![FIDO2 Security Key [Folding Design] Thetis Universal Two Factor Authentication USB (Type A) for Multi-Layered Protection (HOTP) in Windows/Linux/Mac OS,Gmail,Facebook,Dropbox,SalesForce,GitHub](/_next/image/?url=https%3A%2F%2Fimages-na.ssl-images-amazon.com%2Fimages%2FI%2F319b82vXgEL.jpg&w=640&q=75)
What is Shodan?
Shodan is a search engine for internet-connected devices and services. It scans and indexes the metadata of servers, webcams, routers, and even industrial control systems. Instead of showing web pages, it displays IP addresses, open ports, protocols, service banners, and more.
For cybersecurity purposes, Shodan is used to discover possible vulnerabilities in public-facing services without directly interacting with the systems—thus staying within the boundaries of legal and ethical research.
Objective of This Exercise
The purpose of this lab is to use Shodan.com to gather passive intelligence on the domain Demo.cyberseclabs.org. The goal is to collect IP data, open ports, and service banners, all without performing any active scans.
This is strictly a learning exercise and is intended only for research and educational use. No exploitation or unauthorized access is performed or encouraged.
Step-by-Step Guide
1. Access Shodan
Go to the official website: https://www.shodan.io
Log in or create a free account if required to access full search results.
2. Search for the Target
In the search bar, type:
Press enter to begin the search. Shodan will return all records it has indexed for this domain.
3. Review the Results
The data provided may include:
-
IP Address: The public-facing IP of the domain.
-
Geolocation: Physical server location (country, city).
-
Open Ports: Commonly found ports like 22 (SSH), 80 (HTTP), 443 (HTTPS).
-
Service Banners: Metadata that shows which services and software versions are running.
-
SSL Certificate Details: If HTTPS is used, Shodan may show cert expiration and issuer.
-
Vulnerabilities (CVEs): Based on known signatures, possible vulnerabilities are listed.
4. Screenshot and Document Findings
Take screenshots of the Overview, Ports, and Vulnerabilities tabs. These can be included in lab reports or cybersecurity documentation.
A typical report might contain:
-
Target IP
-
Open ports and protocols
-
Detected software and versions
-
Any listed CVEs and potential risks
Interpreting the Data
The information gathered can reveal the attack surface of the target.
For example:
-
If port 22 is open, SSH may be exposed. Is there protection like 2FA or IP filtering?
-
If Shodan shows Apache/2.4.7, this version may have known CVEs exploitable by attackers.
-
An expired SSL certificate might indicate poor maintenance.
This kind of passive intel allows defenders to harden systems before adversaries can find weaknesses.
Legal and Ethical Notice
This guide is provided solely for educational and research purposes. The use of Shodan to gather public metadata is legal, but any attempt to exploit, access, or interact with systems you do not own is strictly prohibited.
Unauthorized penetration testing, port scanning, or service disruption violates:
-
Local cybersecurity laws
-
International agreements like the Budapest Convention
-
Ethics in cybersecurity training
Always use legal test domains like Demo.cyberseclabs.org, provided by ethical hacking labs and training platforms.
Report for Lab
| Information | Description |
|---|---|
| IP Address | [Shodan collected result] |
| Geographical Location | [Country, City] |
| Open Ports | Port 22 (SSH), Port 80 (HTTP), Port 443 (HTTPS) |
| Running Services | Apache/2.4.7, OpenSSH/7.6, MySQL/5.7, etc. |
| Service Versions | Apache/2.4.7, OpenSSH/7.6, MySQL/5.7, etc. |
| SSL Certificate | [SSL certificate details, if available] |
| CVE (Vulnerabilities) | [List of CVEs detected from service information, if any] |
| Security Warning/Recommendation | Update software, close unused ports, change SSL certificates, etc. |
Frequently Asked Questions (FAQs)
What is the purpose of Shodan in cybersecurity?
Shodan helps cybersecurity professionals identify devices and services exposed to the internet. It allows researchers to understand the digital footprint of a system and detect outdated or misconfigured technologies before bad actors do.
Can I legally scan any website with Shodan?
Yes, Shodan performs passive scans and only shows publicly available metadata. However, attempting to probe or exploit targets you do not own or have permission to test can be illegal.
Does Shodan show accurate real-time data?
Shodan results are based on periodic scans, so the information may be outdated by a few hours or days. However, it still provides a reliable snapshot of the services once visible from the public internet.
What should I do if I find a vulnerability on a public server?
If you discover a vulnerability unintentionally, the best action is to report it to the responsible organization through their security contact or responsible disclosure program. Do not attempt to exploit or test it further.
Are there alternatives to Shodan for reconnaissance?
Yes, tools like Censys, Netcraft, and ZoomEye offer similar capabilities. Each has its unique indexing methods and may provide different data points.
Conclusion
Shodan is a powerful reconnaissance tool that can be used to understand the exposure of systems connected to the internet. In this lab, we used it to gather information on Demo.cyberseclabs.org without performing any intrusive actions.
Understanding and using tools like Shodan is essential for anyone pursuing a career in penetration testing, red teaming, or network defense.
Warning: The Demo.cyberseclabs.org site is provided as an example at the time of writing this content. It is possible that you may not be able to follow this guide successfully if the target is not accessible or has changed. Always ensure that you are performing any security tests on systems you have explicit permission to test.:
