Hacker News new | past | comments | ask | show | jobs | submit login
Shodan 2000 (shodan.io)
166 points by A_No_Name_Mouse 4 days ago | hide | past | favorite | 56 comments

It's a nice touch that the logo is done with pure HTML and CSS (well, other than the triangle, which is an SVG, albeit a simple one), so you can copy the text

Found an IP that got ransomwared: https://beta.shodan.io/host/

what a strange name, "KINDERLULU" in german could be translated to "children's pee"

If that's any indication of what could be on that system I say it's good it got ransomware

It's an Indian brand of cookies.

That's KinderJoy

That's a German brand of sweets LOL

That's Kindergarten

Do not want.


Thank you, ransomware warlords, for the service you've done the world today.

Wow, there's a lot of it about [1]. Happened to me about three years ago, so pretty chilling.

[1] https://beta.shodan.io/search?query=%22Your+files+are+encryp...

Another one: https://beta.shodan.io/host/

Ransomware has become really massive.

The number of webcams, databases, and industrial automation (temp/hvac/motors/etc) controllers openly accessible is frightening.

Whenever I need to make an argument against IoT, I just point to Shodan and the vast amount of broken/open but still connected devices.

Really doesn't take long to find some industrial automation there.

Show your bosses that their equipment is showing up on shodan if you want to freak them out :)

And according to a some talks in YouTube, also power plants, traffic lights, etc.

Oh.. Its Static. All the "hacked" targets are pre-coded into the javascript

No, it's not static. The information is pulled from a file that gets updated by a separate script.

It's a little more informative to go to https://www.shodan.io

For anyone trying to understand your foot print of internet attached devices Shodan is an invaluable resource.

It’s a great product and I’m continually amazed what the small team is able to accomplish.

It seems pretty amazing just seeing some of the random results come up!

What I wonder, being unfamiliar how it actually works (since I don't have an account) - is the fact that my public IP comes up with 'No information available' just that no paid user has scanned it, or does it mean that my firewall is set up correctly? (I do allow ICMP but that's all for non established/related packets).

Typically it means you've configured your firewall correctly. Shodan continuously crawls the Internet so it's not based on user requesting scans. The IPv4 space is fairly small so Shodan just checks every IP (3+ billion) to find the services that run on it. Your activity/ use of Shodan doesn't affect how Shodan crawls the Internet - unless you request a scan using the API/ CLI. For more information: https://help.shodan.io/the-basics/what-is-shodan

It showed an IP cam in Vietnam of what looked like an hospital room ... with a patient in the bed ... Scary

The theme is actually 80's and music sounds very 90s to me. This is what the 80s would feel like in 2000, is it the whole "the 80s were 20years ago" syndrome I wonder.

I love it! It's anachronistic but I guess the vaporwave-art deco-retro motif always was. They should stream this on a wall at Defcon instead of the Wall of Sheep

What am I looking at here?

Shodan port scans most of the internet and records the response, TLS certificates, etc. They have a search engine and tools like monitoring so you can run queries like “find anything where the certificate has this key (or organization name)” or “notify me any time a new port opens on my organization’s network.

This is the same data but a UI theme for nostalgic 90s internet users.

Does "compromised" actually mean pwn'd or just "i ping'd and it responded"?

Also, what should I be looking for in my own logs to see who is scanning me and using what? 99% its stuff I'm not running (wordpress, mysql).

They scan and report what the servers advertise, so normally you’d see a list of services and it’d list versions which have known CVEs (obviously, this doesn’t say it’s actually vulnerable if e.g. a Linux distribution patched it without changing the advertised major version).

The “compromised” tag is only added after some confirmation of known malicious activity. I’m not sure what all that includes but I believe that can be things like 200 responses to known malware paths or a database reporting names used by common malware.

It's not looking for compromised devices, just anything with an open port. Conceptually they are just running an nmap scan of the entire public IP range and aggregating the results in a searchable index.

How up-to-date is it?

They scan pretty regularly and with a membership you can submit scans on demand. Picking a /16 I work with, the oldest full scan is 12/15 and the newest is 1/14 — and I say “full scan” because the oldest hosts show far more recent updates (1/13) for things like the web server ports which had previously been found open.

"compromised" means that it looks like the service was taken over by somebody else. That can mean website defacement (ex. "Hacked by XXX"), database ransomware or any other way that a bad guy can compromise a service.

This is… the internet.

I think you meant:

THE INTERNET...NET...NET...Net...net...!!!

(I feel like that's a good representation for a booming echo effect.)

Is an semi-real-time readout of New(how new? Not sure) devices/addresses accessible from the internet, including unlisted stuff like power plants, fridges, Botswanan cable companies, etc.

the webcam datestamps have ranged from today to a couple weeks ago, so probably a mix

Shodan is basically a port scan of the entire internet

I love this. The 3D planar background + synthpop tune just make it. If I had to give this a name, I'd call it "retro marketing". I hope more companies do this kind of stuff.

I love it and it's called "synthwave": neon / wireframe landscape / "metallic" letters with gradients in them and sometimes fake used VHS tape playback fx and of course synth music with lots of arpeggios, italo-disco style.

Makes me all nostalgic even though that genre wasn't identical back in the mid to late 80s/early 90s.

Vids are often featuring old sportcars from that era.


Here I was almost expecting the song to be a live-rendered actual .mod/.xm file (it's mp3), which also would have allow it to be continuously loopable.

... probably biased because I was introducing a younger friend previously oblivious to the modscene† a couple of hours ago through 4-mat's phantasmagoria.ntii (which has loop hints) and jester's elysium and stardust memories, the latter of which the Dolby Headphones rendering is quite enjoyable††.


†† https://www.youtube.com/watch?v=W1bgMX4UCjw

Classic music, I like it.

The music is fantastic!

What's up with over a thousand of webcams in Switzerland, most marked with "honeypot" tag?

This is ridiculous fun

At Awingu, we did a study concerning open endpoints (specifically RDP as that's relevant for our product) and the numbers were staggering: 360k open RDP endpoints (many of which unpatched and ready for easy exploits) facing the public internet in only 6 European countries. https://www.awingu.com/study-security-threats-360k-companies...

To the surprise of nobody, it's mostly Mongodb and Elasticsearch. Those wildly popular services with dangerous defaults.

Hmmm. What are the implications from the responsible disclosure point of view?

Some of these results look exploitable.

Many of them already look exploited. You can try informing the owners, but many of the pwned devices are in consumer ISP subnets so I don't think you'll get far. Some of them might be honeypot as well.

It's just a visual thing for Shodan hosts, after all. I don't think the service is finding any new devices, it's just showing random interesting devices from the Shodan database.

Compared to just go scanning devices at random?

I'd guess scanning them yourself would be easier and faster, so if you want to invade some system, it's not adding anything for you.

My advice, don’t worry about it.

Anything new here from 3 years ago (other than the live list of IPs obv)

The (retro) future is now!

I love it.


what is it?

Shodan îs a search engine for internet-connected devices. There are a very surprising number of devices (security cameras, IoT thingamajigs, etc) connected directly to the internet.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact