Search Query Fundamentals The Banner Devices run services and those services are what Shodan collects information about. For example, websites are hosted on devices that run a web service and Shodan would gather information by speaking with that web service. The information for each service is stored in an object called the banner. It is …
Banner Specification of shodan search engine | part – 4 Read More »
Shodan Command-Line Interface The shodan command-line interface is packaged with the official Python library for Shodan, which means if you’re running the latest version of the library you already have access to the CLI. Installation In a virtual python environment like pyenv: easy_install shodan If you have python installed then you can use this command: …
Shodan Web Interfaces In the previous blog we have learnt about basics about shodan, now we are going to learn about shodan interfaces. The easiest way to access the data that Shodan gathers is through the web interfaces. Almost all of them let you enter a search query, so lets discuss that first: Search Query …
Introduction about Shodan Shodan is a search engine for Internet-connected devices it was created by John C. Matherly (@achillean) in 2009.. Web search engines, such as Google and Bing, are great for finding websites. Shodan helps you to find information about desktops, servers, IoT devices, and more. This information includes metadata such as the software …
Shodan pentesting guide – introduction | part -1 Read More »
Google Hacking Basics A fairly large portion of this blog is dedicated to the techniques the “bad guys” will use to locate sensitive information. We present this information to help you become better informed about their motives so that you can protect yourself and perhaps your customers. We’ve already looked at some of the benign …
Finding various vulnerabilities using google dorking | part – 9.1 Read More »
Digging the internet with google dorks 1.Google queries for locating various Web servers Query Server “Apache/1.3.28 Server at” intitle:index.of Apache 1.3.28 “Apache/2.0 Server at” intitle:index.of Apache 2.0 “Apache/* Server at” intitle:index.of Any version of Apache “Microsoft-IIS/4.0 Server at” intitle:index.of Microsoft Internet Information Services 4.0 “Microsoft-IIS/5.0 Server at” intitle:index.of Microsoft Internet Information Services 5.0 “Microsoft-IIS/6.0 Server …
Finding various vulnerabilities with google dorking | part – 9 .1 Read More »
Stringed Dorks Stringing Queries has been a target for a very long time as it allows a large diversity of a search. This has recently been discovered in the mixture of using Search Functions and the GRS in combination. Rules to be acknowledged prior to trialing this method:1. You can only use it on Search …
Learn how to string/extend google dorks | part -9 Read More »
Most Known SQLi Error Vulnerability This is by far the most universally exploited vulnerability on the face of the planet when it comes to SQLi. Simply put; The database has an error that has been rendered and displayed prior to the indexing to the Google Index of Websites. What we call the internet for the …
Findin Sqli error vulnerabilities using google dorking | part – 8 Read More »
Google regex system Now this may be confusing. And trust me it should be. I’ve reused data from earlier with some minor adjustments to make it completely accurate. The reason I’ve done this is we need to start somewhere. And it’s certainly not going to be at the complete top, so you lose context of …
Basic Dorks Keyword PageType Page Parameter TargetKeyword(we will use xWord from now on) [XW] Keyword [KW] PageType [PT] PageParameter [PP] Example:KW .PT?PP=Shopping .php?cartID= Now you may be asking.“Where the did the: . ? and = come from?” The . is used on all devices to identify a file type. Which when we access via the …
