{"id":1095,"date":"2021-01-16T16:02:06","date_gmt":"2021-01-16T16:02:06","guid":{"rendered":"https:\/\/osintme.com\/?p=1095"},"modified":"2021-02-09T19:33:03","modified_gmt":"2021-02-09T19:33:03","slug":"ultimate-osint-with-shodan-100-great-shodan-queries","status":"publish","type":"post","link":"https:\/\/osintme.com\/index.php\/2021\/01\/16\/ultimate-osint-with-shodan-100-great-shodan-queries\/","title":{"rendered":"Ultimate OSINT with Shodan: 100+ great Shodan queries"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Happy New Year!<\/p>

We are returning to OSINT after a short hiatus, with a post that I have spent some time working on.<\/p>

My fondness for Shodan has been obvious, especially since I created the Shodan, OSINT & IoT Devices online course<\/a> (by the way, it still has 4 seats left available!).<\/p>

You can experiment with making Shodan search queries, or you can take this shortcut and use some of my ones.<\/p>

Each of the 100+ queries has been manually tested and (at the time of writing at least) it delivers tangible results.<\/p>

If you find something else useful that is not covered here, please drop it in the comments below.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Webcam searches<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
  1. title:camera<\/a> – general search for anything matching the “camera” keyword.<\/li>
  2. webcam has_screenshot:true<\/a> – a general search for any IoT device identified as a webcam that has screenshots available.<\/li>
  3. has_screenshot:true IP Webcam<\/a> – another version of the above search, see how the results might differ?<\/li>
  4. server: webcampxp<\/a> – webcamXP is one of the most popular and commonly encountered network camera software for Windows OS.\u00a0<\/li>
  5. server: “webcam 7”<\/a> – webcam 7 cameras; not as popular as the above type, but still they are still popular and encountered out there.<\/li>
  6. title:”blue iris remote view”<\/a> – webcams identified as belonging to the Blue Iris<\/a> webcam remote management and monitoring service.<\/li>
  7. title:”ui3 -“<\/a> – UI3 is a\u00a0 HTML5 web interface for Blue Iris mentioned above.<\/li>
  8. title:”Network Camera VB-M600″<\/a> – Canon manufactured megapixel security cameras.<\/li>
  9. product:”Yawcam webcam viewer httpd”<\/a> – Yawcam stands for Yet Another WebCAM, free live streaming and webcam software.<\/li>
  10. title:”IPCam Client”<\/a> – IPCam Client webcam devices.<\/li>
  11. server: GeoHttpServer<\/a> – GeoVision (GeoHttpServer) Webcams, older webcam software with some had well documented vulnerabilities.<\/li>
  12. server: VVTK-HTTP-Server<\/a> – Vivotek IP cameras.<\/li>
  13. title:”Avigilon”<\/a> – access to the Avigilion brand camera and monitoring devices.<\/li>
  14. ACTi<\/a> – various IP camera and video management system products.<\/li>
  15. WWW-Authenticate: “Merit LILIN Ent. Co., Ltd.”<\/a> – a UK-based house automation \/ IP camera provider.<\/li>
  16. title:”+tm01+”<\/a> – unsecured Linksys webcams, a lot of them with screenshots.<\/li>
  17. server: “i-Catcher Console”<\/a> – another example of an IP-based CCTV system.<\/li>
  18. Netwave IP Camera Content-Length: 2574<\/a> – access to the Netwave make IP cameras.<\/li>
  19. 200 ok dvr port:”81″<\/a> – DVR CCTV cameras accessible via http.<\/li>
  20. WVC80N<\/a> – Linksys WVC80N cameras.<\/li><\/ol>

    \u00a0<\/p>

    Explore further by these tags:<\/p>

    WEBCAM: https:\/\/www.shodan.io\/explore\/tag\/webcam<\/a><\/p>

    CAM: https:\/\/www.shodan.io\/explore\/tag\/cam\u00a0<\/a><\/p>

    CAMERA: https:\/\/www.shodan.io\/explore\/tag\/camera<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t
    <\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    VOIP communication devices<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    1. device:”voip”<\/a> – general search for Voice over IP devices.<\/li>
    2. device:”voip phone”<\/a> – more specific search for anything VoIP containing a “phone” keyword.<\/li>
    3. server: snom<\/a> – Snom is a VoIP provider with some legacy devices online.<\/li>
    4. “snom embedded 200 OK”<\/a> – Snom devices with enabled authentication.<\/li>
    5. AddPac<\/a> – an older VoIP provider, nearly exclusively legacy devices.<\/li>
    6. mcu: tandberg<\/a> – Tandberg is a hardware manufacturer of multi-point control units for video conferencing.<\/li>
    7. title:”polycom”<\/a> – Polycom is another VoIP communication brand.<\/li>
    8. title:”openstage”<\/a> – Siemens Openstage brand IP phones.<\/li>
    9. 39 voip<\/a> – some more VoIP services, mostly behind login screens<\/li>
    10. Server: MSOS\/2.0 mawebserver\/1.1<\/a> – VoIP media gateway, commonly used by services such as Patton SN4112 FXO.<\/li><\/ol>

      \u00a0<\/p>

      Explore further by the VOIP tag: https:\/\/www.shodan.io\/explore\/tag\/voip<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Database searches<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t
      1. product:MySQL<\/a> – broad search for MySQL databases.<\/li>
      2. mongodb port:27017<\/a> – MongoDB databases on their default port. Unsecured by default.<\/li>
      3. “MongoDB Server Information” port:27017<\/a> – another variation of the above search.<\/li>
      4. “MongoDB Server Information { “metrics”:”<\/a> – fully open MongoDBs.<\/li>
      5. “Set-Cookie: mongo-express=” “200 OK”<\/a> – MongoDB open databases.<\/li>
      6. kibana content-length:217<\/a> – Kibana dashboards accessible without authentication.<\/li>
      7. port:”9200″ all:elastic<\/a> – Elasticsearch open databases.<\/li>
      8. port:5432 PostgreSQL<\/a> – remote connections to PostgreSQL servers.<\/li>
      9. product:”CouchDB”<\/a> – Apache CouchDB databases listed.<\/li>
      10. port:”5984″+Server: “CouchDB\/2.1.0”<\/a> – vulnerable CouchDB where remote code execution may be possible.<\/li><\/ol>

        \u00a0<\/p>

        Explore further by the DATABASE tag: https:\/\/www.shodan.io\/explore\/tag\/database\u00a0<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t

        Maritime devices<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t
        1. maritime<\/a> – general search for anything related to maritime devices.<\/li>
        2. sailor<\/a> – another wide search, could yield unrelated results!<\/li>
        3. org:marlink<\/a> – general search; Marlink is the world’s largest maritime satellite communications provider.<\/li>
        4. satcom<\/a> – another maritime satellite communications services provider.<\/li>
        5. inmarsat<\/a> – as above, but a slightly less known equipment vendor.<\/li>
        6. vsat<\/a> – abbreviation for “very-small-aperture terminal”, a data transmitter \/ receiver commonly used by maritime vessels.<\/li>
        7. ECDIS<\/a> – abbreviation for Electronic Chart Display and Information Systems, used in navigation and autopilot systems.<\/li>
        8. uhp vsat terminal software -password<\/a> – satellite network router without a password.<\/li>
        9. ssl:”Cobham SATCOM”<\/a> – maritime radio and locations systems.<\/li>

        10. title:”Slocum Fleet Mission Control”<\/a> – maritime mission control software.<\/p><\/li><\/ol>

          \u00a0<\/p>

          Explore further by the VSAT tag: https:\/\/www.shodan.io\/explore\/tag\/vsat<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

          \n\t\t\t\t\t\t
          \n\t\t\t\t\t
          \n\t\t\t
          \n\t\t\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t

          Files & directories<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
          \n\t\t\t\t\t\t
          \n\t\t\t\t\t
          \n\t\t\t
          \n\t\t\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t
          1. http.title:”Index of \/”<\/a> – open lists of files and directories on various servers.<\/li>
          2. port:80 title:”Index of \/”<\/a> – slight variation of the above, note how the results might differ.<\/li>
          3. “220” “230 Login successful.” port:21<\/a> – FTP resources potentially accessible without login credentials.<\/li>
          4. 230 ‘anonymous@’ login ok<\/a> – anonymous login allowed to FTP resources.<\/li>
          5. “Anonymous+access+allowed” port:”21″<\/a> – as above.<\/li>
          6. vsftpd 2.3.4<\/a> – legacy Linux based FTP service with a widely known security vulnerability<\/li>
          7. ftp port:”10000″<\/a> – Network Data Management Protocol (NDMP), used for backup of network-attached storage (NAS) devices.<\/li>
          8. “Authentication: disabled” port:445 product:”Samba”<\/a> – SMB file sharing<\/li>
          9. “QuickBooks files OverNetwork” -unix port:445<\/a> – default settings for sharing QuickBooks files.<\/li>
          10. filezilla port:”21″<\/a> – popular file sharing software Filezilla.<\/li><\/ol>

            \u00a0<\/p>

            Explore further by these tags:<\/p>

            FTP: https:\/\/www.shodan.io\/explore\/tag\/ftp<\/a><\/p>

            SMB: https:\/\/www.shodan.io\/explore\/tag\/smb\u00a0<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t

            Legacy Windows operating systems<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t
            1. os:”Windows 5.0″<\/a>\u00a0– Windows 2000; support ended in 2010.<\/li>
            2. os:”Windows 5.1″<\/a> – Windows XP; support ended in 2014.<\/li>
            3. os:Windows 2003<\/a> – Windows Server 2003; support ended in 2015.<\/li>
            4. os:”Windows Vista”<\/a>– Windows Vista; support ended in 2017.<\/li>
            5. os:Windows 2008<\/a> – Windows Server 2008; support ended in 2020.<\/li>
            6. os:”Windows 7″<\/a> – Windows 7; support ended in 2020.<\/li>
            7. os:”Windows 8″<\/a> – Windows 8; support ended in 2016.<\/li>
            8. os:Windows 2011<\/a> – Windows Home Server 2011; support ended in 2016.<\/li>
            9. os:”Windows 8.1″<\/a> – Windows 8.1; support ended in 2018.<\/li>
            10. os:Windows 2012<\/a> – Windows Server 2012; support ended in 2018.<\/li><\/ol>

              \u00a0<\/p>

              Explore further by the WINDOWS tag: https:\/\/www.shodan.io\/explore\/tag\/windows<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

              \n\t\t\t\t\t\t
              \n\t\t\t\t\t
              \n\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t

              Default \/ generic credentials<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t\t
              \n\t\t\t
              \n\t\t\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t
              1. admin 1234<\/a> – basic very unsecure credentials.<\/li>
              2. “default password”<\/a> – speaks for itself…<\/li>
              3. test test port:”80″<\/a> – generic test credentials over HTTP.<\/li>
              4. “authentication disabled” “RFB 003.008”<\/a> – no authentication necessary.<\/li>
              5. root@” port:23 -login -password -name -Session<\/a> – accounts already logged in with root privilege over Telnet, port 23.<\/li>
              6. port:23 console gateway<\/a> – remote access via Telnet, no password required.<\/li>
              7. html:”def_wirelesspassword”<\/a> – default login pages for routers.<\/li>
              8. “polycom command shell”<\/a> – possible authentication bypass to Polycom devices.<\/li>
              9. “authentication disabled” port:5900,5901<\/a> – VNC services without authentication.<\/li>
              10. “server: Bomgar” “200 OK”<\/a> – Bomgar remote support service.<\/li><\/ol>

                \u00a0<\/p>

                Explore further by the VNC tag: https:\/\/www.shodan.io\/explore\/tag\/vnc<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

                \n\t\t\t\t\t\t
                \n\t\t\t\t\t
                \n\t\t\t
                \n\t\t\t\t\t\t
                \n\t\t\t\t
                \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                \n\t\t\t\t\t\t
                \n\t\t\t\t\t
                \n\t\t\t
                \n\t\t\t\t\t\t
                \n\t\t\t\t
                \n\t\t\t\t\t

                Printers<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                \n\t\t\t\t\t\t
                \n\t\t\t\t\t
                \n\t\t\t
                \n\t\t\t\t\t\t
                \n\t\t\t\t
                \n\t\t\t\t\t\t\t\t\t
                1. printer<\/a> – general search for printers.<\/li>
                2. “HP-ChaiSOE” port:”80″<\/a> – HP LaserJet printers accessible through HTTP.<\/li>
                3. title:”syncthru web service”<\/a> – older Samsung printers, not secured by default.<\/li>
                4. “Location: \/main\/main.html” debut<\/a> – admin pages of Brother printers, not secured.<\/li>
                5. port:161 hp<\/a> – HP printers that can be restarted remotely via port 161.<\/li>
                6. port:23 “Password is not set”<\/a> – open access via Telnet to printers without set passwords.<\/li>
                7. “Laser Printer FTP Server”<\/a> – printers accessible via FTP with anonymous login allowed.<\/li>
                8. Printer Type: Lexmark<\/a> – access to control panels for Lexmark make printers.<\/li>
                9. http 200 server epson -upnp<\/a> – HTTP accessible Epson printers.<\/li>
                10. “Server: EPSON-HTTP” “200 OK”<\/a> – another variation of the above search.<\/li>
                11. ssl:”Xerox Generic Root”<\/a> – remote access to Xerox printers.<\/span><\/li>
                12. “Server: CANON HTTP Server”<\/a> – Canon printer servers through HTTP connection.<\/li><\/ol>

                  \u00a0<\/p>

                  Explore further by these tags:<\/p>

                  PRINTER: https:\/\/www.shodan.io\/explore\/tag\/printer<\/a><\/p>

                  PRINTERS: https:\/\/www.shodan.io\/explore\/tag\/printers<\/a><\/p>

                  PRINT SERVER: https:\/\/www.shodan.io\/explore\/tag\/print%20server\u00a0<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

                  \n\t\t\t\t\t\t
                  \n\t\t\t\t\t
                  \n\t\t\t
                  \n\t\t\t\t\t\t
                  \n\t\t\t\t
                  \n\t\t\t\t\t

                  Compromised devices and websites<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                  \n\t\t\t\t\t\t
                  \n\t\t\t\t\t
                  \n\t\t\t
                  \n\t\t\t\t\t\t
                  \n\t\t\t\t
                  \n\t\t\t\t\t\t\t\t\t
                  1. hacked<\/a> – general search for the ‘hacked’ label.<\/li>
                  2. “hacked by”<\/a> – another variation of the above search.<\/li>
                  3. http.title:”Hacked by”<\/a> – another variation of the same search filter.<\/span><\/li>
                  4. http.title:”0wn3d by”<\/a> – resourced labelled as ‘owned’ by a threat agent, hacker group, etc.<\/li>
                  5. “HACKED-ROUTER”<\/a> – compromised routers, labelled accordingly.<\/li>
                  6. port:”27017″ “send_bitcoin_to_retrieve_the_data”<\/a> – databases affected by ransomware, with the ransom demand still associated with them.<\/li>
                  7. bitcoin has_screenshot:true<\/a> – searches for the ‘bitcoin’ keyword, where a screenshot is present (useful for RDP screens of endpoints infected with ransomware).<\/li>
                  8. port:4444 system32<\/a> – compromised legacy operating systems. Port 4444 is the default port for Meterpreter – a Metasploit attack payload with an interactive shell for remote code execution.<\/li>
                  9. “attention”+”encrypted”+port:3389<\/a> – ransomware infected RDP services.<\/li>
                  10. “HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD”<\/a> – compromised hosts with the name changed to that phrase.<\/li>
                  11. “HACKED FTP server”<\/a> – compromised FTP servers.<\/li><\/ol>

                    \u00a0<\/p>

                    Explore further by the HACKED tag: https:\/\/www.shodan.io\/explore\/tag\/hacked\u00a0<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

                    \n\t\t\t\t\t\t
                    \n\t\t\t\t\t
                    \n\t\t\t
                    \n\t\t\t\t\t\t
                    \n\t\t\t\t
                    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"ransomware\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                    \n\t\t\t\t\t\t
                    \n\t\t\t\t\t
                    \n\t\t\t
                    \n\t\t\t\t\t\t
                    \n\t\t\t\t
                    \n\t\t\t\t\t

                    Miscellaneous<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
                    \n\t\t\t\t\t\t
                    \n\t\t\t\t\t
                    \n\t\t\t
                    \n\t\t\t\t\t\t
                    \n\t\t\t\t
                    \n\t\t\t\t\t\t\t\t\t
                    1. solar<\/a> – controls for solar panels and similar solar devices.<\/li>
                    2. “ETH – Total speed”<\/a> – Ethereum cryptocurrency miners.<\/li>

                    3. http.html:”* The wp-config.php creation script uses this file”<\/a> – misconfigured WordPress websites.<\/p><\/li>

                    4. http.title:”Nordex Control”<\/a> – searches for Nordex wind turbine farms.<\/span><\/li>
                    5. “Server: EIG Embedded Web Server” “200 Document follows”<\/a> – EIG electricity meters.<\/li>
                    6. “DICOM Server Response” port:104<\/a> – DICOM medical machinery.<\/li>
                    7. http.title:”Tesla”<\/a> –\u00a0 anything with the term \u201cTesla\u201d in the banner.<\/span><\/li>
                    8. “in-tank inventory” port:10001<\/a> – petrol pumps, including their physical addresses.<\/li>
                    9. http.title:”dashboard”<\/a> – literally anything labelled ‘dashboard’, with many not accessible due to security by default.<\/span><\/li>
                    10. http.title:”control panel”<\/a> – as above, but whatever is labelled as control panels.<\/span><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                      Doing open source intelligence with Shodan? Here are 100+ great search queries, ready to be tested.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[50,51,106,8,116,108],"class_list":["post-1095","post","type-post","status-publish","format-standard","hentry","category-open-source-intelligence","tag-breach","tag-hidden-camera","tag-iot","tag-operating-system","tag-search","tag-shodan"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/1095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/comments?post=1095"}],"version-history":[{"count":122,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/1095\/revisions"}],"predecessor-version":[{"id":1647,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/posts\/1095\/revisions\/1647"}],"wp:attachment":[{"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/media?parent=1095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/categories?post=1095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osintme.com\/index.php\/wp-json\/wp\/v2\/tags?post=1095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}