Let's have fun with Shodan!
Written 3-29-2021 by Dio9sys
-._.-._.-._.-._.-._.-._.-._.-
Today Shodan.io was having a sale. To celebrate
4 years of existence, they were giving membership
for only $4!
Of course, I had to jump on that.
But, like....what do you do with Shodan????
To be honest, I wasn't sure. I knew I wanted to
see if there were any open jenkins servers, and I
wanted to see what random things I could find, but
really I was just excited to have such a powerful
tool.
Then I found this github page:
https://github.com/jakejarvis/awesome-shodan-queries
That gave me a LOT of ideas.
So, tonight, I've found the following things:
* electronic billboards with Dairy Queen ads
* submarine control panel
* login page for some wind farm in Germany
* Maitre'D POS login page for a random company
(possibly a honey pot? Not sure)
* some kind of open login screen for an old gentoo
machine
It feels INCREDIBLY naughty, but I'm making sure I only
touch the pages that are completely unsecure. Anything
past that and I'm preeeettty sure it's against the
computer fraud and abuse act, which is a line I don't
want to cross at the moment, since I have a good
job and in general would not do well in jail.
Either way, it's a ton of fun!
If you have any ideas for fun searches to do, message
me @dio9sys and start the message with "I have a cool
shodan search to do."
Anyway, I'm getting back to it. It's a beautiful evening
to listen to Dual Core and look for weird open servers.