Practical Application for Using Shodan

Finding Devices, Protocols, Vendors, etc.

Disclaimer – It is not the intent of this post to point out a particular BAS software vendor, protocol, or device.  The intent is to show that we, the system integrator, still have work ahead of us to do our part)

Shodan’s search engine is fairly flexible and easy to use.  The various lists below are what I found using a URL search like the two shown here (you must be logged in for the URL search to work)

• https://www.shodan.io/search?query=PDU+country%3A”US“
• https://www.shodan.io/search?query=PDU+country%3A%22US%22

Notice the two bold sections of the URL string.  The first is what you are looking for and the second is the country.  The URL Encoded Characters for a colon are %3A. The quotation mark can be entered as it is but in case it doesn’t work the URL Encoded Characters for a quotation mark are %22.

You can also add the city.  There are three bold sections in the URL search below.  The last is the city.  I add +city:”Atlanta”.

https://www.shodan.io/search?query=PDU+country%3A”US“+city%3A”Atlanta”

In the search Shodan search window the above looks like this:

Image may be NSFW.
Clik here to view.

You can also add other search criteria such as city, port, product, org (internet provider), os (operating system), etc.  The example shows adding a city to the search.

• Part 1 – https://www.shodan.io/search?query=
• Part 2 – enter the device or protocol or vendor or etc. you want to look for (example PDU)
• Part 3 – (optional) +country (example: +country%3A”CA” – this will search Canada)
• Part 4 – (optional) +city (example: +city%3A”Toronto” – this will search Toronto)

The completed URL search would look like this:

https://www.shodan.io/search?query=PDU+country%3A”CA”+city%3A”Toronto”

Below are the results of various searches.  The first group is by manufacturer.  It list the total number for each in the United States and the top 5 cities.  The second group is by Protocol.  It also list the total number for each in the United States and the top 5 cities.  The last set is by device type with United States total and top 5 cites.

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.