Shodan Dorks

[taibeihacker]

Shodan Dorks by twitter.com/lothos612​

随时提出建议

Shodan Dorks​

Basic Shodan Filters​

city:​

在特定城市中查找设备。城市:'Bangalore'

country:​

在特定国家找到设备。 country:'in'

geo:​

通过提供地理坐标来查找设备。 GEO:'56.913055,118.250862'

Location​

country:U country:ru country:de City:Chicago

hostname:​

查找与主机名相匹配的设备。 server:“ gws” hostName:'google'hostName:Example.com -hostname:subdomain.example.com hostname:Example.com，example.org

net:​

根据IP地址或/X CIDR查找设备。 NET:210.214.0.0/16

Organization​

org:microsoft org:'united States native'

Autonomous System Number (ASN)​

ASN:ASXXXX

os:​

基于操作系统查找设备。 OS:'Windows 7'

port:​

基于开放端口查找设备。ProftPD端口:21

before/after:​

在给定时间之间或之后查找设备。 Apache After :22/02/2009之前:14/3/2010

SSL/TLS Certificates​

自签名证书
已过期的证书SSL.CERT.EXED:TRUE
ssl.cert.subject.cn:example.com

Device Type​

device:firewall device:router device:wap device:webcam device:media device:broadband router' devicebx devicerinter device:switch device:storage device:specialized devicehone device:'voip' device:'voip phone' device:'voip adaptor' device:'load balancer' device:'print server' device:terminal device:remote device:telecom deviceower deviceroxy deviceda Device:Bridge

Operating System​

OS:'Windows 7'OS:'Windows Server 2012'OS3:'linux 3.x'

Product​

product:Apache Producs:NGINX PRODECT :android Product : Chromecast

Customer Premises Equipment (CPE)​

CPE:Apple CPE:Microsoft CPE:NGINX CPE:CISCO

Server​

Server: Nginx Server: Apache Server: Microsoft Server: Cisco-ios

ssh fingerprints​

dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e83:c0

Web​

Pulse Secure​

http.html:/dana-na

PEM Certificates​

http.title:'Index of /'http.html3:'.pem'

Tor / Dark Web sites​

洋葱安装

Databases​

MySQL​

'product:mysql'mysql port:'3306'

MongoDB​

'product:mongodb'mongodb port:27017

Fully open MongoDBs​

'mongodb服务器信息{'Metrics':''set-cookie: mongo-express='''200 ok'ok''''''mongodb服务器信息'port:27017 -authentication

Kibana dashboards without authentication​

Kibana Content-Legth:217

elastic​

port:9200 JSON PORT:'9200'ALL:

Memcached​

'Product:Memcached'

CouchDB​

'product:Couchdb'port:'5984'+server:'Couchdb/2.1.0'

PostgreSQL​

'port:5432 Postgresql'

Riak​

'port:8087 riak'

Redis​

'Product:Redis'

Cassandra​

'Product:Cassandra'

Industrial Control Systems​

Samsung Electronic Billboards​

'Server: Prismview Player'

Gas Station Pump Controllers​

'tank库存'端口:10001

Fuel Pumps connected to internet:​

无需访问CLI终端的验证。 “特权命令”获取

Automatic License Plate Readers​

p372“启用ANPR”

Traffic Light Controllers / Red Light Cameras​

Mikrotik路灯

Voting Machines in the United States​

'选民系统串行'country:us

Open ATM:​

可以允许ATM访问可用性NCR端口:'161'

Telcos Running Cisco Lawful Intercept Wiretaps​

'Cisco IOS''advipservicesk9_li-m'

Prison Pay Phones​

'[2J [Hencartele机密'

Tesla PowerPack Charging Status​

http.title:'tesla powerpack系统'http.component:'d3'-ga3ca4f2

Electric Vehicle Chargers​

'server: gsoap/2.8'content-Length: 583'

Maritime Satellites​

Shodan制作了一个非常甜美的船只跟踪器，可以实时绘制船舶位置！
“ Cobham Satcom”或（“ Sailor”'VSAT'）

Submarine Mission Control Dashboards​

Title3:'slocum Fleet Mission Control'

CAREL PlantVisor Refrigeration Units​

'server: careldataserver''200文档遵循'

Nordex Wind Turbine Farms​

http.title:'nordex Controt

C4 Max Commercial Vehicle GPS Trackers​

'[1M [控制台上的35MWELCOME'
默认情况下，

DICOM Medical X-Ray Machines​

默认情况下确保了，但是这1,700多个机器仍然没有业务在互联网上。
“ DICOM服务器响应”端口:104

GaugeTech Electricity Meters​

'server: eig嵌入式Web服务器'200文档遵循'

Siemens Industrial Automation​

'Siemens，Simatic'Port:161

Siemens HVAC Controllers​

'server: Microsoft-Wince'content-Length: 12581'

Door / Lock Access Controllers​

'HID VERTX'端口:4070

Railroad Management​

'注销'“选择适当的”

Tesla Powerpack charging Status:​

有助于找到特斯拉PowerPack的充电状态。 http.title:'tesla powerpack系统'http.component:'d3'-ga3ca4f2

XZERES Wind Turbine​

标题:'xzeres风'

PIPS Automated License Plate Reader​

'HTML:'PIPS技术ALPR处理器''

Modbus​

'port:502'

Niagara Fox​

'port:1911,4911 product 3:Niagara'

GE-SRTP​

'port:18245,18246 product3:'General Electric'''

MELSEC-Q​

'port:5006,5007 product:mitsubishi'

CODESYS​

'port:2455操作系统'

S7​

'port:102'

BACnet​

'port:47808'

HART-IP​

'port:5094 hart-ip'

Omron FINS​

'port:9600响应代码'

IEC 60870-5-104​

'Port:2404 ASDU地址'

DNP3​

'port:20000源地址'

EtherNet/IP​

'port:44818'

PCWorx​

'port:1962 plc'

Crimson v3.0​

'Port:789 Product :'Red Lion Controls'

ProConOS​

'Port:20547 PLC'

Remote Desktop​

Unprotected VNC​

'验证'port:5900,5901“禁用身份验证”'RFB 003.008'

Windows RDP​

99.99％由辅助Windows登录屏幕确保。
'\ x03 \ x00 \ x00 \ x0b \ x06 \ xd0 \ x00 \ x00 \ x00 \ x124 \ x124 \ x00'

C2 Infrastructure​

CobaltStrike Servers​

product :'Cobalt Strike Team Server'Product 3:'Cobalt Strike Strike Beacon'ssl.cert.cert.serial:146473198-默认证书序列号SSL.JARM:07D14D16D21D21D21D07C42D41D41D241D24A458A375EEF0C576D23A7BAB9A9A9FB1 SSL3333660FOREN.ZIK

Brute Ratel​

Covenant​

SSL:'Covenant'http.component:'blazor'

Metasploit​

SSL:'MetasploitSignedca'

Network Infrastructure​

Hacked routers:​

路由器，该路由器受到折磨的黑客rout-help-sos

Redis open instances​

Product:'Redis键值商店'

Citrix:​

查找Citrix网关。 title:'citrix网关'

Weave Scope Dashboards​

Kubernetes Pods和Docker容器内的命令行访问以及整个基础架构的实时可视化/监视。
title:'weave范围'http.favicon.hash:567176827

Jenkins CI​

'x-Jenkins''set-cookie: jsessionid'http.title:'dashboard'

Jenkins:​

Jenkins无限制的仪表板X-Jenkins 200

Docker APIs​

'Docker Contains:'Port:2375

Docker Private Registries​

'docker-distripution-api version:注册表'200 ok'-gitlab

Pi-hole Open DNS Servers​

'dnsmasq-pi-hole''recursion:启用'

DNS Servers with recursion​

'port: 53'递归:启用了

Already Logged-In as root via Telnet​

'root@'port:23 -login -password -name -session

Telnet Access:​

telnet访问无需密码。端口:23控制台网关

Polycom video-conference system no-auth shell​

“ polycom命令壳”

NPort serial-to-eth / MoCA devices without password​

NPORT -KEYIN PORT:23

Android Root Bridges​

Google的草率断裂更新方法的切向结果。更多信息在这里。
'Android调试桥''设备'端口:5555

Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords​

LANTRONIX密码端口:30718-保存

Citrix Virtual Apps​

'Citrix Applications:'Port:1604

Cisco Smart Install​

脆弱（一种“设计”，尤其是在暴露时）。
“智能安装客户端活动”

PBX IP Phone Gateways​

PBX'网关控制台'-Password port:23

Polycom Video Conferencing​

http.title:'- Polycom''server: lighttpd''polycom命令shell' - failed port:23

Telnet Configuration:​

“ polycom命令壳” - failed port:23
示例: polycom视频会议

Bomgar Help Desk Portal​

'Server: Bomgar'200 OK'

Intel Active Management CVE-2017-5689​

'英特尔（R）主动管理技术'端口:623,664,16992,16993,16994,16995'主动管理技术'

HP iLO 4 CVE-2017-12542​

HP-ilo-4！'HP-ilo-4/2.53'！'HP-ILO-4/2.54'！'HP-ILO-4/2.55'！'HP-ILO-4/2.60'！端口:1900

Lantronix ethernet adapter's admin interface without password​

'按ENTER for SETUP模式端口:999'

Wifi Passwords:​

有助于在Shodan找到Clearext WiFi密码。 html:'def_wirelesspassword'

Misconfigured Wordpress Sites:​

wp-config.php如果访问可以透露数据库凭据。 http.html:'* wp-config.php创建脚本使用此文件'

Outlook Web Access:​

Exchange 2007​

'x-owa-version''ie=emulateie7''server: microsoft-iis/7.0'

Exchange 2010​

'x-owa-version'ie=emulateie7'http.favicon.hash:442749392

Exchange 2013 / 2016​

'x-aspnet-version'http.title:'outlook'-'x-owa-version'

Lync / Skype for Business​

'x-ms-server-fqdn'

Network Attached Storage (NAS)​

SMB (Samba) File Shares​

产生约500,000个结果.通过添加“文档”或“视频”等缩小范围
“ Authentication:禁用” port:445

Specifically domain controllers:​

'authentication:禁用'Netlogon sysvol -unix port:445

Concerning default network shares of QuickBooks files:​

'Authentication:禁用''共享此文件夹以访问QuickBooks文件OverNetwork'-unix port:445

FTP Servers with Anonymous Login​

'220''230登录成功。端口:21

Iomega / LenovoEMC NAS Drives​

'set -cookie: iomega=' - 'manage/login.html'-http.title3:'log in''

Buffalo TeraStation NAS Drives​

重定向Sencha Port:9000

Logitech Media Servers​

'Server: Logitech Media Server'200 OK'
示例: Logitech媒体服务器

Plex Media Servers​

'x-plex-protocol''200 ok'port:32400

Tautulli / PlexPy Dashboards​

'Cherrypy/5.1.0'/home'

Home router attached USB​

“ IPC $所有存储设备”

Webcams​

Generic camera search​

标题:CAMERA

Webcams with screenshots​

网络摄像头HAS_SCREENSHOT:TRUE

D-Link webcams​

'D-Link Internet摄像头，200 OK'

Hipcam​

'Hipcam Realserver/v1.0'

Yawcams​

'server: yawcam''mime-type: text/html'

webcamXP/webcam7​

（'WebCam 7'或“ WebCamxp”）http.component:'mootools'-401

Android IP Webcam Server​

'Server: IP网络摄像头服务器'200 OK'

Security DVRs​

HTML:'DVR_H264 ActiveX'

Surveillance Cams:​

与用户名:Admin和passwass NETSUREVELLANE UC-HTTPD SERVER: UC-HTTPD 1.0.0.0.0.0.0.0

Printers Copiers:​

HP Printers​

'序列号:''build:''server: hp http'

Xerox Copiers/Printers​

SSL:'xerox通用根'

Epson Printers​

'server: epson_linux upnp'200 ok'
'server: epson-http''200 ok'

Canon Printers​

'server: ks_http''200 ok'
'Server:佳能HTTP服务器'

Home Devices​

Yamaha Stereos​

'server: av_receiver''http/1.1 406'

Apple AirPlay Receivers​

Apple TV，HomePods，Ett。
'\ X08_AIRPLAY'PORT:5353

Chromecasts / Smart TVs​

'Chromecast:'Port:8008

Crestron Smart Home Controllers​

'Model: Pyng-Hub'

Random Stuff​

Calibre libraries​

'server:口径'http.status:200 http.title:calibre

OctoPrint 3D Printer Controllers​

title3:'octoprint' -title:'login'http.favicon.hash3:1307375944

Etherium Miners​

'ETH-总速度'

Apache Directory Listings​

用任何扩展名代替。
http.title:'Index of /'http.html:'.pem'

Misconfigured WordPress​

暴露了包含数据库凭据的wp-config.php文件。
http.html:'* wp-config.php创建脚本使用此文件'

Too Many Minecraft Servers​

'Minecraft Server''协议340'端口:25565

Literally Everything in North Korea​

NET3:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24