
Show HN: Personal IoT scanner and search engine - wybiral
https://github.com/wybiral/dex
======
codeplea
Cool. I guess it just tries http requests on port 80 to random IP4 address.
Any plans to add other ports or protocols?

What's the legality of actually running something like this?

~~~
wybiral
Yep, currently it only looks at port 80 but it would be a trivial change to
check others.

So it's great for finding web interfaces for DVR systems, printers, routers,
obscure websites, etc. And it's good for collecting a random sample of
host=>header data for research.

But it's not going to search for exposed database ports or other protocols
unless someone wants to modify it for that purpose.

As far as the legality goes, it's probably on-par with something like nmap and
will differ by region. However, it's only collecting the headers responded by
a server voluntarily rather than probing all possible ports for exploits. In
essence it's like typing random IP addresses into your browser until you get
responses.

------
ColanR
That's cool. Though, it's not clear if this is scanning just the local
network, or more broadly.

~~~
wybiral
Right now it's scanning random IPv4 addresses, everything accessible. Though
it may be a good idea to add some sort of whitelist or blacklist rules.

I've mainly been using it for sampling and exploration purposes. Like a bite-
sized version of Shodan.

