this morning I discovered this amazing Computer Search Engine: SHODAN
SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning.
Lets say you want to find servers running the 'Apache' web daemon. A simple attempt would be to use:
apache
How about finding only apache servers running version 2.2.3?
apache 2.2.3
You can also narrow down the results using the following search parameters:
country:2-letter country code
hostname:full or partial host name
net:IP range using CIDR notation (ex: 18.7.7.0/24 )
port:21, 22, 23 or 80
For example: get all web (port:80) hosts running 'apache' in switzerland (country:CH) that also have '.ch' in any of their domain names:
apache country:CH port:80 hostname:.ch
Just for the shake of hackers lets try some examples:
1) List of backdoor shell (try-it)
2) Bad Telnet Services (try-it)
3) List of old IIS 4.0, very bad... (try-it)
Now, I strongly believe in next few days a lot of systems will be compromised. With this service attackers will find vulnerable random services/servers, that is the manna for script kiddies.
One question comes out .... It will change the attack paradigm ? At the beginning of the attack's history, attackers hit the target only for particular reasons such as: politics, personal, money and so forth. Now attackers may want to attack some targets only because it's vulnerable to something, without any true reasons, only for the shake to attack something. This will be a huge paradigm shift.
