Your second method is not secure. Your domain might be obscure, but the IP address of the server is not, so it doesn't matter. Websites such as https://shodan.io exist, if you fancy finding some OctoPrint instances exposed to the internet. If people don't add extra security their webcams are exposed to the world without even OctoPrint's login, so just don't do it. - Source: Reddit / 1 day ago
I back this recommendation. If for any reason you need to keep 443 open, I advise that you install an intrusion detection system such as Crowdsec in addition. Also, give a look at shodan.io for your ip and check for the detected vulnerabilities. - Source: Reddit / 15 days ago
I've heard of people going to shodan.io and sending warnings just like this. - Source: Reddit / about 1 month ago
The easiest way of determining what you are exposing, short of an online portscan, is probably entering your IP address into shodan.io. - Source: Reddit / about 1 month ago
Not sure how many ppl that would ddos would use the minecraft ping system for that XD but yeah honestly this is kinda normal I get this all the time; it only gets worse the more players you have. Or if your put into a list like ones on shodan.io. - Source: Reddit / about 1 month ago
You can! Also detect if it's a public IP and use Shodan.io to display "offline" port-scans which is a cool idea. I played around with this for RustScan, something like "hey user, shodan.io scanned this server 2 days ago. Do you want to see what ports they reported were open without scanning?". - Source: Reddit / about 1 month ago
Nmap, zenmap (gui), and angryIP are my GoTos for internal networks. If you want external networks - shodan.io is good. - Source: Reddit / about 2 months ago
Everything the others have said + also use https://securityheaders.com/ & shodan.io if you haven't already to see if there is anything obvious. - Source: Reddit / 2 months ago
Meh, a bored ape could do the same with shodan.io or google if given enough time to comb through data. - Source: Reddit / 2 months ago
Door Open: There's a website called shodan.io ... Go crazy. lol. You can look at security cams, etc. All because they didn't put controls in place. - Source: Reddit / 2 months ago
That said, if you check services like shodan.io (which scans the internet for accessible IoT devices, among other things) you'll notice that many of them are wide open to the public and you can often simply connect using VideoLAN and watch people doing shit in their living room -- you know, like staring lifelessly at a box of light, clipping their toe nails, staring at their phone or generally doing their best to... - Source: Reddit / 3 months ago
I remember shodan.io setting up honeypot NTP servers and adding them to the public NTP pool (pool.ntp.org). They would log all source IP addresses and feed them into their automated scanners, which would give them a decent list of recently active machines, as most OSes automatically reach out to NTP servers to sync their clocks. - Source: Reddit / 3 months ago
Try looking it up on something like shodan.io , to see if the open port is actually exposed. - Source: Reddit / 3 months ago
You'll eventually show up on shodan.io. - Source: Reddit / 3 months ago
Or you can go to shodan.io and search vuln:CVE-2019-0708 and exploit the BlueKeep vulnerability and then you have your own botnet. You might have to do other things along the way, but it probably won't be too hard if you know what you are doing. - Source: Reddit / 4 months ago
Testing from WAN side I believe the ports are being blocked as I can't access anything. However shodan.io indicates port 80 and 443 are open. - Source: Reddit / 4 months ago
And my last question, how influential is shodan.io for IoT attacks? Thankyou :). - Source: Reddit / 5 months ago
In some you can pan tilt and move the camera, which is neat. Also some people use shodan.io to find these too, although it is a bit complex for beginners. You can use https://www.exploit-db.com/ too. http://68.231.64.215:8080/frame.html?src=1&mode=0&width=320&height=240 this one is inside someones house, right now it is a middle aged watching tv. - Source: Reddit / 6 months ago
The actual "easiest" way (at least for me) to bypass Cloudflare is to find the actual IP of the web-server running behind it. Of course in a lot of cases it's not possible, for example when the web admin correctly limits the webserver to only respond to Cloudflare IP ranges, or if https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/ is used. Most useful services for that are https://shodan.io/ and... - Source: Hacker News / 6 months ago
If you have a server with an exposed port and ssh running, look it up on shodan.io. - Source: Reddit / 6 months ago
Lol you've not seen https://shodan.io. - Source: Reddit / 7 months ago
Do you know an article comparing Shodan to other products?
Suggest a link to a post with product alternatives.