What is Shodan?
Shodan is named after a character in the video game series System Shock, but can also be seen as an abbreviation for “Sentient Hyper-Optimised Data Access Network”. It is a search engine that scans the Internet for permanently connected devices and systems with publicly accessible ports.
The results found are collected in a database that the user can search by specific terms and filter criteria. Shodan is often referred to as the search engine for the Internet of Things (IoT).
Discoverable devices and systems include surveillance cameras, servers, smart home systems, industrial controllers, traffic light and traffic control systems, and various network components. To locate the devices, the search engine scans the Internet for accessible IP addresses and open ports.
For example, it searches for open HTTP or HTTPS ports and other server ports for protocols such as FTP, SSH, SNMP, Telnet, RTSP or SIP. Shodan can be used for purposes such as IT security analysis, penetration testing, law enforcement, hacking, or market research. Depending on whether a user is registered, different functionalities are available to him. Simply searching the Internet for publicly accessible devices or systems is not punishable.
However, as soon as an attempt is made to penetrate systems that have been found and to bypass security mechanisms or exploit security vulnerabilities, this is generally subject to criminal prosecution. The search engine was created in 2009 by software developer John Matherly.
How the IoT search engine Shodan works and what it can search for
Shodan scans IP addresses connected to the Internet for open ports and analyzes the results. These are entered into a database that users can search for specific keywords and filter by criteria. For example, the database can be searched for terms such as “webcam”, “smart TV”, “printer” or “MongoDB”. If entries are found for the terms, Shodan displays them with some additional information.
Among other things, IP addresses and ports through which the devices can be reached are displayed. The search engine also provides an overview of the categories “Top Countries”, “Top Services”, “Top Organizations”, “Top Operating Systems” and “Top Products” with the number of devices found per category. If you have an account, you can use filters to further narrow down the results. Filters are for example “city:Hamburg”, “country:Germany” or “os:Windows” and others.
In addition to the pure search, Shodan offers several other functions. For example, the Explore function allows you to explore the search behavior of other users. For example, the most frequently used search terms can be listed.
Restrictions for users without an account
Without an account, the search engine can be used in principle, but the functions and search options are severely limited. If Shodan is to be used with full rights, the user must disclose information about himself and register for a fee. This is intended to curb misuse. Registered users have search options such as “Title”, “HTML”, “Product”, “Net”, “Version”, “Port”, “OS”, “Country” or “City”. While the search engine only outputs a limited number of search results for free, users with a paid account receive complete lists of results. Other paid options include access to the database via an application programming interface (API) or special checking plug-ins.
Possible uses of the search engine
Shodan can be used for many different purposes. The main areas of application are:
- IT security analysis
- Research purposes
- Penetration testing
- Law enforcement
- Detection of security holes and device vulnerabilities
- Privacy vulnerability testing
- Review of your own smart home or IoT environment
- Security checks of industrial equipment and control systems