From 22c0ced97cc89c4ac7cc3f7cedd87fd40c1598d9 Mon Sep 17 00:00:00 2001 From: Jake Jarvis Date: Thu, 25 Apr 2019 14:04:28 -0400 Subject: [PATCH] shodan post more links --- content/notes/shodan-search-queries/index.md | 22 +-- netlify.toml | 141 +++++++++++++++++++ 2 files changed, 152 insertions(+), 11 deletions(-) create mode 100644 netlify.toml diff --git a/content/notes/shodan-search-queries/index.md b/content/notes/shodan-search-queries/index.md index 28d88a05..c753a71a 100644 --- a/content/notes/shodan-search-queries/index.md +++ b/content/notes/shodan-search-queries/index.md @@ -56,7 +56,7 @@ The world and its devices are quickly becoming more connected through the shiny ![Example: Electronic Billboards](images/billboard2.png) -### Gas Station Pump Inventories [→](https://www.shodan.io/search?query=%22in-tank+inventory%22+port%3A10001) +### Gas Station Pump Controllers [→](https://www.shodan.io/search?query=%22in-tank+inventory%22+port%3A10001) ``` "in-tank inventory" port:10001 @@ -109,14 +109,14 @@ http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 ``` -### Nordex Wind Turbine Farms [→](https://www.shodan.io/search?query=http.title%3A%22Nordex+Control%22+%22Windows+2000+5.0+x86%22+%22Jetty%2F3.1+%28JSP+1.1%3B+Servlet+2.2%3B+java+1.6.0_14%29%22) +### [Nordex Wind Turbine](http://www.nordex-online.com/en/products-services/wind-turbines.html) Farms [→](https://www.shodan.io/search?query=http.title%3A%22Nordex+Control%22+%22Windows+2000+5.0+x86%22+%22Jetty%2F3.1+%28JSP+1.1%3B+Servlet+2.2%3B+java+1.6.0_14%29%22) ``` http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)" ``` -### [C4 Max](https://www.mobile-devices.com/our-products/c4-max/) Vehicle GPS Trackers [→](https://www.shodan.io/search?query=%22%5B1m%5B35mWelcome+on+console%22) +### [C4 Max](https://www.mobile-devices.com/our-products/c4-max/) Commercial Vehicle GPS Trackers [→](https://www.shodan.io/search?query=%22%5B1m%5B35mWelcome+on+console%22) ``` "[1m[35mWelcome on console" @@ -125,7 +125,7 @@ http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet ![Example: C4 Max Vehicle GPS](images/c4max.png) -### DICOM Medical X-Ray Machines [→](https://www.shodan.io/search?query=%22DICOM+Server+Response%22+port%3A104) +### [DICOM](https://www.dicomstandard.org/about/) Medical X-Ray Machines [→](https://www.shodan.io/search?query=%22DICOM+Server+Response%22+port%3A104) Secured by default, thankfully, but these 1,700+ machines still [have no business](https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf) being on the internet. @@ -282,7 +282,7 @@ PBX "gateway console" -password port:23 ``` -### Polycom Video Conferencing [→](https://www.shodan.io/search?query=http.title%3A%22-+Polycom%22+%22Server%3A+lighttpd%22) +### [Polycom](https://www.polycom.com/hd-video-conferencing.html) Video Conferencing [→](https://www.shodan.io/search?query=http.title%3A%22-+Polycom%22+%22Server%3A+lighttpd%22) ``` http.title:"- Polycom" "Server: lighttpd" @@ -297,7 +297,7 @@ Telnet Configuration: [→](https://www.shodan.io/search?query=%22Polycom+C ![Example: Polycom Video Conferencing](images/polycom.png) -### Bomgar Help Desk Portal [→](https://www.shodan.io/search?query=%22Server%3A+Bomgar%22+%22200+OK%22) +### [Bomgar Help Desk](https://www.beyondtrust.com/remote-support/integrations) Portal [→](https://www.shodan.io/search?query=%22Server%3A+Bomgar%22+%22200+OK%22) ``` "Server: Bomgar" "200 OK" @@ -402,14 +402,14 @@ Redirecting sencha port:9000 ![Example: Logitech Media Servers](images/logitech.png) -### Plex Media Servers [→](https://www.shodan.io/search?query=%22X-Plex-Protocol%22+%22200+OK%22+port%3A32400) +### [Plex](https://www.plex.tv/) Media Servers [→](https://www.shodan.io/search?query=%22X-Plex-Protocol%22+%22200+OK%22+port%3A32400) ``` "X-Plex-Protocol" "200 OK" port:32400 ``` -### PlexPy / Tautulli Dashboards [→](https://www.shodan.io/search?query=%22CherryPy%2F5.1.0%22+%22%2Fhome%22) +### [Tautulli / PlexPy](https://github.com/Tautulli/Tautulli) Dashboards [→](https://www.shodan.io/search?query=%22CherryPy%2F5.1.0%22+%22%2Fhome%22) ``` "CherryPy/5.1.0" "/home" @@ -531,7 +531,7 @@ ssl:"Xerox Generic Root" ``` -### Crestron Smart Home Controllers [→](https://www.shodan.io/search?query=%22Model%3A+PYNG-HUB%22) +### [Crestron Smart Home](https://www.crestron.com/Products/Market-Solutions/Residential-Solutions) Controllers [→](https://www.shodan.io/search?query=%22Model%3A+PYNG-HUB%22) ``` "Model: PYNG-HUB" @@ -570,7 +570,7 @@ http.title:"Index of /" http.html:".pem" ``` -### Literally Everything in North Korea 🇰🇵 [→](https://www.shodan.io/search?query=net%3A175.45.176.0%2F22%2C210.52.109.0%2F24) +### Literally [Everything](https://www.vox.com/2014/12/22/7435625/north-korea-internet) in North Korea 🇰🇵 [→](https://www.shodan.io/search?query=net%3A175.45.176.0%2F22%2C210.52.109.0%2F24) ``` net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24 @@ -579,7 +579,7 @@ net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24 ### TCP Quote of the Day [→](https://www.shodan.io/search?query=port%3A17+product%3A%22Windows+qotd%22) -[RFC 865](https://tools.ietf.org/html/rfc865) has a [bizarre history](https://en.wikipedia.org/wiki/QOTD)... +Port 17 ([RFC 865](https://tools.ietf.org/html/rfc865)) has a [bizarre history](https://en.wikipedia.org/wiki/QOTD)... ``` port:17 product:"Windows qotd" diff --git a/netlify.toml b/netlify.toml new file mode 100644 index 00000000..ae080ce7 --- /dev/null +++ b/netlify.toml @@ -0,0 +1,141 @@ + +[build] + command = "hugo --gc" + publish = "public/" + + +[context.production.environment] + HUGO_VERSION = "0.53" + HUGO_ENV = "production" + HUGO_ENABLEGITINFO = "true" + +[[headers]] + # Define which paths this specific [[headers]] block will cover. + for = "/*" + + [headers.values] + Cache-Control = "max-age=3600, public" + X-Frame-Options = "SAMEORIGIN" + X-XSS-Protection = "1; mode=block; report=https://jarvis.report-uri.com/r/d/xss/enforce" + Content-Security-Policy = "default-src 'none'; script-src 'self' stats.jarv.is 'sha256-QwZM+dNl2R1KcXo8ORmpT3mqAVwIBbEcJBmWYurBNv4='; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; object-src 'self'; media-src 'self'; base-uri 'none'; form-action 'self'; frame-src 'self'; frame-ancestors 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com stats.jarv.is; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default" + Report-To = "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://jarvis.report-uri.com/a/d/g\"}]}" + NEL = "{\"report_to\":\"default\",\"max_age\":604800}" + X-Content-Type-Options = "nosniff" + Referrer-Policy = "same-origin" + X-DNS-Prefetch-Control = "off" + X-UA-Compatible = "IE=edge" + X-Permitted-Cross-Domain-Policies = "none" + Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; sync-xhr 'none'; payment 'none'; usb 'none'; vr 'none'" + + + + + +# Content-Type and Cache-Control + +[[headers]] + for = "*.ico" + [headers.values] + Content-Type = "image/x-icon" + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.svg" + [headers.values] + Content-Type = "image/svg+xml" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.ttf" + [headers.values] + Content-Type = "font/ttf" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.otf" + [headers.values] + Content-Type = "font/otf" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.eot" + [headers.values] + Content-Type = "application/vnd.ms-fontobject" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.woff" + [headers.values] + Content-Type = "font/woff" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.woff2" + [headers.values] + Content-Type = "font/woff" + Cache-Control = "max-age=2628000, public" + +[[headers]] + for = "*.xml" + [headers.values] + Content-Type = "text/xml" + Cache-Control = "max-age=3600, public" + +[[headers]] + for = "*.mp4" + [headers.values] + Content-Type = "video/mp4" + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.webm" + [headers.values] + Content-Type = "video/webm" + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.docx" + [headers.values] + Content-Type = "application/vnd.openxmlformats-officedocument.wordprocessingml.document" + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.pdf" + [headers.values] + Content-Type = "application/pdf" + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.css" + [headers.values] + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.js" + [headers.values] + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.jpg" + [headers.values] + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.png" + [headers.values] + Cache-Control = "max-age=604800, public" + +[[headers]] + for = "*.gif" + [headers.values] + Cache-Control = "max-age=604800, public" + + + + +[[headers]] + for = "/jarvis.asc" + [headers.values] + Content-Type = "text/plain; charset=utf-8" + Content-Disposition = "inline; filename=\"jarvis.asc\"" + Cache-Control = "max-age=0, no-store, no-cache, must-revalidate" \ No newline at end of file