Transform OSINT sources such as shodan, bgpview & urlscan into templates which you can use to query & store any and each of the API endpoints they provide. Source: 10 months ago
I'm a little surprised you're asking this but as you don't know - if you set the rulebase correctly, you won't get hammered by "public". A lot of people (of course not people here) don't do that which is why shodan.io is full of servers with SSH exposed to the world. Source: 10 months ago
Eh, request a full demo before signing anything. If they make you buy before you can try, move on. Just be advised that data they collect from your site may be used in a database that puts a target on your back. Similar to how shodan.io works. I would probe them on how they handle customer data and if data is shared, partitioned, or isolated to ensure safety from a platform leak. They want to be a security... Source: 10 months ago
My network is being hit by China and Russia many times per hour. Make sure your firewall is up-to-date and not have any services available on the Internet (WAN). Look at shodan.io which shows you _everything_ is searched on the Internet. Source: 10 months ago
In the cases of nginx or apache, I suspect they may be acting as proxies to some backend that also chooses not to send a reason phrase back. Searching for "Reason Phrase" yields a number of bug reports/frameworks that may omit it, and shodan.io shows apache tomcat and a few other services/software that omit the code as well. Source: 11 months ago
If you really want to shake your nerves, seach for accidental wide open heimdall installs on shodan.io. Source: 12 months ago
Shodan.io is part of our toolkit, works well. Source: 12 months ago
This is not security. There are other Internet-wide scanners out there (Shodan is a great example). Source: 12 months ago
Snake oil security like changing ports for ssh do absolutely nothing in practice, as services like shodan.io exist. Using SSH-Key only increases your security if you use weak passwords and make it easier to avoid miss configuration of your server. But if you're using a strong password it's basically the same. Source: 12 months ago
I get scanned all the time by bots like everyone else. 99.9% of it is just noise. You could also just search for your public IP on shodan.io to see if it shows up. Mine doesn't, I check every once in a while. Source: 12 months ago
When it comes to random connections on a public facing server? Its not to bad; I think the worst I had was about a year ago; almost 80-90k requets in a day but I was on shodan.io with a honeypot at that point. Source: about 1 year ago
The Axis of Evil including China has taken over Google Home as black hat hackers have implemented APTS in devices they detect online when using shodan.io. Rampant vulnerabilities are beginning to be show the tips of their icebergs. When performing a Wireshark, you can see the action live on the wire. Source: about 1 year ago
There are several sites that can give you useful information for this. For example, databases like Shodan and Censys, or tools like CloudFlair and CloudPeler, might show some of their internals. Not all targets will appear there, and many won't have any useful entries, but some might have their data exposed. - Source: dev.to / about 1 year ago
Your second method is not secure. Your domain might be obscure, but the IP address of the server is not, so it doesn't matter. Websites such as https://shodan.io exist, if you fancy finding some OctoPrint instances exposed to the internet. If people don't add extra security their webcams are exposed to the world without even OctoPrint's login, so just don't do it. Source: about 1 year ago
I back this recommendation. If for any reason you need to keep 443 open, I advise that you install an intrusion detection system such as Crowdsec in addition. Also, give a look at shodan.io for your ip and check for the detected vulnerabilities. Source: about 1 year ago
I've heard of people going to shodan.io and sending warnings just like this. Source: about 1 year ago
The easiest way of determining what you are exposing, short of an online portscan, is probably entering your IP address into shodan.io. Source: about 1 year ago
Not sure how many ppl that would ddos would use the minecraft ping system for that XD but yeah honestly this is kinda normal I get this all the time; it only gets worse the more players you have. Or if your put into a list like ones on shodan.io. Source: about 1 year ago
You can! Also detect if it's a public IP and use Shodan.io to display "offline" port-scans which is a cool idea. I played around with this for RustScan, something like "hey user, shodan.io scanned this server 2 days ago. Do you want to see what ports they reported were open without scanning?". Source: about 1 year ago
Nmap, zenmap (gui), and angryIP are my GoTos for internal networks. If you want external networks - shodan.io is good. Source: about 1 year ago
Everything the others have said + also use https://securityheaders.com/ & shodan.io if you haven't already to see if there is anything obvious. Source: over 1 year ago
Do you know an article comparing Shodan to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Shodan. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.