10 December 2009

SHODAN for Penetration Testers: an update

I'm currently working on a presentation entitled SHODAN for Penetration Testers which is being designed as a primer for SHODAN and its application to security and penetration testing. In the midst of preparing the presentation, I spoke via email with achillean, SHODAN's developer, who shed some light on a couple of issues:

1. SHODAN now accepts the boolean operators + (which in this case translates to AND) and - (which translates to NOT). Actually, + is implied by default. So using two search terms by themselves is the equivalent of using AND. The example achillean used was apache -"401 Unauthorized" which translates to "results with apache that do not include 401 Unauthorized".

2. SHODAN also accepts wildcards, for example, "Apache/1.3.*".

3. As I stated before, search results are limited (in this case to five pages, or 100 results). achillean stated that the point is to give a sense about the total number of hosts and provide some example data (i.e. it's for vulnerability assessment, not botnet creation). This is a really good point, and it also helps to limit users who are trying to enumerate large numbers of hosts.

A few other points to note:

Over at PenTestIT they're aggregating some of the more interesting SHODAN queries that have been developed so be sure to check it out.

SHODAN for Penetration Testers is nearly finished, and I hope find a place to present it soon. In the meantime, I hope to be able to post some of the material I've collected over the past few weeks in the very near future!

If you find SHODAN useful, I think it would be helpful to provide feedback to achillean via the feedback link at http://shodan.surtri.com/ or via Twitter. You should also consider donating, as I plan to do in the very near future.

As always, comments and suggestions are appreciated.
Post a Comment