InfoSecLabs
  • Information Security Labs
  • Cryptography
    • Introduction to OpenSSL/LibreSSL
    • Symmetric cryptography
    • Asymmetric cryptography
    • Hashes and Message Authentication Codes
    • Elliptic Curve Cryptography
    • Diffie-Hellman (DH)
    • Digital Signatures
    • Digital Certificates
    • S/MIME
    • OCSP - Online Certificate Status Protocol
    • SSL/TLS
  • Passwords
    • Understanding and attacking password-based systems
    • THC-Hydra
    • John the Ripper
    • Hashcat
  • Vulnerability Testing
    • Introduction to vulnerability testing
    • Reconnaissance and Footprinting
      • OSINT
      • Maltego
      • Recon-ng
      • theHarvester
      • dmitry
    • Scanning and Enumeration
      • Nmap
      • Hping3
    • Vulnerability Identification and Analysis
      • OpenVAS
        • OpenVAS Architecture
        • Installing OpenVAS on Kali Linux
        • Starting and Stopping OpenVAS
        • Navigating through OpenVAS
        • Scanning a target
      • Nessus
  • Vulnerability Exploitation
    • About the Metasploit Framework
    • Basics of Metasploit Framework
    • Exploitation with Metasploit Framework
      • vsftp Backdoor Vulnerability [CVE-2011-2523]
      • UnrealIRCd backdoor [CVE-2010-2075]
      • distCC RCE [CVE-2004-2687]
      • Java RMI Server Insecure Default Configuration RCE Vulnerability
      • VNC Brute Force Login
      • MySQL / MariaDB Default Credentials (MySQL Protocol)
      • SAMBA (Samba “username map script” Command Execution)
      • Tomcat (Apache Tomcat Manager Application Deployer Authenticated Code Execution)
      • Apache (CGI Argument Injection)
      • Windows Eternalblue [CVE-2017-143,144,145,146,148]
    • Create payload to exploit users
  • Application Security
    • DVWA - Damn Vulnerable Web Application
      • Introduction
      • Setup
      • Web Apps Vulnerability Testing
        • Brute-Force
        • Command Injection
        • File inclusion
        • File upload
        • SQL Injection
        • SQL Injection (Blind)
        • XSS (Reflected)
        • XSS (Stored)
  • Social Engineering
Powered by GitBook
On this page
  • Google Hacking Database (GHDB)
  • Shodan
  1. Vulnerability Testing
  2. Reconnaissance and Footprinting

OSINT

PreviousReconnaissance and FootprintingNextMaltego

Last updated 1 year ago

One of the important ways of gathering information about targets is through the usage of open sources of information. This is often designated as open-source intelligence. It consists on using available open sources of information that can be used to gather information that is publicly available about a target.

Google Hacking Database (GHDB)

is actually a database with a set of pre-formatted queries that might be used in the Google search engine to search for interesting information.

You may look and try other queries.

Shodan

This search engine is quite interesting and allows you to query for products and services all around the world. As per the description presented above, everything that is connected to the Internet is indexed by Shodan.

Here are some interesting queries you might try:

You may also use Shodan from the command line interface. This is already include in Kali Linux.

shodan

Will display the help of the command.

Usage: shodan [OPTIONS] COMMAND [ARGS]...

Options:
-h, --help  Show this message and exit.

Commands:
alert       Manage the network alerts for your account
convert     Convert the given input data file into a different format.
count       Returns the number of results for a search
data        Bulk data access to Shodan
domain      View all available information for a domain
download    Download search results and save them in a compressed JSON...
honeyscore  Check whether the IP is a honeypot or not.
host        View all available information for an IP address
info        Shows general information about your account
init        Initialize the Shodan command-line
myip        Print your external IP address
org         Manage your organization's access to Shodan
parse       Extract information out of compressed JSON files.
radar       Real-Time Map of some results as Shodan finds them.
scan        Scan an IP/ netblock using Shodan.
search      Search the Shodan database
stats       Provide summary information about a search query
stream      Stream data in real-time.
version     Print version of this tool.

Before using this command you need to create a Shodan account and use the provided API key to initialize the tool.

shodan init <APIKEY>

After that you can start querying Shodan:

shodan search "Asus"

Which will produce the required results:

59.15.209.238   21              220 Welcome to ASUS RT-AX88U FTP service.\r\n530 Login incorrect.\r\n530 Please login with USER and PASS.\r\n211-Features:\n EPRT\n EPSV\n MDTM\n PASV\n ICNV\n REST STREAM\n SIZE\n TVFS\n UTF8\n211 End\r\n   
176.213.162.216 21      176x213x162x216.dynamic.tula.ertelecom.ru       220 Welcome to ASUS RT-N65U FTP service.\r\n530 This FTP server does not allow anonymous logins.\r\n331 Please specify the password.\r\n530 Please login with USER and PASS.\r\n        
89.78.178.2     21              220 Welcome to ASUS RT-AC68U FTP service.\r\n530 This FTP server does not allow anonymous logins.\r\n331 Please specify the password.\r\n530 Please login with USER and PASS.\r\n       
73.93.48.206    21      c-73-93-48-206.hsd1.ca.comcast.net      220 Welcome to ASUS RT-AC3200 FTP service.\r\n530 This FTP server does not allow anonymous logins.\r\n331 Please specify the password.\r\n530 Please login with USER and PASS.\r\n      
211.44.40.126   21              220 Welcome to ASUS RT-AC58U FTP service.\r\n530 Login incorrect.\r\n530 Please login with USER and PASS.\r\n211-Features:\n EPRT\n EPSV\n MDTM\n PASV\n ICNV\n REST STREAM\n SIZE\n TVFS\n UTF8\n211 End\r\n   
23.91.196.101   21      router.asus.com;23-91-196-23-91-196-101.cpe.sparklight.net      220 Welcome to ASUS RT-AX86U FTP service.\r\n530 Login incorrect.\r\n530 Please login with USER and PASS.\r\n211-Features:\n AUTH TLS\n EPRT\n EPSV\n MDTM\n PASV\n ICNV\n PBSZ\n PROT\n REST STREAM\n SIZE\n TVFS\n UTF8\n211 End\r\n

Please beware that since we are using free Shodan accounts functionalities and results will be quite limited.

Also, since Shodan is a commercial service, the terms and conditions of the free tier of the service may change without notice, and some of the functionalities reported here might not work.

Here are some "interesting" that you might try, as a way to obtain information from the search engine:

Another important source of open-source intelligence is . Shodan is a search engine for Internet-connected devices. Shodan gathers information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet then Shodan queries it for various publicly-available information. The types of devices that are indexed can vary tremendously: ranging from small desktops up to nuclear power plants and everything in between.

You may try to conduct some queries on the search engine. It is important that you to use it properly.

The terms and conditions of the usage of Shodan are listed .

Google
inurl:/intranet/login.php
site:pastebin.com "admin password"
site:pastebin.com "*@gmail.com password"
intitle:"webcamXP" inurl:8080
db_password filetype:env
inurl:viewer/live/index.html
intitle:"Roteador Wireless" inurl:login.asp
Shodan
read the search query fundamentals
Hacked Web Sites
Samsung Smart TV
Asus routers in Portugal
in this page
Google Hacking Database (GHDB)