search engines like google, bing, yahoo and others is an excellent search engine for finding websites, but if we want to find a computer that is running softwere (like apache) or want to know which version of IIS is the most popular, or would like to know how much FTP servers can be logged as a nonymous, or may also want mengathui vulnerability is new and we want to know how many are still using the type / types affected by these vulnerabilities, the search engine standard (traditional) will not answer those questions.
most of the data in the grab of the "banner" is a meta-data information from a server that is sent back to the client (such as HTTP HEADER) may contain information inforamsi server software support services, or a form of data messages sent to the client before berintraksi with server, for example, a message stating that the ftp server is ready to run.
The data tells us that there ftp softwere with the name "kgc.cz" with version "6:00" or the more complete we can melihatny in the form of http headers
with information obtained from the grab "banner" is Shodan can answer questions that are not answered by other search mesain. Shodan is not much different from search engines that we have known so far, only Shodan have little uniqueness in comparison with other search enggine. Unlike the usual search enginee, Shodan is a search engine that provides information from services run by all the devices connected to the internet either server, router or a computer with public IP addresses, etc., the workings of Shodan is by Utilizing spiders that crawl on the pages of the website for retrieve important information from the header, do the scanning and banner grabbing against ports that are generally open like SSH, telnet and FTP on the server then collects this information can be accessed like a search enngine thus Shodan search engines will be a search engine that memabantu in penetration action, How to use it quite easy, simply enter the keywords of the information you want didapatkan.dan can also be filtered by country (2 letter country code), hostname (full or partial hostname).
How to Use Shodan
Shodan search engine was originally located at http://shodan.surtri.com/ now this search engine can be accessed at http://www.shodanhq.com, the search engine which was released by John Matherly (http://twitter. com / achillean) requires us to register before using its search engine, (free & paid) like other search engines, Shodan also use the boolean operators ('+', '-' and '|') in search by default Shodan will provide operator "+" on every keyword that we give, boolean operators addition, there are special filters to narrow your search results.
General
All filters have the format 'filter: value' and can be added anywhere in the search query. Note that there is no space before or after the sign ":."
Country
filters 'country' is used to narrow search results by country. This is useful when we want to find a computer in certain countries.
Hostname
filters 'hostname' allows us to find a host that contains the value in the host name.
Net
filters 'net' is used to restrict search results to a specific IP or subnet. Using CIDR notation to designate the subnet range. Here are some examples:
OS
'os' is used to search for a specific operating system. Typical values are: windows, linux and cisco.
Port
Filter 'port' is used to narrow the search to a specific service. The values are allowed: 21, 22, 23 and 80. ex:
and many more that we can use filters to narrow the results perncarian us, just like other search engines, Shodan also have dork, dork please to combine the boolean operators and filters to narrow your search results using the example
query is used to obtain information from the apache daemon on any server which is located in Indonesia with a query containing the hostname. id it will display around 102 IP either server or router equipped with the info banner examples
some other interesting keywords that should be tested as
some dork that can be used
Tidak ada komentar:
Posting Komentar