|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
Do you know Shodan?
Post 302469362 by Linux Bot on Friday 5th of November 2010 04:15:01 PM
11-05-2010
Do you know Shodan?
Wellcome to Shodan.
If you're thinking "What on Earth is it?", please read the lines below. If you're already familiar with, move to the next Section.
So here's the basic: SHODAN (Sentient Hyper-Optimized Data Access Network) is a search engine, but instead of indexing web page content, it indexes banners information. It indexes data on HTTP, SSH, FTP, TELNET and SNMP services for almost the whole Internet. You can find it at http://www.shodanhq.com.
You can do basic searching for free. An account and credit are required for some features.
What can I do with it?
A lot of things.
For good and for worst.
Per example, you can ask for network devices that shows up banner information (routers, switches, printers, voip phones, etc). Tunning your filter and you can find devices without authentication or with default passwords (a lot of them, on a lot of places).
You can find out vulnerable systems. Where they are, who owns it.
And you can do it easily. Shodan is like "Google" for network scanning.
Of course, you can use Shodan to track vulnerable/exposed system or devices on your network and work to close the breaches.
Is it legal?
A controversial point.
If we look on terms of technical arguments, SHODAN is a massive port scanner and the precedent set is that port scanning is not a violation of the Computer Fraud and Abuse Act because it does not meet the requirement for damage the availability or integrity of the device.
But, of course someone can use it to dig information about a certain network to start an attack.
I believe this is more an "is it moral or not?", than a "is it legal or not?" case.
Conclusion
There's plenty on documents and presentations over the Internet (on this case, Google will help a lot) so it's pointless here to focus on how to use Shodan.
But, I'll gibe you and advice.
Check your network against Shodan just in case.
It can solve a lot of pain in the future
Best Regards
More...
If you're thinking "What on Earth is it?", please read the lines below. If you're already familiar with, move to the next Section.
So here's the basic: SHODAN (Sentient Hyper-Optimized Data Access Network) is a search engine, but instead of indexing web page content, it indexes banners information. It indexes data on HTTP, SSH, FTP, TELNET and SNMP services for almost the whole Internet. You can find it at http://www.shodanhq.com.
You can do basic searching for free. An account and credit are required for some features.
What can I do with it?
A lot of things.
For good and for worst.
Per example, you can ask for network devices that shows up banner information (routers, switches, printers, voip phones, etc). Tunning your filter and you can find devices without authentication or with default passwords (a lot of them, on a lot of places).
You can find out vulnerable systems. Where they are, who owns it.
And you can do it easily. Shodan is like "Google" for network scanning.
Of course, you can use Shodan to track vulnerable/exposed system or devices on your network and work to close the breaches.
Is it legal?
A controversial point.
If we look on terms of technical arguments, SHODAN is a massive port scanner and the precedent set is that port scanning is not a violation of the Computer Fraud and Abuse Act because it does not meet the requirement for damage the availability or integrity of the device.
But, of course someone can use it to dig information about a certain network to start an attack.
I believe this is more an "is it moral or not?", than a "is it legal or not?" case.
Conclusion
There's plenty on documents and presentations over the Internet (on this case, Google will help a lot) so it's pointless here to focus on how to use Shodan.
But, I'll gibe you and advice.
Check your network against Shodan just in case.
It can solve a lot of pain in the future
Best Regards
More...
|
|
LEARN ABOUT PHP
httppower
httppower(8) powerman httppower(8) NAME
httppower - communicate with HTTP based power distribution units SYNOPSIS
httppower [--url URL] DESCRIPTION
httppower is a helper program for powerman which enables it to communicate with HTTP based power distribution units. It is run interac- tively by the powerman daemon. OPTIONS
-u, --url URL Set the base URL. INTERACTIVE COMMANDS
The following commands are accepted at the httppower> prompt: auth user:pass Authenticate to the base URL with specified user and password, using ``basic'' HTTP authentication which sends the user and password over the network in plain text. seturl URL Set the base URL. Overrides the command line option. get [URL-suffix] Send an HTTP GET to the base URL with the optional URL-suffix appended. post [URL-suffix] key=val[&key=val]... Send an HTTP POST to the base URL with the optional URL-suffix appended, and key-value pairs as argument. FILES
/usr/sbin/httppower /etc/powerman/powerman.conf ORIGIN
PowerMan was originally developed by Andrew Uselton on LLNL's Linux clusters. This software is open source and distributed under the terms of the GNU GPL. SEE ALSO
powerman(1), powermand(8), httppower(8), plmpower(8), vpcd(8), powerman.conf(5), powerman.dev(5), powerman-devices(7). http://sourceforge.net/projects/powerman powerman-2.3.5 2009-02-09 httppower(8)