https://github.com/mr-exo/shodan-dorks

Here are the most interesting Shodan dorks (according to me)
https://github.com/mr-exo/shodan-dorks

devices dorks iot shodan shodan-dorks shodandorks

Last synced: 7 months ago
JSON representation

Here are the most interesting Shodan dorks (according to me)

• Host: GitHub
• URL: https://github.com/mr-exo/shodan-dorks
• Owner: mr-exo
• Created: 2021-09-16T15:53:53.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2023-12-10T13:07:42.000Z (about 2 years ago)
• Last Synced: 2024-11-17T01:28:41.695Z (about 1 year ago)
• Topics: devices, dorks, iot, shodan, shodan-dorks, shodandorks
• Homepage:
• Size: 14.6 KB
• Stars: 70
• Watchers: 1
• Forks: 12
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-ip-search-engines - Shodan Dorks from @mr-exo

README

          
# Top 100 Interesting Shodan Dorks

_This is the list of most interesting shodan dorks that you can use on Shodan.io_

# Cameras and Webcams

webcamXP/webcam7: \

`("webcam 7" OR "webcamXP") http.component:"mootools" -401`

Some Webcams(SQ Webcams?): \

`Server: SQ-WEBCAM`

Yawcam Webcams: \

`"Server: yawcam" "Mime-Type: text/html"`

Surveillance Cams: \

`Server: uc-httpd 1.0.0`\

`NETSurveillance uc-httpd`\

***Surveillance cams with admin:admin or admin:(none) creds***

Hikvision Cameras: \

`product:"Hikvision IP Camera"` \

***Link for Hikvision backdoor here:*** https://ipvm.com/reports/hik-exploit

Generic dork for finding cameras: \

`title:camera`

Generic dork for finding cameras (with screenshots): \

`webcam has_screenshot:true`

Dahua Cameras: \

`http.title:"WEB VIEW"`

Some random webcams: \

`http.title:"Webcam"`

# Vulnerable Services / Servers

EternalBlue SMB RCE: \

`os:"Windows 10 Home 19041`

ProFTPD 1.3.5 (mod_copy exec; CVE-2015-3306) : \

`"220 ProFTPD 1.3.5"`

Anonymous FTP Login #1: \

`"230 User anonymous"`

Anonymous FTP Login #2: \

`"220" "230 Login successful." port:21`

Already Logged-In as root via Telnet: \

`"root@" port:23 -login -password -name -Session`

No password for Telnet Access: \

`port:23 console gateway`

# Other Services that you can find

OpenSSH: \

`openssh port:22`

Logitech Media Servers: \

`"Server: Logitech Media Server" "200 OK"`

Jenkins Unrestricted Dashboard: \

`x-jenkins 200`

MySQL: \

`"product:MySQL"`

MongoDB #1: \

`mongodb port:27017`

MongoDB #2: \

`product:"MongoDB"`

# Interesting Things that you can find on Shodan

RDP/VNC's WITHOUT AUTH: \

`"authentication disabled" "RFB 003.008"`\

`remote desktop "port:3389"`

XZERES Wind Turbines: \

`title:"xzeres wind"`

MikroTik Routers: \

`port:8291 os:"MikroTik RouterOS 6.45.9"`

Minecraft Servers: \

`"Minecraft Server" "protocol 340" port:25565`

Smart TVs: \

`"Chromecast:" port:8008`

Maritime Satellites: \

`"Cobham SATCOM" OR ("Sailor" "VSAT")` \

***Real-time location of ships via satelite***

Tesla PowerPack Charging Status Page: \

`http.title:"Tesla PowerPack System" http.component:"d3"`

Samsung Electronic Billboards: \

`"Server: Prismview Player"`