The Shodan search engine, found at shodan.io, isn't your average search engine. Shodan, through the use of basic as well as specific query strings, can return searches with vulnerable systems connected to the internet.

The website was developed by John Matherly, has been available for just under a decade and has now become an invaluable tool for fingerprinting over the internet. Considering that we live in the age of the Internet of Things (IoT), more and more devices are now accessible via the internet, however many of them are not as locked down as they should be, sometimes making them vulnerable to not only hackers, but any curious minds.

Shodan scans for common ports and performs banner grabbing as part of its footprinting process, then  displays devices accessible over the web, including routers and network devices, webcams and surveillance devices, traffic cams, servers and SCADA systems, and many more interesting devices.

In the list of results, clicking on individual results often returns a list of open ports and services on the device, and also allows for report generation.

To use Shodan, first visit the website at www.shodan.io:

You'll notice that you can use the service for free, but you will be limited to viewing one page of returned results if you do not sign up. Signing up is free and allows you to view the first two pages of returned findings/results displayed by the search engine. There is also a paid subscription that you can subscribe to, in order to access all results.