Shodan
August 10, 2023 · 7 minute read
Overview
Getting Started
poptropica.com
is shown below.
PS C:\Users\sdao7> nslookup
Default Server: umbrella1.sc.edu
Address: 10.49.220.212
> poptropica.com
Server: umbrella1.sc.edu
Address: 10.49.220.212
Non-authoritative answer:
Name: poptropica.com
Addresses: 3.161.150.29
3.161.150.59
3.161.150.93
3.161.150.26
- 1. Hostnames: server-3-161-150-29.atl59.r.cloudfront.net - This is the hostname of the server being reported. Poptropica is being hosted under the
cloudfront.net
domain which indicates that it's using Amazon CloudFront, a content delivery network (CDN) service provided by Amazon Web Services (AWS). - 2. Domains: cloudfront.net - Again, this indicates that the server is part of Amazon's CloudFront service.
- 3. Cloud Provider: Amazon - Once again, confirms that the server is hosted on Amazon Web Services.
- 4. Cloud Region: GLOBAL - Signifies that the server is part of a global CDN.
- 5. Cloud Service: CLOUDFRONT - The server is using Amazon CloudFront to cache content.
- 6. Country: United States - Denotes the country in which the server is physically located, in this case, the United States.
- 7. City: East Point - Specifies the city in the United States where the server is located, specifically East Point.
- 8. Organization: Amazon Inc. - The organization responsible for this server is Amazon Inc.
- 9. ISP: Amazon Inc. - The Internet Service Provider (ISP) responsible for this server is also Amazon.
- 10. ASN: AS16509 - The Autonomous System Number for this server is AS16509.
Autonomous System Numbers
asn:[ASN QUERY]
, revealing that a total of 176,230,305 websites belong to this ASN. Being able to filter by ASN in Shodan is especially useful since we can combine this with other filters to identify vulnerable or misconfigured devices within a company. Below is the search results when searching for: AS16509
Filters
- Country and Location Filters: Shodan enables users to target devices based on their geographical location. From country, to cities and states, Shodan allows us to search for IoT devices in different regions.
- Device Type Filters: Shodan allows us to narrow down searches to particular types of devices such as webcams, routers, servers, and more. This is useful in the where we want to search for certain vulnerable devices, for example IP cameras.
- Port Filters: Devices communicate through specific ports, and some applications have default ports that they communicate on. Shodan's port filters allow users to search for devices using a particular port, helping to identify vulnerabilities associated with specific applications and services.
- Operating System Filters: Shodan allows us to detect certain operating systems running on devices. This information is especially useful for pinpointing devices using outdated or vulnerable operating systems.
- Vulnerability Filters: One of the most nefarious filters, this is an incredibly versatile and crucial filter that allows users to identify devices that are potentially vulnerable to specific security vulnerabilities. Note that this feature is restricted to business members to prevent malicious actors from exploiting this information.