SHODAN is a computer search engine. But it is unlike any other search engine. While other search engines scour the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well-known services. This presentation will focus on the applications of SHODAN to penetration testers, and in particular will detail a number of case studies demonstrating passive vulnerability analysis including default passwords, descriptive banners, and complete pwnage. For penetration testers, SHODAN is a game-changer, and a goldmine of potential vulnerabilities.
Download the PDF presentation by Michael Schearer ("theprez98")
The talk includes the following:
- What is SHODAN?
- Basic Operations
- Penetration Testing
- Case Study 1: Cisco Devices
- Case Study 2: Default Passwords
- Case Study 3: Infrastructure Exploitation
- Other Examples
- The Future