
Search Engine for Hackers - achillean
http://www.shodanhq.com
======
TrevorBurnham
In case you were wondering about the name, SHODAN was the evil computer from
the classic computer games System Shock and System Shock 2. (Apparently the
name stood for "Sentient Hyper-Optimized Data Access Network," a delightful
string of marketing jargon!)

<http://en.wikipedia.org/wiki/SHODAN>

~~~
TheTarquin
I just have to include the iconic SHODAN quote:

"Look at you, hacker. A pathetic creature of meat and bone, panting and
sweating as you run through my corridors. How can you challenge a perfect,
immortal machine?"

I wonder if the creators of the search engine are aware that a.) SHODAN wasn't
the hacker. b.) SHODAN tried repeatedly to kill the hacker. And c.) the
situation didn't turn out particularly well for SHODAN.

~~~
achillean
Yes on all counts, but SHODAN is remembered as the iconic character of the
hacker-themed game.

PS: And 'shodan' also means 'to search for something' in Hindi.

~~~
TheTarquin
Oh cool! I didn't know that. Learn something new every day.

Hmm, . . . , that's very interesting. I wonder if the etymology of SHODAN is
from the Hindi shodan? Maybe it's just a coincidence?

------
weaksauce
Interesting, literally for "hackers" in the bad sense of the term. I cannot
see how this is useful in a normal day to day fashion other than to find
computers/routers that are compromisable. Maybe there is another utility for
this? The only one I can imagine right now is to see trends on what is out
there in terms of webservers and the versions on them for research papers and
the like.

~~~
achillean
The point comes up a lot that this tool could be misused by script kiddies, so
I thought I'd address some of those concerns:

\- Search results are limited to 50 hosts (if you're logged in, 10 hosts if
you're not). This makes it impractical to use for building a botnet or any
kind of large-scale operation.

\- I take steps to limit anonymous access (ex. Tor not allowed)

\- 'net' and 'country' filter require you to be logged in; makes anonymous
systematic scraping much harder

\- Users detected of scraping get banned (zero tolerance)

The bottom line: this is a tool for penetration testing and market research,
not for script kiddies.

------
bmunro
I tried the country search, but the country part was ignored:

 _'country' filter ignored. Please login to use the 'country' filtering
option._

------
unignorant
Random observation: only 3 hits for .coms running yaws in the U.S. Odd...?

<http://www.shodanhq.com/?q=yaws+.com+country:US>

------
jluxenberg
If you're looking for aggregate statistics, etc, Netcraft has been doing this
for a while:

<http://www.netcraft.com/>

------
olalonde
Hope you're not scanning IP ranges: I believe it's illegal in most countries.

~~~
achillean
It isn't in the US, see 'Moulton v. VC3'.

------
makmanalp
Now you don't even need to scan ip ranges to find a target!

