1
00:00:00,330 --> 00:00:06,990
OK, so the next tool for opensource reconnaissance is called Shodan is the website, a shot in the

2
00:00:06,990 --> 00:00:10,310
eye and is actually known as the hacker is Google.

3
00:00:10,560 --> 00:00:15,870
And this because it's a site that literally has information about almost every single device connected

4
00:00:15,870 --> 00:00:16,610
to the Internet.

5
00:00:17,370 --> 00:00:23,700
You can find a valuable information about targets and they discover vulnerabilities that are affected

6
00:00:23,700 --> 00:00:24,380
by them.

7
00:00:24,390 --> 00:00:27,040
And this is all open source intelligence.

8
00:00:27,070 --> 00:00:28,980
OK, so let's go ahead and check out showed.

9
00:00:28,980 --> 00:00:30,750
And this is the home page, the should.

10
00:00:30,750 --> 00:00:36,660
And I really think these guys should go there and actually check it out and search around and actually

11
00:00:36,660 --> 00:00:38,910
create an account because you get a little bit more of access.

12
00:00:39,210 --> 00:00:43,470
But typically you want to come here to search something like an IP address, like a specific server.

13
00:00:43,480 --> 00:00:50,280
So let's say like you're doing a penetration test for a company and you have their domain name, you

14
00:00:50,280 --> 00:00:53,230
want to go ahead and figure out what the what the actual IP address.

15
00:00:53,340 --> 00:00:59,130
You just do a quick, like, DNS lookup and figure out the exact IP address of that domain and type

16
00:00:59,130 --> 00:00:59,520
it in here.

17
00:00:59,520 --> 00:01:04,340
So for just for this example right here, I'm just going to do the Google DNS or the public one that

18
00:01:04,650 --> 00:01:05,420
anyone can use.

19
00:01:05,610 --> 00:01:06,480
So it just eight.

20
00:01:06,480 --> 00:01:07,910
Daddy, Daddy, Daddy.

21
00:01:08,310 --> 00:01:12,540
And we're going to search and see that it came up with a specific machine.

22
00:01:12,570 --> 00:01:14,430
So right now, is it necessary?

23
00:01:14,460 --> 00:01:20,850
So, of course, you know, Port fifty three is going to be open on that.

24
00:01:20,850 --> 00:01:23,190
So we have, you know, the country of origin.

25
00:01:23,190 --> 00:01:25,680
We organization, Internet service providers.

26
00:01:25,680 --> 00:01:29,400
Also Google, you know, the last one that this was updated.

27
00:01:29,400 --> 00:01:33,660
We have hostname information and what you might see with some other systems.

28
00:01:33,660 --> 00:01:37,950
I'm not going to show you any public systems that might have vulnerabilities, but what you'll see over

29
00:01:37,950 --> 00:01:43,020
here is like, you know, hey, this vulnerability might be susceptible to this vulnerability because

30
00:01:43,020 --> 00:01:45,820
it actually goes through and actually like looks for these things.

31
00:01:45,820 --> 00:01:48,750
So it's pretty neat and it's a pretty powerful tool.

32
00:01:48,750 --> 00:01:53,100
And I believe that you can also type in, you know, like different like code names and such as well,

33
00:01:53,100 --> 00:01:55,490
are you URLs and find things here, too.

34
00:01:56,190 --> 00:01:59,660
I'm not going to show you too much because you never know what you could find when you start something

35
00:01:59,690 --> 00:02:00,000
on here.

36
00:02:00,000 --> 00:02:02,130
So be very careful.

37
00:02:02,310 --> 00:02:06,570
Once again, I'm not giving you permission to do anything malicious, but when you're doing open source

38
00:02:06,570 --> 00:02:10,710
intelligence research and you need to find information about a public site, I definitely recommend

39
00:02:10,710 --> 00:02:12,150
that you guys check out Shodan and.