Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mr-exo/shodan-dorks
Here are the most interesting Shodan dorks (according to me)
https://github.com/mr-exo/shodan-dorks
devices dorks iot shodan shodan-dorks shodandorks
Last synced: about 4 hours ago
JSON representation
Here are the most interesting Shodan dorks (according to me)
- Host: GitHub
- URL: https://github.com/mr-exo/shodan-dorks
- Owner: mr-exo
- Created: 2021-09-16T15:53:53.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-10T13:07:42.000Z (11 months ago)
- Last Synced: 2023-12-10T14:24:40.416Z (11 months ago)
- Topics: devices, dorks, iot, shodan, shodan-dorks, shodandorks
- Homepage:
- Size: 14.6 KB
- Stars: 37
- Watchers: 1
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-ip-search-engines - Shodan Dorks from @mr-exo
- awesome-ip-search-engines - Shodan Dorks from @mr-exo
README
# Top 100 Interesting Shodan Dorks
_This is the list of most interesting shodan dorks that you can use on Shodan.io_
# Cameras and Webcams
webcamXP/webcam7: \
`("webcam 7" OR "webcamXP") http.component:"mootools" -401`
Some Webcams(SQ Webcams?): \
`Server: SQ-WEBCAM`
Yawcam Webcams: \
`"Server: yawcam" "Mime-Type: text/html"`
Surveillance Cams: \
`Server: uc-httpd 1.0.0`\
`NETSurveillance uc-httpd`\
***Surveillance cams with admin:admin or admin:(none) creds***
Hikvision Cameras: \
`product:"Hikvision IP Camera"` \
***Link for Hikvision backdoor here:*** https://ipvm.com/reports/hik-exploit
Generic dork for finding cameras: \
`title:camera`
Generic dork for finding cameras (with screenshots): \
`webcam has_screenshot:true`
Dahua Cameras: \
`http.title:"WEB VIEW"`
Some random webcams: \
`http.title:"Webcam"`
# Vulnerable Services / Servers
EternalBlue SMB RCE: \
`os:"Windows 10 Home 19041`
ProFTPD 1.3.5 (mod_copy exec; CVE-2015-3306) : \
`"220 ProFTPD 1.3.5"`
Anonymous FTP Login #1: \
`"230 User anonymous"`
Anonymous FTP Login #2: \
`"220" "230 Login successful." port:21`
Already Logged-In as root via Telnet: \
`"root@" port:23 -login -password -name -Session`
No password for Telnet Access: \
`port:23 console gateway`
# Other Services that you can find
OpenSSH: \
`openssh port:22`
Logitech Media Servers: \
`"Server: Logitech Media Server" "200 OK"`
Jenkins Unrestricted Dashboard: \
`x-jenkins 200`
MySQL: \
`"product:MySQL"`
MongoDB #1: \
`mongodb port:27017`
MongoDB #2: \
`product:"MongoDB"`
# Interesting Things that you can find on Shodan
RDP/VNC's WITHOUT AUTH: \
`"authentication disabled" "RFB 003.008"`\
`remote desktop "port:3389"`
XZERES Wind Turbines: \
`title:"xzeres wind"`
MikroTik Routers: \
`port:8291 os:"MikroTik RouterOS 6.45.9"`
Minecraft Servers: \
`"Minecraft Server" "protocol 340" port:25565`
Smart TVs: \
`"Chromecast:" port:8008`
Maritime Satellites: \
`"Cobham SATCOM" OR ("Sailor" "VSAT")` \
***Real-time location of ships via satelite***
Tesla PowerPack Charging Status Page: \
`http.title:"Tesla PowerPack System" http.component:"d3"`
Samsung Electronic Billboards: \
`"Server: Prismview Player"`