Shodan (https://shodan.io) is a different kind of search engine; it helps you to look for devices connected to the internet instead of content in web pages. Like Google, it has operators and a specific syntax to execute advanced and specific searches. This screenshot shows a search for all hostnames related to google.com:
A hostname search example using Shodan
To take advantage of Shodan's advanced search features, one needs to first create an account. Free accounts yield a limited number of results, and some options are restricted though still very useful. Shodan can be used to find the following:
- Servers exposed to the internet belonging to some domain can be found like this:
hostname:example.com
- Specific types of devices, such as CCTV cameras or Industrial Control Systems (ICS), can be found by specifying the Server parameter:
Server: SQ-WEBCAM
- Specific open ports or services can be found, for example, web servers using common ports:
port:80,443,8080
- Hosts in a specific network range can be found like this:
net:192.168.1.1/24
A useful reference on Shodan search options and operators can be found at: https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches.