Page 39 - index
P. 39
Shodan - The New Search Engine
Shodan is an online search engine that does not search for a specific web page like Google or
Bing, but instead uses banner. The site looks for nodes (routers, servers, etc.) on the internet
using a variety of filters such as banners, ip address, and host names in order to find a device
connected to the internet. The online search engine has raised many security and privacy
concerns for individuals, causing many in the media to call the site the scariest search engine
on the internet or the Dark Google. Shodan or the Dark Google has been related to a wide
variety of hacks such as baby monitors, traffic lights and power plants. Even with the site
neglected publicity Shodan has provided to be a useful tool for government officials and security
researchers to find devices that should not be on the internet.
Shodan is the world’s first computer search engine created by a web developer named John
Matherly in 2003, who came up with the idea of searching for nodes (devices linked to the
internet). The name Shodan stands for Sentient Hyper-Optimized Data Access Network, John
came up with the name from a video game series called System Shock, which the objective was
to defeat a super computer named Shodan. The website started as Matherly’s pet project,
based on the fact that large numbers of devices and computer system are connected to the
Internet. While most search engines such as Google, Yahoo, and Bing searches the for data on
webpages and later indexes the information gathered, Shodan searches for ports and grabs the
resulting banners (meta-data the server sends back to the client), and later indexes the banner
instead of the web content (Schearer).
Instead of being able to find certain content on a term such as dogs, Shodan is able to help
different nodes (desktop, servers, routers, switches, hub, etc.) with specific information in the
devices’ banner. If a user would like to optimize the results received from the search bar in
Shodan some basic knowledge is helpful, such as being able to tell what type of device you are
connected to and the operating system being used. The site takes advantages of boolean
operators ('+', '-' and '|') to include/exclude certain terms, the site begins with '+'operator by
default. Shodan offers a total of five different filters to a search entry which can be used
separately or together, the filters include: country, hostname, net, os, and port. The country filter
tries to find a specify node in a certain country like China, the hostname filters text in either the
hostname or banner, net deals with IP address or subnets, OS looks for specific operating
systems such as windows, and the port filter looks at the port number connected to the web
such as port 80, at the moment port number is limited to a few different ports 21(ftp), 22(SSH),
23(Telnet), and of course 80(HTTP) (Schearer).
One of the beauties of Shodan is that the site allows users to find system such as traffic lights,
security cameras, and home heating systems as well as control system for water parks, gas
stations, and water plants. The real issue is not that these devices can be viewed by the website
Shodan, but that nodes on which should not be accessibly on the internet remotely by
unauthorized users. John Matherly has noted that it is shocking to see how many nodes use the
default username (admin) and passwords (1234 or abcd) as their secure login, with the only
other requirement necessary to connect these system is a web browser to telnet into the node.
39 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
