Shodan
SANS ISC Diary - Hunting phishing websites with favicon hashes
· β˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how HTTP favicon hashes may be used to identify IP addresses hosting phishing websites…

Open ports statistics for Q1 2021
· β˜• 2 min read
The first quarter of 2020 is behind us, which means it's time for another look at some of the interesting ports accessible on public IPs. This time however, we will take a look at how the internet as a whole changed during the past 3 months, but also at specific changes related to support of different versions of SSL and TLS...

TriOp update - version 1.1
· β˜• 2 min read
I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters...

TriOp - Tool for quickly gathering statistical information from Shodan.io
· β˜• 2 min read
TriOp is a tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries. Generally, it may be useful to security researchers who wish to use data gathered from Shodan over time as a part of their research (e.g. to show how number of systems exposing remote access protocols to the internet changed as a reaction to new movement restrictions connected to the Covid-19 pandemic) and to CSIRTs, especially national ones, that wish to monitor their constituencies for changes and/or vulnerabilities, but lack the technical tooling that would enable them to periodically scan all of their external IP ranges.

Open ports statistics for 2020
· β˜• 2 min read
The last quarter of 2020 is behind us, which means it's time for another look at some of the interesting ports accessible on public IPs. This time however, we will take a look at how the internet changed during the whole of 2020, not just at the past 3 months...

Most common vulnerabilities based on Shodan scans
· β˜• 3 min read
My recent post on the Internet Storm Center website about the surprisingly high number of systems still affected by critical vulnerabilities, which have been patched for a long time, received quite a positive feedback. I have consequently decided to take a look at the issue in a more comprehensive manner and since I didn’t know, which vulnerabilities Shodan was able to detect, I’ve used my TriOp tool to gather data for all of the approximately 190k CVEs ever published. After couple of days the script took to run, I have the results and they are quite interesting…