Today, we have internet programs that collect and organize content according to a user's query. These programmes such as Google, Duck Duck Go, Bing etc are termed search engines.
Now in contrast to those search engines, Shodan is also a search engine, but one specifically designed for IoT devices.
🔸 Intro
The term IoT, or Internet of Things, refers to the collective network of connected devices and the technology that facilitates communication between devices and the cloud, as well as between the devices themselves.
The Internet of Things (IoT) describes the network of physical objects—“things”—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
Shodan was launched in 2009 by computer programmer John Matherly, who, in 2003, conceived the idea of searching devices linked to the Internet.
According to Tech Target, Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine designed to map and gather information about internet-connected devices and systems.
🔸 Shodan Data
Shodan collects data mostly on web servers (HTTP/HTTPS – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060),[2] and Real-Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.
The cloud plays the role of communication facilitator with its powerful APIs for the IoT. Cloud Computing in IoT works as part of a collaboration and is used to store IoT data. Sensors are a major source of IoT data.
No doubt, cloud computing accelerates the growth of IoT.
🔸 How Does Shodan Work?
Shodan works by requesting connections to every imaginable internet protocol (IP) address on the internet and indexing the information that it gets back from those connection requests. Shodan crawls the web for devices using a global network of computers and servers that are running 24/7.
Shodan merely indexes publicly available information. Yes, it can show users a nuclear power plant’ I have an article about how the internet works and you can read it here.
I believe Shodan can only discover devices that have open ports so you don't have to get worried about your home router. You just need to find out which devices you are using have open ports.
🔸 Is Shodan legit?
Unfortunately, there are many individuals out there who will use Shodan with malicious intent. They will attempt to hack baby monitors, webcams, and security systems — and once they have access to a device in your network, they can violate your privacy, install malware on your system, and steal your identity.
Shodan easily finds the public data through webcams, video projectors, traffic signals, home heating systems, routers, and other SCADA systems. Anything within the web interface Shodan can find it easily.
Supervisory control and data acquisition (SCADA) is a system of software and hardware elements that allows industrial organizations to Control industrial processes locally or at remote locations. Monitor, gather, and process real-time data.
🔸 Is It Free?
Shodan is free to explore, but the number of results is capped with a free account. Advanced filters require a paid membership
Shodan currently returns 10 results to users without an account and 50 to those with one. If users want to remove the restriction, they are required to provide a reason and pay a fee.[6] The primary users of Shodan are cybersecurity professionals, researchers and law enforcement agencies.
The best open source alternative to Shodan is Censys. See a list of other alternatives with some completely being free.
🔸 AOB
Shodan Monitor keeps track of the devices that you have exposed to the Internet. Setup notifications, launch scans and gain complete visibility into what you have connected.
They even have a cheat sheet of filters available at a click of a button.
In my next article, I will be writing how exactly Shodan works and we how to access it programmatically with their free API. So If you don't have a registered account yet. Get registered with Shodan!
🔸 Conclusion
Once again, hope you learned something today from my little closet.
Please consider subscribing or following me for related content, especially about Tech, Python & General Programming.
You can show extra love by buying me a coffee to support this free content and I am also open to partnerships, technical writing roles, collaborations and Python-related training or roles.
📢 You can also follow me on Twitter : ♥ ♥ Waiting for you! 🙂