My Favourite 10 Shodan Dorks
If you don't know what is Shodan, I would say just go to shodan.io first. It is one of the best search engines for hackers.
💡
If you don't know what is Shodan, I would say just go to shodan.io first. It is one of the best search engines for hackers.
Find API Keys in HTML Body
http.html:"xoxb-" // Slack
http.html:"AKIA" // AWS
http.html:"AIza" // Google Maps
Find all Grafana Dashboards using the website's title
http.title:"Grafana"
Open and Login Successful FTP Ports
org:orgName port:21 "230 Login Successful"
FTP Anonymous Login
230 'anonymous@' login ok org:organization-name
Find targets using ASN (Autonomous System Number)
asn:AS63293
💡
Free Service to get ASN for an organization
https://bgp.he.net
Search using favicon hashes
http.favicon.hash:81586312
List of favicon hashes: https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
Increase attack surface with SSL certificate
ssl.cert.subject.cn:apple.comssl.cert.issuer.cn:apple.com
Find the WordPress wp-config.php configuration file
http.html:"The wp-config.php creation script uses this file"
Find a particular backend component
http.component:AngularJS org:organization-name
Public Directory Listing
http.title:"Index Of /"
http.title:"Index Of /admin"
http.title:"Directory Listing" org:organization-name
Happy Hacking  !!