Project Puchufy

Searching IoT using shodan.io

Shodan is a search engine that looks for devices that are connected to the internet. It lists the device’s IP address, services and banner. This is a useful tool for searching devices like routers, servers, CCTV cameras, and other IoT devices.

Using Shodan for gathering information is a passive method, which means you are not actually accessing any device that you are getting information of.

Searching for a hostname and open services:
hostname: {DOMAIN_NAME} port:"{PORT_NUMBER}"

This sample result searches for devices that has the queried domain name included in it’s FQDN and has SSH open.

More Information

Upon clicking the IP address of the result, you’ll be redirected to the page where it shows more information about the device.

Vulnerabilities

Additionally, it includes the vulnerabilities found in the device.