Rabu, 01 Februari 2012

understanding Shodan


understanding Shodan,,,,,,


Search engines are computer programs designed to help someone find the files that are stored in a computer, for example, in a public server on the web (WWW) or the computer itself. The search engine allows us to ask for media content with specific criteria (typically those containing a word or phrase that you specify) and obtain a list of files that meet these criteria. Search engines usually use the index (which was made before and updated on a regular basis) to locate the file after the user enters search criteria.
hodan search engine was originally located at http://shodan.surtri.com/ now this search engine can be accessed at http://www.shodanhq.com, the search engine which was released by John Matherly (http://twitter. com / achillean) is menharuskan us to register before using its search engine, (free & paid) like other search engines,,,,,

example :


apache+country:ID -> akan mencari seluruh komputer yang ada di indonesia yang menjalankan softwere service apache
nginx+country:MY ->akan mencari seluruh komputer yang ada di malaysia yang menjalankan softwere/service ngingx
 
filters 'country' is used to narrow search results by country. This is useful when we want to find a computer in certain countries.,,
 
net
filters 'net' is used to restrict search results to a specific IP or subnet. Using CIDR notation to designate the subnet range. Here are some examples:
 
216.219.143.14: net:216.219.143.14
216.219.143.*: net:216.219.143.0/24
216.219.*: net:216.219.0.0/16
216.*: apache net:216.0.0.0/8
 
 
and many more that we can use filters to narrow the results perncarian us, just like other search engines halanya, Shodan also have a dork, dork please to combine the boolean operators and filters to narrow your search results using the example,,
 
ountry:ID port:80 hostname:.id
 
So it is conceivable in the presence of Shodan would be a lot of servers that will be the compromise. how not, an attacker needs ga was looking for one target-one can even attack aimed at random victims. Shodan is likely to be the primary choice of pentester at any stage of information gathering or the script kiddies anymore prankster.,,,,  
 
 
 


 
Diposting oleh di 09.53

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)