Shodan
Open ports statistics for Q3 2021
· β˜• 2 min read
Only the last three months remain until the end of 2021, which means it's time for a look at how the internet as a whole changed in the third quarter of the year...

Open ports statistics for Q2 2021
· β˜• 2 min read
The first half of 2020 is behind us, which means it's time for a look at how the internet as a whole changed during the past 3 months...

SANS ISC Diary - Hunting phishing websites with favicon hashes
· β˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how HTTP favicon hashes may be used to identify IP addresses hosting phishing websites…

Open ports statistics for Q1 2021
· β˜• 2 min read
The first quarter of 2020 is behind us, which means it's time for another look at some of the interesting ports accessible on public IPs. This time however, we will take a look at how the internet as a whole changed during the past 3 months, but also at specific changes related to support of different versions of SSL and TLS...

TriOp update - version 1.1
· β˜• 2 min read
I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters...

TriOp - Tool for quickly gathering statistical information from Shodan.io
· β˜• 2 min read
TriOp is a tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries. Generally, it may be useful to security researchers who wish to use data gathered from Shodan over time as a part of their research (e.g. to show how number of systems exposing remote access protocols to the internet changed as a reaction to new movement restrictions connected to the Covid-19 pandemic) and to CSIRTs, especially national ones, that wish to monitor their constituencies for changes and/or vulnerabilities, but lack the technical tooling that would enable them to periodically scan all of their external IP ranges.