Where can you find an ocean of vulnerable hosts? Often, attackers utilize existing vulnerabilities to gain access to the system without much effort, so one of the easiest ways to do so is to search in Shodan. Shodan is one of the most important search engines, as it lets anyone on the internet find devices connected to the internet using a variety of filters. It can be accessed by visiting https://www.shodan.io/. This is one of the most popular websites consulted for information around the globe. If the name of a company is searched for, it will provide any relevant information that it has in its database, such as IP addresses, port numbers, and the service that was running.

The following sample screenshot from shodan.io shows hosts that are running IIS 5.0, which enables attackers to go ahead and narrow down the target and move laterally, which we will be learning about in the coming chapters:

Similar to Shodan, attackers now can also utilize the scans.io API for relevant information gathering, or censys.io, which can provide more information about IPv4 hosts, websites, certifications, and other stored information. The following screenshot provides information about packtpub.com: