Scribd
Upload
129 views4 pages

Shodan Dork Cheat Sheet

Uploaded by

hindoxita138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
129 views4 pages

Shodan Dork Cheat Sheet

Uploaded by

hindoxita138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

ENSA of Tangier – GCyB II

Shodan Dork Cheat Sheet

General Search Queries


city:"[city name]": Searches for devices in a specific city.
country:"[country code]": Searches for devices in a specific country.
geo:"[latitude],[longitude]": Searches for devices in a specific geographic location.
hostname:"[hostname]": Searches for devices with a specific hostname.
net:"[IP range]": Searches for devices within a specific IP range.
os:"[operating system]": Searches for devices with a specific operating system.
port:"[port number]": Searches for devices with a specific port.
org:"[organization name]": Searches for devices associated with a specific organization.
isp:"[internet service provider]": Finds devices using a specific internet service provider.
product:"[product name]": Searches for devices using a specific software or hardware
product.
version:"[version number]": Looks for devices running a specific version of software or
firmware.
has_screenshot:"true": Finds devices with available screenshots.
ssl.cert.subject.cn:"[common name]": Searches for SSL certificates with a specific common
name.
http.title:"[title text]": Looks for web pages with a specific title.
http.html:"[html content]": Searches for web pages containing specific HTML content.
http.status_code:[code]: Finds devices returning a specific HTTP status code.

PR. SBAYTRI YOUSSEF 2024-2025


ENSA of Tangier – GCyB II

ssl:"[SSL keyword]": Searches for devices with specific SSL configurations or details.
before:"[date]" / after:"[date]": Searches for devices that were online before or after a specific
date.

Specific Applications and Services


product:"[product name]": Searches for devices running a specific product.
version:"[version]": Searches for devices with a specific version number.
webcam: Searches for internet-connected webcams.
"default password": Searches for devices using default passwords.
"server: Apache": Finds servers specifically running the Apache web server.
ftp: Searches for devices with FTP services.
"X-Powered-By: PHP/[version]": Looks for servers running a specific version of PHP.
iis:[version number]: Finds servers running a specific version of Microsoft IIS.
"Server: nginx": Searches for devices running the Nginx server.
"MongoDB Server Information" port:27017: Finds MongoDB databases exposed on the
default port.
"CCTV": Internet-connected CCTV cameras.
"PBX VoIP": VoIP PBX systems.
"Elasticsearch": Elasticsearch servers.
"OpenSSL": Devices using OpenSSL.
"SCADA": SCADA systems.
"VoIP Phone": Internet-connected VoIP phones

Security Vulnerabilities and Weaknesses

vuln:"[CVE-ID]": Searches for security vulnerabilities with a specific CVE ID.


"200 OK" ssl: Searches for servers with SSL certificates that return a 200 OK response.
"Server: Apache" -"mod_ssl" -"OpenSSL": Finds Apache servers that might not be using SSL
encryption.
ssl.cert.expired:"true": Searches for devices with expired SSL certificates.
"heartbleed" vuln: Looks for vulnerabilities related to the Heartbleed bug.
http.component:"Drupal" vuln:"CVE-2018-7600″: Finds Drupal sites vulnerable to a specific
CVE.

PR. SBAYTRI YOUSSEF 2024-2025


ENSA of Tangier – GCyB II

"Authentication: disabled": Searches for devices with authentication disabled.


http.title:"Index of /": Finds directories with potentially open indexes.
ssl:"TLSv1″: Searches for devices using the older TLSv1 protocol.
org:"[organization]" vuln:"[CVE-ID]": Searches for vulnerabilities within a specific
organization’s infrastructure.
not ssl: Devices not using SSL.
udp: Devices with open UDP ports.
telnet: Devices accessible via Telnet.
"printer" "default password": Printers possibly using default passwords.
"IP camera" "default login": IP cameras with default login credentials.
org:"[organization]" vuln:"[CVE-ID]": Searches for vulnerabilities within a specific
organization.
"EternalBlue" vuln: Devices vulnerable to EternalBlue.
"Joomla" vuln: Joomla sites with specific vulnerabilities.
"WordPress" vuln: WordPress sites with specific vulnerabilities.
"SQL Injection" vuln: Devices vulnerable to SQL Injection.
"DDoS" vuln: Devices potentially vulnerable to DDoS attacks.

Example Complex Queries for Shodan

os:"Linux" port:"22″ "SSH" country:"JP"


Searches for Linux devices in Japan with SSH service running on port 22.
product:"Apache" version:"2.4.7" -"200 OK"
Looks for Apache servers running version 2.4.7 that do not return a 200 OK status.
city:"New York" os:"Windows" port:"3389″
Finds Windows devices with Remote Desktop Protocol (RDP) enabled in New York City.
net:"192.168.1.0/24" webcam
Searches for webcams within the IP range 192.168.1.0 to 192.168.1.255.
org:"Google" ssl cert:"expired"
Searches for expired SSL certificates on devices belonging to the organization "Google".
country:"DE" product:"MySQL" version:"5.5" "default password"
Looks for MySQL databases version 5.5 in Germany using default passwords

PR. SBAYTRI YOUSSEF 2024-2025


ENSA of Tangier – GCyB II

"HTTP/1.1 401 Unauthorized" city:"London" port:"80"


Finds devices in London returning a 401 Unauthorized status on HTTP port 80.
"Server: Apache" -"Apache-Coyote" country:"BR"
Searches for servers in Brazil running Apache but not Apache-Coyote.
hostname:"*.edu" vuln:"CVE-2019-11510"
Finds educational institutions’ hosts vulnerable to CVE-2019-11510.
"IIS/8.0" -"X-Powered-By" net:"205.251.192.0/18"
Searches for servers running IIS 8.0 without the "X-Powered-By" header in the specified IP
range.

PR. SBAYTRI YOUSSEF 2024-2025

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy