search

Use Shodan.io To Passively Map An Organization's External Facing Assets

Using Shodan to gather information about the organization.

hashtag
Background:

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

Using Shodan.IO to map an organization's external facing assets is a great way to see what devices and systems are publicly visible and accessible.

To get started, enter the organization's name or IP address into the search bar on Shodan.IO. Once the results are populated, you can explore the different devices and systems that are visible.

hashtag
Exercise:

Use shodan.io to passively map an organization's external facing assets.

hashtag
Example

hashtag
Example:

Using dnsdumpster.comarrow-up-right, I chose to look up the github.com domain.

hashtag
Information Gathered:

hashtag
Host Locations:

Where are hosts using this domain?

hashtag
Common Ports:

What are the common ports being used with this domain?

hashtag
Organizations:

What organizations are using this domain?

hashtag
Vulnerabilities:

What types of exploits are hosts on the domain vulnerable to?

hashtag
Products:

What services or products are hosts on the domain using?

hashtag
Operating Systems:

What OS are the hosts using?

hashtag
Shodan provides a large amount more data so go and look for yourself! Go look around and interact with some domains!

PreviousUse Dnsdumpster.com To Passively Map An Organization's External Facing AssetsNextUse Crt.Sh To Identify Domains And Sub-Domains That Belong To An Organization

Last updated