The dark side is strong, but the force has awakened <gratuitous Star Wars reference>. Jedi knight and security analyst, Eric Johnfelt, stumbled upon a find that we feel is worth shouting from the proverbial rooftops. Shodan.io, for those that don’t know, is like a search engine for internet-connected systems. Shodan allows you to quickly see what systems and applications are exposed to the internet within your network range. It finds more than just servers, but I will let you explore the other features on your own.
I know what you’re thinking. “Cool! The good guys can check their own network ranges and see if something is inadvertently exposed to the internet!”
To that I say, “Correct! And guess what? The bad guys can check your network ranges and see if something is inadvertently exposed to the internet!”
But, alas! All is not lost thanks to Shodan’s owner, John Matherly. The good guys have the upper hand for a change. He is willing to upgrade any EDU user to a full account for free! As in, $0 instead of $49. Plus, it includes an API plan that normally costs $99+ a month! This is not a brand new offer, but certainly worth mentioning for those of us who didn’t know this previously. It includes the following:
– All add-ons (HTTPS, Telnet, view up to 10,000 search results)
– 100 Export Credits
– Improved API plan (access to up to 20 million results/ month)
– Shodan Maps (https://maps.shodan.io)
– Shodan Images (https://images.shodan.io)
– Free access to the Complete Guide to Shodan book
When I asked him why he is offering this deal, he revealed that he used to work at a University before starting Shodan, and “…it was a pain to get funding for anything!” I can’t imagine what he means by that <insert sarcastic grin here>. To take advantage of this offer, sign up for a free account and then send an email to support@shodan.io from your EDU email address and tell them what your username is.
In any case, thanks to John and the Shodan crew for making this awesome tool free for EDU folks! One word of caution, though. Use Shodan responsibly and do not abuse your newly granted power. Don’t allow the dark side to seduce you. If you visit any of the discovered devices without authorization, you could be breaking the law.
May the force be with you.
https://flic.kr/p/7zLt8y – Public Domain
Have you used Shodan before? In what ways have you found it useful? Let me know in the comments below.
Thanks for reading and don’t forget to subscribe.