Experience the ultimate flexibility with the Isolation API, allowing you to securely Quisque pellentesque id ultrices lacus ornare elit vitae ullamcorper. Learn More

You may have heard about Shodan on the evening news — as the webcam search engine of choice for creeps and criminals. What doesn't make the headlines: Its immense value as a powerful tool for cybersecurity professionals.


Does your business depend on remote workers connecting from home? Then IT may have opened Remote Desktop Protocol (RDP) to the internet. Many system administrators rely on RDP to perform remote maintenance.

The catch: web-borne attacks rely on it, too.

Case in point: Shodan.io, the "the world's first search engine for internet-connected devices," reports that of 70,000 devices it recently scanned using RDP, 8% remain wide open to the BlueKeep vulnerability baked into older Windows versions.

Think of it as the tip of the WFH exploit iceberg, because professional threat hunters use the Shodan search engine as their threat "radar" way beyond RDP. A new Flash Report by Authentic8 - titled What is Shodan? - now explains how your security team can leverage this tool.

How Shodan Works

In a nutshell (the Flash Report covers more details): Unlike Google, this search engine isn't looking mainly for keywords or filetypes. Instead, it is scanning and indexing the ports and services running on devices across the net.

With Shodan, it is possible to identify nearly any internet-connected device based on the information disclosed in its service banner - the detailed public "door sign", if you will - that the device presents to the internet. Shodan enables you to search based on a wide range of details, such as location, device types, firmware version, and much more.

Shodan homepage

What does Shodan find? You may be surprised.

Examples include industrial control systems running specific software, internet-of-things (IoT) devices like smart TVs, FTP servers with sensitive information, and even - go figure - Very Small Aperture Terminals (VSATs) on naval vessels.

Why your team may want to know? If that's your corporate boardroom webcam, ICS/SCADA device, database, or naval vessel, you want to find out first if it is vulnerable (due to design flaws, or simply negligence) to exploit - before the bad guys do.

What also worries many CISOs and other security professionals are the vulnerabilities introduced by all the unmanaged devices connected to home WiFi networks of employees and contractors with remote access to their company's critical data.

Spot Remote Work Exploits with Shodan

Here's one more related fact that should give any CISO and IT security team pause. Shodan reports that the number of RDP endpoints it found has jumped from only 3 million at the start of the year - before the rapid remote access expansion in many companies - to almost 4.4 million by the end of March 2020.

WATCH NOW: How to Use Shodan, an OSINT Training Video by Authentic8

For many teams who use Authentic8's Silo for Research to ensure secure and efficient cyber threat intelligence, Shodan has become a crucial tool in protecting their organization and its remote workforce.

Why Cybersecurity Teams Use Shodan

Recently on this blog, Larry Loeb examined the plethora of - too often useless - telework-related cybersecurity advice (Remote Work: Bad Cybersecurity Advice Galore). He also added what we consider "good advice."

Does your organization rely on remote work? You may want to add "use Shodan to find vulnerabilities" to the latter category. Not convinced yet? Check out what Techcrunch's Zack Whittacker found on his Shodan Safari.


About the Author

A8 Team
A8 Team
Contribution Team U.S.A.

Authentic8 Team is a group of cybersecurity enthusiasts, investigation sleuths, top-notch engineers, news junkies, policy wonks and all-around fervent writers hell-bent on bringing you the best darn blog in the industry. 

Related Resources

Flash Report
Flash Report

What is Shodan?

Get an overview of Shodan, a search engine for internet-connected devices, how it works and its uses in online investigations


OSINT live training by Authentic8: SHODAN

A detailed look into Shodan – a search engine for the IoT – and how it can be used for OSINT


21 OSINT research tools for threat intelligence

Authentic8 engineers curated a list of the 21 most widely used OSINT research tools for cybersecurity researchers, analysts and other security professionals