Scribd Logo
Upload

Welcome to Scribd!

  • 332 views

    Shodan Cheat Sheet

    Uploaded by

    Shármílá Ferdinandes
    This document provides a cheat sheet for using filters on the Shodan search engine. It lists several categories of filters including general filters, HTTP filters, NTP filters, SSL filters, Telnet filters, and examples of Shodan search filters. Some of the key filters described are geo filters to search by location, hash filters to search by data property hash, and category filters to search by device type or category.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Shodan Cheat Sheet

    Uploaded by

    Shármílá Ferdinandes
    332 views1 page
    This document provides a cheat sheet for using filters on the Shodan search engine. It lists several categories of filters including general filters, HTTP filters, NTP filters, SSL filters, Telnet filters, and examples of Shodan search filters. Some of the key filters described are geo filters to search by location, hash filters to search by data property hash, and category filters to search by device type or category.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a cheat sheet for using filters on the Shodan search engine. It lists several categories of filters including general filters, HTTP filters, NTP filters, SSL filters, Telnet filters, and examples of Shodan search filters. Some of the key filters described are geo filters to search by location, hash filters to search by data property hash, and category filters to search by device type or category.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    332 views1 page

    Shodan Cheat Sheet

    Uploaded by

    Shármílá Ferdinandes
    This document provides a cheat sheet for using filters on the Shodan search engine. It lists several categories of filters including general filters, HTTP filters, NTP filters, SSL filters, Telnet filters, and examples of Shodan search filters. Some of the key filters described are geo filters to search by location, hash filters to search by data property hash, and category filters to search by device type or category.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Ethical Hacking and Countermeasures

    Certified Ethical Hacker

    Shodan Cheat Sheet

    Shodan Shodan is a search engine for Internet-connected devices. It is a great resource to provide passive reconnaissance on a target. It also provides a public API that allows other tools to access all the Shodan’s data
    Source: https://www.shodan.io

    2. HTTP Filters 5. Telnet Filters


    Filter Description Filter Description
    Name of web technology used on the telnet.option
    http.component Search all the op�ons
    1.General Filters 4. SSL Filters website
    2. HTTP Filters 5. Telnet Filters Category of web components used on the The server requests the client do support these
    http.component_category telnet.do op�ons
    3. NTP Filters 6. Shodan Search Filters Examples website
    http.html The server requests the client to not support these
    HTML of web banners telnet.dont
    op�ons
    1. General Filters http.html_hash Hash of the website HTML telnet.will The server supports these op�ons
    Filter Description
    http.status Response status code
    telnet.wont The server does not support these op�ons
    after Only show results a�er the given date
    (dd/mm/yyyy) string Title for the web banners website
    http.title
    Example : �tle:"+tm01+" has_Screenshot:true
    asn Autonomous system number string 6. Shodan Search Filters Examples
    Only show results before the given date
    before Filter Description
    (dd/mm/yyyy) string 3. NTP Filters
    voIP For footprin�ng VoIP
    category Available categories: ICS, malware string Filter Description
    Name of the city string VPN For footprin�ng VPN
    city ntp.ip Domain Brute Force Enumera�on
    Example: cisco city:"New York"
    linux upnp avtech For exploi�ng cams
    country
    The 2-le�er country code string ntp.ip_count Number of IPs returned by ini�al monlist
    Example: webcamxp country:"US"
    netcam For exploi�ng netcam
    True/ False; whether there are more IP
    Accepts between 2 and 4 parameters. ntp.more
    If 2 parameters: la�tude, longitude. addresses to be gathered from monlist
    “default password” For Default Passwords
    If 3 parameters: la�tude, longitude, range
    geo If 4 parameters: top le� la�tude, top le� ntp.port Port used by IP addresses in monlist
    To find exploits for various os, servers, pla�orms,
    longitude, bo�om right la�tude, bo�om right iis source:ExploitDB
    applica�ons etc present on ExploitDB or Metasploit
    longitude
    Example: Webcamxp geo:“ -50.81,201.80” netgear port:80 To find Netgear devices
    4. SSL Filters
    hash Hash of the data property integer
    Filter Description Android Webcam
    To find android webcam server
    Server-Authenticate
    has_ipv6 True/ False boolean has_ssl True / False
    port:8333 To find Bitcoin server
    has_screenshot True/ False boolean ssl Search all SSL data
    Server:Thin-3.2.11-3.1.10-3 Ruby on Rails Vulnerable Server(CVE-2013-0156 and
    Applica�on layer protocols such as HTTP/2
    hostname The full hostname for the device string ssl.alpn .0.19-2.3.15 CVE-2013-0155)
    ("h2")
    Jetty 3.1.8(Windows 2000
    ssl.chain_count Number of cer�ficates in the chain 5.0 ×86)”200 OK”
    DNSSEC zone walk with standard enumera�on
    ip Alias for net filter string
    Possible values: SSLv2, SSLv3, TLSv1,TLSv1.1,
    isp ISP managing the netblock string ssl.version port:5353 To find DNS service
    TLSv1.2
    Network range in CIDR notation (ex. ssl.cert.alg Cer�ficate algorithm iRidium To search for vulnerable ICS systems
    net
    199.4.1.0/24) string
    ssl.cert.expired True / False port:502 To Search for Modbus enabled ICS/SCADA systems:
    org The organization assigned the netblock string
    ssl.cert.extension Names of extensions in the cer�ficate “Schneider Electric” Search for SCADA systems using PLC name
    os Operating system string Serial number as an integer or hexadecimal
    ssl.cert.serial To detect Schneider Electric TM221 PLCs connected to
    string TM221ME16R
    Port number for the service integer the Internet
    port
    Example: https port:443 ssl.cert.pubkey.bits Number of bits in the public key
    SCADA Country:"US" Search for SCADA systems using geoloca�on
    postal Postal code (US-only) string ssl.cert.pubkey.type Public key type
    port:20000 To Search for ICS-specific protocol DNP3
    product Name of the software/ product providing the ssl.cipher.version SSL version of the preferred cipher
    banner string
    ssl.cipher.bits Number of bits in the preferred cipher
    region Name of the region/ state string
    ssl.cipher.name Name of the preferred cipher
    state Alias for region string

    version Version for the product string

    vuln CVE ID for a vulnerability string


    Example: vuln:cve-2014-0160

    www.eccouncil.org/ceh Over 50% Of Professionals Received Promo�ons a�er C|EH 01

    You might also like