Shodan

Explore how Shodan indexes internet-connected devices and can be used for open-source intelligence during web application penetration testing. Learn to perform targeted searches using filters, identify default credentials, analyze server metadata, and employ the Shodan CLI with API access. Understand best practices for safely gathering and utilizing this information to assess security risks and improve configurations.

We'll cover the following...

Introduction to Shodan
Using Shodan in pentesting

Introduction to Shodan

Shodan is a web application search engine that indexes nearly every device directly connected to the internet. Therefore, it’s a no-brainer that it’s used also as an OSINT tool in the penetration of web application frameworks. Shodan works like other search engines, such as Google, that help in indexing information that’s searched by different users across the internet. However, Shodan scans for every available port on the internet instead of just scanning for websites. This means it looks for every available IP address trying to identify whether it’s open and available. It can be used to check for open webcams, vulnerable websites, insecure satellites, and much more.

Note: For extensive use of Shodan, both in the pentesting field and ...

1.Introduction to the Course

2.Introduction to Linux

3.Introduction to Python

4.Web and Server Technology

5.Network Management and Analysis

6.Open-Source Intelligence

7.Cross-Site Scripting

8.SQL Injection

9.Authentication and Authorization

10.Cross-Site Request Forgery

11.Social Engineering Attacks

12.Broader Security Concepts

13.Wrapping Up

Shodan

Introduction to Shodan