WHAT IS SHODAN EYE?
Shodan Eye collects and return all information about every devices that are directly connected to the internet and according to the keywords your entered. The types of devices that are indexed can vary enormously. It can be from small desktops to refrigerators or either nuclear power plants, web cams, water treatment facilities, coffee machines, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs and much more. Actually we can say everything you could possibly imagine that's plugged into the internet.
There are already over 10 billion connected devices active today, and that figure is expected to reach 64 billion by 2025. Shodan runs its scans 24/7, ensuring all its data is up to date. Shodan has picked up support for IPv6 addresses, but you won’t see those as often you can see IPv4.
With Shodan Eye, you can find everything using "your own" specified keywords. Shodan queries examples can be found in the file attached in the Github repository named Shodan_Dorks_The_Internet_of_Sh*t.txt
The information obtained with Shodan Eye can be applied in many areas such as:
- Network security, keep an eye on all devices in your company or at home that are connected to internet
- All sort off vulnerabilities
WHAT IS SHODAN?
Is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc ...) currently connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the device sends back to the client.
Shodan terrifies non-technical people who don't understand how the internet works. CNN called Shodan the "Scariest search engine on the internet" in 2013. Which is definitely of no sense since attackers intent on causing harm don't need Shodan to find targets.
Beware of the attacks on your own devices! A quick search for the term "default password" reveals countless printers, servers and system control devices that use "admin" as their user name and "1234" as their password. In many cases it doesn't even have a password, and you leave it blank. Until today, many connected systems require no credentials at all!
WHAT IS THE DIFFERENCE BETWEEN GOOGLE OR ANOTHER SEARCH ENGINE?
The most fundamental difference is that Shodan Eye analyzes the Internet, while Google analyzes the World Wide Web. Moreover, the devices connected to the World Wide Web are only a small part of what is really connected to the Internet.
SHODAN API KEY
For additional data gathering, you can enter a Shodan API key when prompted. A Shodan API key can be found in here. Once your account has been confirmed you will receive your own API Key.
Pay attention - Make sure that your Shodan API key you are entering is valid. I personally recommended to take out a paid subscription, but however a free account is sufficient to do a lots of things.
The current version of Shodan Eye use Python 2.7 but another version using Python 3 is scheduled.
Install Shodan Eye on Linux
git clone https://github.com/BullsEye0/shodan-eye.git cd shodan-eye pip install -r requirements.txt
Use Shodan Eye
After entering the above command you will be prompted to enter your Shodan API Key. That's all, it's now the time for you to enjoy. For more information please feel free to visit the Github repository.
If you have any questions about this article, any feedback, suggestion, if you want to share your thoughts with us or either if you would like to join the community and contribute, please feel free to do it using the below comment form.