jake/jarv.is
jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-04-27 12:36:20 -04:00
Code Issues

add missing Shodan queries

Browse Source
This commit is contained in:
Jake Jarvis 2019-09-18 08:23:40 -04:00
parent df2cf24fdf
commit d2490efa39
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
content/notes/shodan-search-queries/images/mongo-express.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 85 KiB

27
content/notes/shodan-search-queries/index.md
View File

@ -1,6 +1,6 @@
---
title: "Fascinating & Frightening Shodan Search Queries (AKA: The Internet of Sh*t)"
date: 2019-07-11 12:05:32-0400
date: 2019-09-18 08:20:32-0400
description: "I've collected some interesting and scary search queries for Shodan, the internet-of-things search engine. Some return fun results, while others return serious vulnerabilities."
tags:
- Infosec
@ -137,6 +137,13 @@ Shodan made a pretty sweet [Ship Tracker](https://shiptracker.shodan.io/) that m
![Example: Maritime Satellites](images/sailor-vsat.png)
### Submarine Mission Control Dashboards [🔎 →](https://www.shodan.io/search?query=title%3A%22Slocum+Fleet+Mission+Control%22)
```
title:"Slocum Fleet Mission Control"
```
### [CAREL PlantVisor](https://www.carel.com/product/plantvisor) Refrigeration Units [🔎 →](https://www.shodan.io/search?query=%22Server%3A+CarelDataServer%22+%22200+Document+follows%22)
```
@ -256,6 +263,17 @@ Older versions were insecure by default. [Very scary.](https://krebsonsecurity.c
![Example: MongoDB](images/mongo.png)
### [Mongo Express](https://github.com/mongo-express/mongo-express) Web GUI [🔎 →](https://www.shodan.io/search?query=%22Set-Cookie%3A+mongo-express%3D%22+%22200+OK%22)
Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/vendor_id-784/Phpmyadmin.html) but for MongoDB.
```
"Set-Cookie: mongo-express=" "200 OK"
```
![Example: Mongo Express GUI](images/mongo-express.png)
### Jenkins CI [🔎 →](https://www.shodan.io/search?query=%22X-Jenkins%22+%22Set-Cookie%3A+JSESSIONID%22+http.title%3A%22Dashboard%22)
```
@ -421,6 +439,13 @@ Specifically domain controllers: [🔎 →](https://www.shodan.io/search?qu
```
### FTP Servers with Anonymous Login [🔎 →](https://www.shodan.io/search?query=%22220%22+%22230+Login+successful.%22+port%3A21)
```
"220" "230 Login successful." port:21
```
### Iomega / LenovoEMC NAS Drives [🔎 →](https://www.shodan.io/search?query=%22Set-Cookie%3A+iomega%3D%22+-%22manage%2Flogin.html%22+-http.title%3A%22Log+In%22)
```