Home > Uncategorized > Using Shodanhq.com and FeedBurner to keep a public eye on your hosts

Using Shodanhq.com and FeedBurner to keep a public eye on your hosts

Shodan’s net: operator is limited by session cookie. However, Shodan results are available as XML and a few other ways for a fee, and I’m sure the net: operator is revealed through this. The net: operator is NOT available to the free RSS feed, so you shouldn’t expect RSS generated by queries with the net: operator to be able to be read by FeedBurner. In other words: This article doesn’t work, unless you can create your own RSS poller that feeds Shodan with whatever cookie bit it wants (with an HTTP GET). It’s also worth noting that John, from Shodan, got back to me and said he may enable something like leveraging the API key and allow users access to a few net: subnet queries for free. But we’ll wait and see.


Shodan is a search engine that crawls protocol (such as SIP, HTTP, FTP, SSH) headers, and other content and makes it available to users via a web interface and RESTful API.

I decided to look into it this passed weekend while researching Maltego, when I came across some videos of a talk the developers of FOCA gave at DEFCON 18.  I think I had seen Shodan previously, but never looked too deeply at it as it seems ripe for grayhattery which I don’t have time to participate in.

Although it’s not a vulnerability scanner, Shodan’s indexed contents will assist you in learning if you are publicly touting information that you may feel should be private.  In addition to some of the techniques described in the FOCA talks, you can easily use FeedBurner’s Email subscription feature to get daily digests of Shodan results, since Shodan offers an RSS feed.

Using Shodan:

Access Shodanhq.com and sign up for an account to gain access to the net: search query operator.  To monitor a subnet, enter the search syntax as follows: net:216.219.143.0/24.  The results can also be accessed via RSS as: http://www.shodanhq.com/search?feed=1&q=net%3A216.219.143.0%2F24.

Using FeedBurner:

You can easily use FeedBurner to receive “daily digests Emails” of updates to an RSS feed:
After signing up for FeedBurner service, you can simply access the main page and input the URL to the RSS feed you wish to subscribe.

For example:

http://www.shodanhq.com/search?feed=1&q=externaldomain.com
or
http://www.shodanhq.com/search?feed=1&q=net%3A216.219.143.0%2F24

In feed management click publicize, then Email Subscriptions on the left side menu, then click Activate.  On the following page you will see Subscription Form Code within you will find the subscription link, which you can access, enter your Email and, after receiving the confirmation Email, you will be subscribed to updates.

This is useful, in addition to Google Alerts, to make sure that you are not exposing private information to public.

Advertisements
  1. Paul Fletcher
    November 19, 2012 at 3:25 pm

    Excellent post but please permit me to make as comment, and don’t be offended by what I’m about to write.

    Every server I set up blocks a long list of vulnerability scanners including Shodan. I wouldn’t let it near any of my own websites, let alone a client’s.

    If you are confident of your ability to control it then all well and good but I think you would be very brave to do so.

    • November 19, 2012 at 3:28 pm

      Removed the spam URL. Leaving this comment here so that people can laugh at it.

  1. September 17, 2012 at 11:07 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: