1 00:00:00,330 --> 00:00:06,990 OK, so the next tool for opensource reconnaissance is called Shodan is the website, a shot in the 2 00:00:06,990 --> 00:00:10,310 eye and is actually known as the hacker is Google. 3 00:00:10,560 --> 00:00:15,870 And this because it's a site that literally has information about almost every single device connected 4 00:00:15,870 --> 00:00:16,610 to the Internet. 5 00:00:17,370 --> 00:00:23,700 You can find a valuable information about targets and they discover vulnerabilities that are affected 6 00:00:23,700 --> 00:00:24,380 by them. 7 00:00:24,390 --> 00:00:27,040 And this is all open source intelligence. 8 00:00:27,070 --> 00:00:28,980 OK, so let's go ahead and check out showed. 9 00:00:28,980 --> 00:00:30,750 And this is the home page, the should. 10 00:00:30,750 --> 00:00:36,660 And I really think these guys should go there and actually check it out and search around and actually 11 00:00:36,660 --> 00:00:38,910 create an account because you get a little bit more of access. 12 00:00:39,210 --> 00:00:43,470 But typically you want to come here to search something like an IP address, like a specific server. 13 00:00:43,480 --> 00:00:50,280 So let's say like you're doing a penetration test for a company and you have their domain name, you 14 00:00:50,280 --> 00:00:53,230 want to go ahead and figure out what the what the actual IP address. 15 00:00:53,340 --> 00:00:59,130 You just do a quick, like, DNS lookup and figure out the exact IP address of that domain and type 16 00:00:59,130 --> 00:00:59,520 it in here. 17 00:00:59,520 --> 00:01:04,340 So for just for this example right here, I'm just going to do the Google DNS or the public one that 18 00:01:04,650 --> 00:01:05,420 anyone can use. 19 00:01:05,610 --> 00:01:06,480 So it just eight. 20 00:01:06,480 --> 00:01:07,910 Daddy, Daddy, Daddy. 21 00:01:08,310 --> 00:01:12,540 And we're going to search and see that it came up with a specific machine. 22 00:01:12,570 --> 00:01:14,430 So right now, is it necessary? 23 00:01:14,460 --> 00:01:20,850 So, of course, you know, Port fifty three is going to be open on that. 24 00:01:20,850 --> 00:01:23,190 So we have, you know, the country of origin. 25 00:01:23,190 --> 00:01:25,680 We organization, Internet service providers. 26 00:01:25,680 --> 00:01:29,400 Also Google, you know, the last one that this was updated. 27 00:01:29,400 --> 00:01:33,660 We have hostname information and what you might see with some other systems. 28 00:01:33,660 --> 00:01:37,950 I'm not going to show you any public systems that might have vulnerabilities, but what you'll see over 29 00:01:37,950 --> 00:01:43,020 here is like, you know, hey, this vulnerability might be susceptible to this vulnerability because 30 00:01:43,020 --> 00:01:45,820 it actually goes through and actually like looks for these things. 31 00:01:45,820 --> 00:01:48,750 So it's pretty neat and it's a pretty powerful tool. 32 00:01:48,750 --> 00:01:53,100 And I believe that you can also type in, you know, like different like code names and such as well, 33 00:01:53,100 --> 00:01:55,490 are you URLs and find things here, too. 34 00:01:56,190 --> 00:01:59,660 I'm not going to show you too much because you never know what you could find when you start something 35 00:01:59,690 --> 00:02:00,000 on here. 36 00:02:00,000 --> 00:02:02,130 So be very careful. 37 00:02:02,310 --> 00:02:06,570 Once again, I'm not giving you permission to do anything malicious, but when you're doing open source 38 00:02:06,570 --> 00:02:10,710 intelligence research and you need to find information about a public site, I definitely recommend 39 00:02:10,710 --> 00:02:12,150 that you guys check out Shodan and.