25.640 --> 03:31.610
this one has 3 ports open 22 80 and 88.

31
03:32.150 --> 03:39.410
And Shodan also searches for vulnerabilities for the versions of the services that are running on that

32
03:39.410 --> 03:41.280
host. For example

33
03:41.330 --> 03:47.180
these are the vulnerabilities for the services that are running on this IP address.