Most search engines index all kinds of contents, not only web pages and services. You may use them to find open web cams, printers that can be remotely controlled or other devices connected to the Internet that either are not protected at all and therefore publicly accessible, or using protection that is not very secure, for instance when the authentication information are contained in the source of when the devices use known default passwords.
Shodan is a search engine for vulnerable Internet devices, a specialized search engine so to say that crawls the web exclusively for devices that are accessible publicly in one way or the other. The search engine concentrates on SCADA (supervisory control and data acquisition) systems and findings range from stand alone workstations to wide area networking configurations.
One of the best ways to get started using the search engine is to either take the tour, or click on one of the popular search queries displayed by the search engine on its front page. Examples include a search for routers that use the default admin password, web services that use default passwords, anonymous ftp servers or Cisco devices that do not require authentication at all.
The engine works pretty much like any other search engine out there but with a few extras to customize queries further. The filters page on the official website highlights available filters that you can use. This includes filters to specify ports, host names, locations or operating systems. The command country:us port:23 searches the service's database for Telnet ports in the US.
You can filter by country or service right from the main page by clicking on the down arrows beneath the search form. Here you can select one or multiple countries that you want to include in the search as well as popular services.
Shodan makes available contents that are publicly available. It does not crack, hack or decrypt information to make the services available, it only adds information that it finds to its database and makes that database available for searches. There is a high chance that the information that it finds get used by malicious users and organizations, but also by security researchers and businesses. One effect that Shodan may have is to bring security more into the focus of the public.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.