ShodanHQ Queries For Penetration Tester
Have you ever heard SHODAN Search Engine?
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
SHODAN also lets you use boolean operators (‘+’, ‘-’ and ‘|’) to include/ exclude certain terms. By default, every search term has a ‘+’ operator assigned to it.
In addition to boolean operators, there are special filters to narrow down the search results.
Black <at pentestit.com> has already collect some queries and you can find it here.
We try to collect SHODAN queries related to vulnerable servers, systems, and applications. Hopefully, it will updated daily
ShodanHQ Exploits Search Engine
For those who want to search a vulnerable version of applications during vulnerability assessment or penetration testing, take a look at ShodanHQ new feature, a ShodanHQ Exploits Search Engine.
It support CVE, OSVDB, Security Focus BID, Microsoft Security Bulletin(MSB), and Exploit-DB. Just input the application, device, brand, or version and it will give you the result immediately. This will help pentester or auditor save their time.
Click the image above or for the paranoid (double check the link?), take a look at http://www.shodanhq.com/exploits