Shodan Dorks

  • Good Shodan Dorks from my experience

SMB

  • only port 445, country Iran, smb shares that allow you to connect to at least one share

    • Admin shares (annotated with a $ at the end) may still require valid username and password but this dork is for devices in which you can connect to at least one share

port:445 country:IR "Authentication: disabled"
port:445 "Authentication: disabled"

Python HTTP Servers

  • only port 8000, hunts for python simple http servers

  • people make mistakes and forget their http servers are running

  • it is horrifying how many individuals are hosting their entire vps with items like ssh keys exposed

Title:"Directory listing for /" port:8000

FTP

  • only port 21, it hunts for FTP servers that have anonymous access allowed

  • there is a staggering number of these

port:21 "User logged in"

Web

  • targets port 80, but you can drop that part to find even more results.

  • This dork targets exposed .pem files which can be terrible for websites if there certs are publically exposed

http.title:"Index of /" http.html:".pem" port:80

Tor

  • this searches shodan for headers that have onion-location in the headers

  • this is a indication that they are hosting a hidden service

  • this is a security concern for hidden services as the whole idea behind hidden services is to hide its location 

onion-location

Cameras

  • webcam7 dork

("webcam 7" OR "webcamXP") http.component:"mootools" -401

Additional Dorks

PreviousSpiderfootNextPhishing

Last updated