Use Shodan.io To Passively Map An Organization's External Facing Assets

Using Shodan to gather information about the organization.

Background:

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

Using Shodan.IO to map an organization's external facing assets is a great way to see what devices and systems are publicly visible and accessible.

To get started, enter the organization's name or IP address into the search bar on Shodan.IO. Once the results are populated, you can explore the different devices and systems that are visible.

Exercise:

Use shodan.io to passively map an organization's external facing assets.

Example

Example:

Using dnsdumpster.com, I chose to look up the github.com domain.

Information Gathered:

Host Locations:

Where are hosts using this domain?

Common Ports:

What are the common ports being used with this domain?

Organizations:

What organizations are using this domain?

Vulnerabilities:

What types of exploits are hosts on the domain vulnerable to?

Products:

What services or products are hosts on the domain using?

Operating Systems:

What OS are the hosts using?

Shodan provides a large amount more data so go and look for yourself! Go look around and interact with some domains!

PreviousUse Dnsdumpster.com To Passively Map An Organization's External Facing AssetsNextUse Crt.Sh To Identify Domains And Sub-Domains That Belong To An Organization

Last updated