Search engines index websites on the web so you can find them more efficiently, and the same is true for internet-connected devices. Shodan indexes devices like webcams, printers, and even industrial controls into one easy-to-search database, giving hackers access to vulnerable devices online across the globe. And you can search its database via its website or command-line library.
搜索引擎会将网络上的网站编入索引,以便您可以更高效地找到它们,互联网连接的设备也是如此。 Shodan将诸如网络摄像头,打印机乃至工业控制之类的设备索引到一个易于搜索的数据库中,从而使黑客能够访问全球在线存在漏洞的设备。 您可以通过其网站或命令行库搜索其数据库。
Shodan has changed the way hackers build tools, as it allows for a large part of the target discovery phase to be automated. Rather than needing to scan the entire internet, hackers can enter the right search terms to get a massive list of potential targets. Shodan’s Python library allows hackers to quickly write Python scripts that fill in potential targets according to which vulnerable devices connect at any given moment.
Shodan改变了黑客构建工具的方式,因为它可以使目标发现阶段的很大一部分实现自动化。 黑客无需扫描整个互联网,而可以输入正确的搜索词来获取大量潜在目标。 Shodan的Python库允许黑客快速编写Python脚本,这些脚本根据潜在漏洞在任何给定时刻进行连接来填充潜在目标。
You can imagine hunting for vulnerable devices as similar to trying to find all the pages on the internet about a specific topic. Rather than searching every page available on the web yourself, you can enter a particular term into a search engine to get the most up-to-date, relevant results. The same is true for discovering connected devices, and what you can find online may surprise you!
您可以想象,寻找易受攻击的设备类似于尝试查找Internet上有关特定主题的所有页面。 您可以自己在搜索引擎中输入特定字词,以获取最新,最相关的结果,而不必自己搜索网上的每个页面。 发现连接的设备也是如此,您在网上可以找到的内容可能会让您感到惊讶!
步骤1:登录Shodan (Step 1: Log in to Shodan)
First, whether using the website or the command line, you need to log in to shodanhq.com in a web browser. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users. For instance, you can only view one page of search results without logging in. And you can only see two pages of search results when logged in to a free account. As for the command line, you will need your API Key to perform some requests.
首先,无论使用网站还是命令行,您都需要在Web浏览器中登录shodanhq.com 。 尽管您可以在不登录的情况下使用Shodan,但是Shodan将其某些功能限制为仅登录用户。 例如,您只能在不登录的情况下查看一页搜索结果。并且在登录免费帐户时只能看到两页搜索结果。 至于命令行,您将需要您的API密钥来执行一些请求。
步骤2:通过命令行设置Shodan(可选) (Step 2: Set Up Shodan via Command Line (Optional))
A particularly useful feature of Shodan is that you don’t need to open a web browser to use it if you know your API Key. To install Shodan, you’ll need to have a working Python installation. Then, you can type the following in a terminal window to install the Shodan library.
Shodan的一项特别有用的功能是,如果您知道自己的API密钥,则无需打开Web浏览器即可使用它。 要安装Shodan,您需要安装Python。 然后,您可以在终端窗口中键入以下内容以安装Shodan库。
~$ pip install shodan Collecting shodan
Downloading https://files.pythonhosted.org/packages/22/93/22500512fd9d1799361505a1537a659dbcdd5002192980ad492dc5262717/shodan-1.14.0.tar.gz (46kB) 100% |████████████████████████████████| 51kB 987kB/s
Requirement already satisfied: XlsxWriter in /usr/lib/python2.7/dist-packages (from shodan) (1.1.2)
Requirement already satisfied: click in /usr/lib/python2.7/dist-packages (from shodan) (7.0)
Collecting click-plugins (from shodan)
Downloading https://files.pythonhosted.org/packages/e9/da/824b92d9942f4e472702488857914bdd50f73021efea15b4cad9aca8ecef/click_plugins-1.1.1-py2.py3-none-any.whl
Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from shodan) (0.3.7)
Requirement already satisfied: requests>=2.2.1 in /usr/lib/python2.7/dist-packages (from shodan) (2.21.0)
Building wheels for collected packages: shodan
Running setup.py bdist_wheel for shodan ... done
Stored in directory: /root/.cache/pip/wheels/fb/99/c7/f763e695efe05966126e1a114ef7241dc636dca3662ee29883
Successfully built shodan
Installing collected packages: click-plugins, shodan
Successfully installed click-plugins-1.1.1 shodan-1.14.0
Then, you can see all the available options -h to bring up the help menu.
然后,您可以看到所有可用选项-h来打开帮助菜单。
~$ shodan -h
Usage: shodan [OPTIONS] COMMAND [ARGS]...
Options:
-h, --help Show this message and exit.
Commands:
alert Manage the network alerts for your account
convert Convert the given input data file into a different format.
count Returns the number of results for a search
data Bulk data access to Shodan
domain View all available information for a domain
download Download search results and save them in a compressed JSON...
honeyscore Check whether the IP is a honeypot or not.
host View all available information for an IP address
info Shows general information about your account
init Initialize the Shodan command-line
myip Print your external IP address
org Manage your organization's access to Shodan
parse Extract information out of compressed JSON files.
radar Real-Time Map of some results as Shodan finds them.
scan Scan an IP/ netblock using Shodan.
search Search the Shodan database
stats Provide summary information about a search query
stream Stream data in real-time.
version Print version of this tool.
These controls are pretty straightforward, but not all of them work without connecting it to your Shodan API Key. In a web browser, log in to your Shodan account, then go to “My Account” where you’ll see your unique API Key. Copy it, then use the init command to connect the key.
这些控件非常简单,但是如果不将它们连接到您的Shodan API密钥,则并非所有控件都能正常工作。 在网络浏览器中,登录您的Shodan帐户,然后转到“我的帐户”,您将在其中看到唯一的API密钥。 复制它,然后使用init命令连接密钥。
~$ shodan init XXXXxxxxXXXXxxXxXXXxXxxXxxxXXXxX
Successfully initialized
第3步:搜索可访问的网络摄像头 (Step 3: Search for Accessible Webcams)
There are many ways to find webcams on Shodan. Usually, using the name of the webcam’s manufacturer or webcam server is a good start. Shodan indexes the information in the banner, not the content, which means that if the manufacturer puts its name in the banner, you can search by it. If it doesn’t, then the search will be fruitless.
有很多方法可以在Shodan上找到网络摄像头。 通常,使用网络摄像头制造商或网络摄像头服务器的名称是一个好的开始。 Shodan将信息标记在横幅中 ,而不是内容中,这意味着如果制造商将其名称放置在横幅中,则可以对其进行搜索。 如果没有,搜索将是徒劳的。
One of my favorites is webcamxp, a webcam and network camera software designed for older Windows systems. After typing this into the Shodan search engine online, it pulls up links to hundreds, if not thousands, of web-enabled security cameras around the world.
我的最爱之一是webcamxp ,这是为较旧的Windows系统设计的网络摄像头和网络摄像头软件。 将其输入Shodan在线搜索引擎后,它会拉动指向全球数百个(甚至数千个)启用Web的安全摄像机的链接。
To do this from the command line, use the search option. (Results below truncated.)
要从命令行执行此操作,请使用搜索选项。 (以下结果被截断。)
~$ shodan search webcamxp
81.133.███.███ 8080 ████81-133-███-███.in-addr.btopenworld.com
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nConten t-Length: 7313\r\nCache-control: no-cache, must revalidate\r\nDate: Tue, 06 Aug 2019 21:39:29 GMT\r\nExpires: Tue, 06 Aug 2019 21:39:29 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
74.218.███.██ 8080 ████-74-218-███-██.se.biz.rr.com
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7413\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 14:22:02 GMT\r\nExpires: Wed, 07 Aug 2019 14:22:02 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
208.83.██.205 9206 ████████████.joann.com
HTTP/1.1 704 t\r\nServer: webcam XP\r\n\r\n
115.135.██.185 8086
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2192\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 06:49:20 GMT\r\nExpires: Wed, 07 Aug 2019 06:49:20 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
137.118.███.107 8080 137-118-███-███.wilkes.net
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2073\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 12:37:54 GMT\r\nExpires: Wed, 07 Aug 2019 12:37:54 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
218.161.██.██ 8080 218-161-██-██.HINET-IP.hinet.net
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7431\r\nCache-control: no-cache, must revalidate\r\nDate: Mon, 05 Aug 2019 18:39:52 GMT\r\nExpires: Mon, 05 Aug 2019 18:39:52 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
...
92.78.██.███ 37215 ███-092-078-███-███.███.███.pools.vodafone-ip.de
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 8163\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 05:17:22 GMT\r\nExpires: Wed, 07 Aug 2019 05:17:22 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
85.157.██.███ 8080 ████████.netikka.fi
HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7947\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 00:25:41 GMT\r\nExpires: Wed, 07 Aug 2019 00:25:41 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n
108.48.███.███ 8080 ████-108-48-███-███.washdc.fios.verizon.net
HTTP/1.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 339\r\nCache-control: no-cache, must revalidate\r\nDate: Tue, 06 Aug 2019 22:40:21 GMT\r\nExpires: Tue, 06 Aug 2019 22:17:21 GMT\r\nPragma: no-cache\r\nServer: webcamXP\r\nWWW-Authenticate: Basic realm="webcamXP"\r\nContent-Type: text/html\r\n\r\n
(END)
To exit results, hit Q on your keyboard. If you only want to see certain fields instead of everything, there are ways to omit some information. First, let’s see how the syntax works by viewing the help page for search.
要退出结果,请按键盘上的Q。 如果您只想查看某些字段而不是所有内容,则可以使用一些方法来省略一些信息。 首先,通过查看搜索帮助页面来了解语法的工作原理。
~$ shodan search -h
Usage: shodan search [OPTIONS]
Search the Shodan database
Options:
--color / --no-color
--fields TEXT List of properties to show in the search results.
--limit INTEGER The number of search results that should be returned. Maximum: 1000
--separator TEXT The separator between the properties of the search results.
-h, --help Show this message and exit.
Unfortunately, the help page does not list all of the available fields you can search, but Shodan’s website has a handy list, seen below.
不幸的是,帮助页面并未列出您可以搜索的所有可用字段,但是Shodan的网站上有一个方便的列表 ,如下所示。
Properties:
asn [String] The autonomous system number (ex. "AS4837").
data [String] Contains the banner information for the service.
ip [Integer] The IP address of the host as an integer.
ip_str [String] The IP address of the host as a string.
ipv6 [String] The IPv6 address of the host as a string. If this is present then the "ip" and "ip_str" fields wont be.
port [Integer] The port number that the service is operating on.
timestamp [String] The timestamp for when the banner was fetched from the device in the UTC timezone. Example: "2014-01-15T05:49:56.283713"
hostnames [String[]] An array of strings containing all of the hostnames that have been assigned to the IP address for this device.
domains [String[]] An array of strings containing the top-level domains for the hostnames of the device. This is a utility property in case you want to filter by TLD instead of subdomain. It is smart enough to handle global TLDs with several dots in the domain (ex. "co.uk")
location [Object] An object containing all of the location information for the device.
location.area_code [Integer]The area code for the device's location. Only available for the US.
location.city [String] The name of the city where the device is located.
location.country_code [String] The 2-letter country code for the device location.
location.country_code3 [String] The 3-letter country code for the device location.
location.country_name [String] The name of the country where the device is located.
location.dma_code [Integer] The designated market area code for the area where the device is located. Only available for the US.
location.latitude [Double] The latitude for the geolocation of the device.
location.longitude [Double] The longitude for the geolocation of the device.
location.postal_code [String] The postal code for the device's location.
location.region_code [String] The name of the region where the device is located.
opts [Object] Contains experimental and supplemental data for the service. This can include the SSL certificate, robots.txt and other raw information that hasn't yet been formalized into the Banner Specification.
org [String] The name of the organization that is assigned the IP space for this device.
isp [String] The ISP that is providing the organization with the IP space for this device. Consider this the "parent" of the organization in terms of IP ownership.
os [String] The operating system that powers the device.
transport [String] Either "udp" or "tcp" to indicate which IP transport protocol was used to fetch the information
Optional Properties:
uptime [Integer] The number of minutes that the device has been online.
link [String] The network link type. Possible values are: "Ethernet or modem", "generic tunnel or VPN", "DSL", "IPIP or SIT", "SLIP", "IPSec or GRE", "VLAN", "jumbo Ethernet", "Google", "GIF", "PPTP", "loopback", "AX.25 radio modem".
title [String] The title of the website as extracted from the HTML source.
html [String] The raw HTML source for the website.
product [String] The name of the product that generated the banner.
version [String] The version of the product that generated the banner.
devicetype [String] The type of device (webcam, router, etc.).
info [String] Miscellaneous information that was extracted about the product.
cpe [String] The relevant Common Platform Enumeration for the product or known vulnerabilities if available. For more information on CPE and the official dictionary of values visit the CPE Dictionary.
SSL Properties:
If the service uses SSL, such as HTTPS, then the banner will also contain a property called "ssl":
ssl.cert [Object] The parsed certificate properties that includes information such as when it was issued, the SSL extensions, the issuer, subject etc.
ssl.cipher [Object] Preferred cipher for the SSL connection ssl.chain [Array] An array of certificates, where each string is a PEM-encoded SSL certificate. This includes the user SSL certificate up to its root certificate.
ssl.dhparams [Object] The Diffie-Hellman parameters if available: "prime", "public_key", "bits", "generator" and an optional "fingerprint" if we know which program generated these parameters. ssl.versions [Array] A list of SSL versions that are supported by the server. If a version isnt supported the value is prefixed with a "-". Example: ["TLSv1", "-SSLv2"] means that the server supports TLSv1 but doesnt support SSLv2.
So, if we wanted to only view the IP address, port number, organization name, and hostnames for the IP address, we could use — fields as such:
因此,如果我们只想查看IP地址的IP地址,端口号,组织名称和主机名,则可以使用-字段 ,例如:
~$ shodan search --fields ip_str,port,org,hostnames webcamxp 81.133.███.███ 8080 BT ████81-133-███-███.in-addr.btopenworld.com 74.218.███.██ 8080 Spectrum Business ████-74-218-███-██.se.biz.rr.com
208.83.██.███ 9206 Jo-ann Stores, LLC ████████████.joann.com 115.135.██.███ 8086 TM Net
137.118.███.███ 8080 Wilkes Communications 137-118-███-███.wilkes.net
218.161.██.██ 8080 HiNet 218-161-██-██.HINET-IP.hinet.net ... 92.78.██.███ 37215 Vodafone DSL ███-092-078-███-███.███.███.pools.vodafone-ip.de
85.157.██.███ 8080 Elisa Oyj ████████.netikka.fi
108.48.███.███ 8080 Verizon Fios ████-108-48-███-███.washdc.fios.verizon.net
(END)
Look through the results and find webcams you want to try out. Input their domain name into a browser and see if you get instant access. Here is an array of open webcams from various hotels in Palafrugell, Spain, that I was able to access without any login credentials:
浏览结果,找到要尝试的网络摄像头。 在浏览器中输入其域名,然后查看您是否可以立即访问。 这是来自西班牙帕拉弗鲁赫尔各家酒店的开放式网络摄像头,我可以在没有任何登录凭据的情况下访问这些摄像头:
演示地址
Although it can be fun and exciting to voyeuristically watch what’s going on in front of these unprotected security cameras, unbeknownst to people around the world, you probably want to be more specific in your search for webcams.
尽管偷窥这些不受保护的安全摄像机(发生在世界各地的人们不知道的事情)前发生的事情可能很有趣,但您可能希望在搜索网络摄像头时更加具体。
尝试使用默认用户名和密码 (Try Default Username & Passwords)
Although some of the webcams Shodan shows you are unprotected, many of them will require authentication. To attempt to gain access without too much effort, try the default username and password for the security camera hardware or software. I have compiled a shortlist of the default username and passwords of some of the most widely used webcams below.
尽管Shodan的某些网络摄像头显示您没有受到保护,但其中许多网络摄像头需要身份验证。 要尝试不费吹灰之力获得访问权限,请尝试使用安全摄像头硬件或软件的默认用户名和密码。 我已汇总了以下一些使用最广泛的网络摄像头的默认用户名和密码的清单。
ACTi: admin/123456 or Admin/123456
ACTi : 管理员/ 123456或管理员/ 123456
Axis (traditional): root/pass,
轴(传统) : 根/通过 ,
Axis (new): requires password creation during first login
轴(新) :首次登录时需要创建密码
Cisco: No default password, requires creation during first login
思科 :无默认密码,首次登录时需要创建
Grandstream: admin/admin
Grandstream : 管理员/管理员
IQinVision: root/system
IQinVision : 根/系统
Mobotix: admin/meinsm
Mobotix : admin / meinsm
Panasonic: admin/12345
松下 : admin / 12345
Samsung Electronics: root/root or admin/4321
三星电子 : root / root或admin / 4321
Samsung Techwin (old): admin/1111111
三星Techwin(旧) : 管理员/ 1111111
Samsung Techwin (new): admin/4321
三星Techwin(新) : 管理员/ 4321
Sony: admin/admin
索尼 : 管理员/管理员
TRENDnet: admin/admin
趋势网 : admin / admin
Toshiba: root/ikwd
东芝 : root / ikwd
Vivotek: root/
Vivotek : 根/ <空白>
WebcamXP: admin/
WebcamXP : 管理员/ <空白>
There is no guarantee that any of those will work, but many inattentive and lazy administrators simply leave the default settings in place. In those cases, the default usernames and passwords for the hardware or software will give you access to confidential and private webcams around the world.
无法保证其中任何一个都能正常工作,但是许多不专心和懒惰的管理员只是将默认设置保留在原地。 在这些情况下,硬件或软件的默认用户名和密码将使您能够访问全球的机密和私有网络摄像头。
步骤4:按地理位置搜索网络摄像头 (Step 4: Search for Webcams by Geography)
Now that we know how to find webcams and potentially log in to them using default usernames and passwords, let’s get more specific and try to find webcams in a specific geographical location. For example, if we were interested in webcams by the manufacturer WebcamXP in Australia, we could find them by typing webcamxp country:AU into the search box on Shodan’s website.
现在,我们知道了如何查找网络摄像头,并可能使用默认的用户名和密码登录到网络摄像头,让我们更具体一点,尝试在特定地理位置查找网络摄像头。 例如,如果我们对澳大利亚制造商WebcamXP感兴趣的网络摄像头,则可以通过在Shodan网站的搜索框中输入webcamxp country:AU来找到它们。
So how would we do an advanced search in the command line? Here’s a quick list of some of the things you can search for in Shodan via the command line:
那么我们如何在命令行中进行高级搜索呢? 以下是您可以通过命令行在Shodan中搜索的一些内容的快速列表:
after: Search by a timeframe delimiter for things after a certain date.
asn: Search by the autonomous system number.
before: Search by a timeframe delimiter for things before a certain date.
city: Search by the city where the device is located.
country: Search by the country where the device is located (two-letter code).
device: Search by the device or network's name.
devicetype: Search by the type of device (webcam, router, etc.). domain: Search an array of strings containing the top-level domains for the hostnames of the device.
geo: Search by the coordinates where the device is located.
hash: Search by the banner hash.
has_screenshot:true Search for devices where a screenshot is present.
hostname: Search by the hostname that has been assigned to the IP address for the device.
ip: Search by the IP address of the host as an integer.
ip_str: Search by the IP address of the host as a string.
ipv6: Search by the IPv6 address of the host as a string.
isp: Search by the ISP that is providing the organization with the IP space for the device. link: Search by the network link type. Possible values are: "Ethernet or modem", "generic tunnel or VPN", "DSL", "IPIP or SIT", "SLIP", "IPSec or GRE", "VLAN", "jumbo Ethernet", "Google", "GIF", "PPTP", "loopback", "AX.25 radio modem". net: Filter by network range or IP in CIDR notation.
port: Find devices based on the open ports/ software.
org: Search for devices that are on a specific organization's network.
os: Search by the operating system that powers the device.
state: Search by the state where the device is located (two-letter code).
title: Search by text within the title of the website as extracted from the HTML source.
So if we were to search webcamxp country:AU on the website directly, to do it from the command line, you would format as one of the ways below. However, if you’re not on a paid plan, you can’t use the Shodan API to perform detailed searches like we are trying to here. But you can still perform an advanced search on Shodan’s website, with the regular restrictions for free users.
因此,如果我们要直接在网站上搜索webcamxp country:AU ,并从命令行进行搜索, 则将采用以下一种方式进行格式化。 但是,如果您没有付费计划,则无法像我们在此处那样使用Shodan API进行详细搜索。 但是您仍然可以在Shodan的网站上进行高级搜索,但有免费用户的常规限制。
~$ shodan search webcamxp country:AU
~$ shodan search device:webcamxp country:AU
On the website, searching for webcamxp country:AU will pull up a list of every WebcamXP in Australia that is web-enabled in Shodan’s index, as shown below.
在网站上,搜索webcamxp country:AU将在Shodan的索引中列出澳大利亚所有启用了Web的WebcamXP的列表,如下所示。
步骤5:将网络摄像头的搜索范围缩小到城市 (Step 5: Narrow Your Search for Webcams to a City)
To be even more specific, we can narrow our search down to an individual city. Let’s see what we can find in Sydney, Australia, by typing webcamxp city:sydney into the website’s search bar. For the command line, it would look like one of the following commands — but it’s a paid-only feature with the API.
更具体地说,我们可以将搜索范围缩小到单个城市。 通过在网站的搜索栏中输入webcamxp city:syney ,来看看在澳大利亚悉尼可以找到的东西。 对于命令行,它看起来像以下命令之一-但它是API的仅付费功能。
~$ shodan search webcamxp city:sydney
~$ shodan search device:webcamxp city:sydney
On the Shodan website, the search yields the results below.
在Shodan网站上,搜索产生以下结果。
When we click on one of these links, we find ourselves in someone’s backyard in Sydney, Australia!
当我们单击这些链接之一时,我们发现自己在澳大利亚悉尼某人的后院!
步骤6:按经度和纬度查找网络摄像头 (Step 6: Find Webcams by Longitude & Latitude)
Shodan even enables us to be very specific in searching for web-enabled devices. In some cases, we can specify the longitude and latitude of the devices we want to find.
Shodan甚至使我们能够非常具体地搜索支持Web的设备。 在某些情况下,我们可以指定要查找的设备的经度和纬度。
In this case, we will be looking for WebcamXP cameras at the longitude and latitude (-37.81, 144.96) of the city of Melbourne, Australia. When we search, we get a list of every WebcamXP at those coordinates on the globe. We must use the keyword geo followed by the longitude and latitude. So in the search bar, use webcamxp geo: -37.81,144.96. On the command line interface, again, which is a paid feature, it’d look like one of these:
在这种情况下,我们将在澳大利亚墨尔本市的经度和纬度(-37.81,144.96)处寻找WebcamXP摄像机。 当我们搜索时,我们会获得地球上这些坐标处的每个WebcamXP的列表。 我们必须使用关键字geo,后跟经度和纬度。 因此,在搜索栏中,使用webcamxp geo:-37.81,144.96 。 同样,在命令行界面上,这是一项付费功能,看起来像其中之一:
~$ shodan search webcamxp geo:-37.81,144.96
~$ shodan search device:webcamxp geo:-37.81,144.96
When we get that specific, on Shodan’s website, it only finds four WebcamXP cameras. Click on one, and we can find that once again, we have a private webcam view of someone’s camera in their backyard in Melbourne, Australia.
当我们得到具体信息时,在Shodan的网站上,它只能找到四个WebcamXP摄像机。 单击一个,我们会再次发现,我们在澳大利亚墨尔本的后院有一个私人摄像头的私人摄像头视图。
步骤7:从命令行开始Shodan (Step 7: Shodan from the Command Line)
Something we can do from the command-line interface that we can’t from the website is search for information on a host. For instance, we can run the shodan myip command to print our external IP.
我们可以从命令行界面执行的一些操作,而我们无法从网站进行的操作是搜索主机上的信息。 例如,我们可以运行shodan myip命令来打印外部IP。
~$ shodan myip
174.███.██.███
Once we know it, we can search Shodan for information by running the host command.
一旦知道,我们可以通过运行host命令在Shodan中搜索信息。
~$ shodan host 174.███.██.███
174.███.██.███
Hostnames: cpe-174-███-██-███.socal.res.rr.com
Country: United States
Organization: Spectrum
Updated: 2019-08-02T23:04:59.182949
Number of open ports: 1
Ports: 80/tcp
Shodan是在网上发现设备的强大方法 (Shodan Is a Powerful Way to Discover Devices Across the Net)
I hope this short demonstration of the power Shodan gets your imagination stimulated for inventive ways you can find private webcams anywhere on the globe! If you’re too impatient to hunt down webcams on Shodan, you can use a website like Insecam to view accessible webcams you can watch right now. For instance, you can view all the WebcamXP cameras that have pictures.
希望通过简短的Shodan功能演示,激发您的想象力,以新颖的方式在全球任何地方都可以找到私有网络摄像头! 如果您太急躁而无法在Shodan上查找网络摄像头,则可以使用Insecam这样的网站来查看您现在可以观看的可访问网络摄像头。 例如,您可以查看所有带有图片的WebcamXP摄像机 。
Whether you use Shodan or an easier site such as Insecam to view webcams, don’t limit yourself to WebcamXP, but instead try each of the webcam manufacturers at a specific location, and who knows what you will find.
无论您使用Shodan还是更方便的网站(例如Insecam)查看网络摄像头,都不要局限于WebcamXP,而是尝试在特定位置的每个网络摄像头制造商,让他们知道您会发现什么。
I hope you enjoyed this guide to using Shodan to discover vulnerable devices. If you have any questions about this tutorial on using Shodan or have a comment, ask below or feel free to reach me on Twitter @KodyKinzie.
我希望您喜欢使用Shodan发现易受攻击的设备的指南。 如果您对使用Shodan的本教程有任何疑问或有任何评论,请在下面提问或随时通过Twitter @KodyKinzie与我联系 。
Don’t Miss: Stealing Wi-Fi Passwords with an Evil Twin Attack
不要错过: 通过一次邪恶的双次攻击来窃取Wi-Fi密码
Screenshots and GIF by Kody/Null Byte
屏幕快照和GIF,格式为Kody / Null Byte
Originally published at https://null-byte.wonderhowto.com on August 7, 2019.
最初于 2019年8月7日 发布在 https://null-byte.wonderhowto.com 。
翻译自: https://medium.com/@NullByteWht/how-to-find-vulnerable-webcams-across-the-globe-using-shodan-440591dccb01