Welcome to HackeRoyale.

How To Use Shodan For Finding Targets, Information Gathering & Hacking ?

Ever thought what hackers do when they don’t find a target to pop into? well, at least they don’t search target on Google and waste their precious time, they search for targets on SHODAN.

Since the world is developing into a huge brain of Internal connected Devices capable of responding to the surroundings and communicate through which we generally call “INTERNET” and this theory is a part of Internet of Things(IoT).

The Search engine which hackers mostly use to search for the targets has been called as “The Scariest Search Engine on the Internet by its creator John Matherly.

Shodan server details


What is SHODAN

Some have described it as the search engine for hackers, Shodan is a search engine for finding specific devices, and device types, that exist online and are open on the internet. The most popular searches are for things like webcam, Linksys, Cisco, Netgear, Proxy, etc.

Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet.

It works by scanning the Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.

Shodan search

Getting SHODAN:

  1. Creating User account


    shodan IoT search engine Open up a browser and type in Shodan.io, you will be greeted with a welcome page, Navigate to Login/Register and fill in the details.

    creating shodan account

  2. Searching on Shodan

    After you register you can click on “Get Started” or search by typing.

    Explore shodan search shodan for vulnerable target


Filters for search optimisation

city: Find devices in a particular city
country: Find devices in a particular country
geo: You can pass it coordinates
hostname: Find values that match the hostname
net: Search based on an IP or /x CIDR
os: Search based on an operating system
port: Find particular ports that are open
before/after: Find results within a timeframe

shodan search filters

product: To find a particular product

Shodan reads the banners from IP addresses and then categorises all types of devices that have a remote interface from all over the world. Many of these devices have default logins, so once you find a device with default login, you may be able to own it!

In addition, Shodan has some powerful features to search specifically for devices by type, login, port, and geography. I will show you some of these on my next Shodan tutorial, so keep coming back my greenhorn hackers!

shodan also provides you with a browser plugin, access so that when you come across something you want to know then you can simply click on the plugin access it known data on shodan.

shodan plugin plugin shodan

Metasploit, The worlds one of the most used exploit makers for hackers also proved an auxiliary module for shodan,

Metasploit module: auxiliary/gather/shodan_search

This module uses the Shodan API to search Shodan. API key is required to use this module which can be obtained by registering at shodan. The output from the module is displayed on the screen, which you can save to a file or to the MSF database. SHODAN filters like port, hostname, os, geo, city can be used as queries, but you are limited to restriction like download, locate. etc…. depending upon the account’s type(free/member) you use to generate API key.

msf > use auxiliary/gather/shodan_search
msf auxiliary(shodan_search) > show actions
msf auxiliary(shodan_search) > set ACTION <action-name>
msf auxiliary(shodan_search) > show options
...show and set options...
msf auxiliary(shodan_search) > run

so keep hunting for open devices on the internet using Shodan and make them slaves…..

Kindly let us know if you have any queries and do rate the article and share to let others know about this tool, to find targets to hack. To know how to brute force into a protocol read the article on How To Crack Passwords Using THC Hydra? Happy Hunting !!!!!….



featured posts


Get weekly updates by subscribing to our newsletter.