[
{
"path": "code-of-conduct.md",
"content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as\ncontributors and maintainers pledge to making participation in our project and\nour community a harassment-free experience for everyone, regardless of age, body\nsize, disability, ethnicity, sex characteristics, gender identity and expression,\nlevel of experience, education, socio-economic status, nationality, personal\nappearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment\ninclude:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or\n advances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or electronic\n address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable\nbehavior and are expected to take appropriate and fair corrective action in\nresponse to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or\nreject comments, commits, code, wiki edits, issues, and other contributions\nthat are not aligned to this Code of Conduct, or to ban temporarily or\npermanently any contributor for other behaviors that they deem inappropriate,\nthreatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies within all project spaces, and it also applies when\nan individual is representing the project or its community in public spaces.\nExamples of representing a project or community include using an official\nproject e-mail address, posting via an official social media account, or acting\nas an appointed representative at an online or offline event. Representation of\na project may be further defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported by contacting the project team at jake@jarv.is. All\ncomplaints will be reviewed and investigated and will result in a response that\nis deemed necessary and appropriate to the circumstances. The project team is\nobligated to maintain confidentiality with regard to the reporter of an incident.\nFurther details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good\nfaith may face temporary or permanent repercussions as determined by other\nmembers of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,\navailable at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html\n\n[homepage]: https://www.contributor-covenant.org\n\nFor answers to common questions about this code of conduct, see\nhttps://www.contributor-covenant.org/faq\n\n"
},
{
"path": "contributing.md",
"content": "# Contribution Guidelines\n\n## Code of Conduct\n\nPlease note that this project is released with a [Contributor Code of Conduct](code-of-conduct.md). By participating in this project you agree to abide by its terms.\n\n## Adding an awesome search query\n\nEnsure your Issue or Pull Request includes the following information or follows this format:\n\n- Narrow down the results as much as possible using [Shodan's filters](https://danielmiessler.com/study/shodan/)...but not too much, be careful not to exclude people trying to hide via [security by obscurity](https://cwe.mitre.org/data/definitions/656.html)! (Geniuses with SSH listening on port 2222 instead of 22, for example. 🙄)\n- Include a link to the search results page with the `→` symbol at the end of the H3 heading. **Copy the EXACT query into the Shodan search box and copy and paste the resulting URL** to make sure it's identical and encoded properly.\n- Don't include a `country:` filter. It's okay if a certain technology is only used by a certain country, but there's no need to artifically limit the results to that locale alone. Leave that up to the searcher.\n- Screenshots are unnecessary, unless they add something interesting, shocking, or out of the ordinary — like a [billboard for burgers](https://github.com/jakejarvis/awesome-shodan-queries#samsung-electronic-billboards-) or a [ransomware-infected desktop](https://github.com/jakejarvis/awesome-shodan-queries#unprotected-vnc-).\n- Descriptions are also unnecessary, unless you have a link you'd like to include to a page with more information, like an [important CVE](https://nvd.nist.gov/vuln/detail/CVE-2017-0144).\n- If you have a question, just ask! No stupid questions around here.\n\n## Updating your Pull Request\n\nSometimes, a maintainer of this list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the list guidelines above.\n\n[Here](https://github.com/RichardLitt/knowledge/blob/master/github/amending-a-commit-guide.md) is a write up on how to change a Pull Request, and the different ways you can do that."
},
{
"path": "license.md",
"content": "CC0 1.0 Universal\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer\nexclusive Copyright and Related Rights (defined below) upon the creator and\nsubsequent owner(s) (each and all, an \"owner\") of an original work of\nauthorship and/or a database (each, a \"Work\").\n\nCertain owners wish to permanently relinquish those rights to a Work for the\npurpose of contributing to a commons of creative, cultural and scientific\nworks (\"Commons\") that the public can reliably and without fear of later\nclaims of infringement build upon, modify, incorporate in other works, reuse\nand redistribute as freely as possible in any form whatsoever and for any\npurposes, including without limitation commercial purposes. These owners may\ncontribute to the Commons to promote the ideal of a free culture and the\nfurther production of creative, cultural and scientific works, or to gain\nreputation or greater distribution for their Work in part through the use and\nefforts of others.\n\nFor these and/or other purposes and motivations, and without any expectation\nof additional consideration or compensation, the person associating CC0 with a\nWork (the \"Affirmer\"), to the extent that he or she is an owner of Copyright\nand Related Rights in the Work, voluntarily elects to apply CC0 to the Work\nand publicly distribute the Work under its terms, with knowledge of his or her\nCopyright and Related Rights in the Work and the meaning and intended legal\neffect of CC0 on those rights.\n\n1. Copyright and Related Rights. A Work made available under CC0 may be\nprotected by copyright and related or neighboring rights (\"Copyright and\nRelated Rights\"). Copyright and Related Rights include, but are not limited\nto, the following:\n\n i. the right to reproduce, adapt, distribute, perform, display, communicate,\n and translate a Work;\n\n ii. moral rights retained by the original author(s) and/or performer(s);\n\n iii. publicity and privacy rights pertaining to a person's image or likeness\n depicted in a Work;\n\n iv. rights protecting against unfair competition in regards to a Work,\n subject to the limitations in paragraph 4(a), below;\n\n v. rights protecting the extraction, dissemination, use and reuse of data in\n a Work;\n\n vi. database rights (such as those arising under Directive 96/9/EC of the\n European Parliament and of the Council of 11 March 1996 on the legal\n protection of databases, and under any national implementation thereof,\n including any amended or successor version of such directive); and\n\n vii. other similar, equivalent or corresponding rights throughout the world\n based on applicable law or treaty, and any national implementations thereof.\n\n2. Waiver. To the greatest extent permitted by, but not in contravention of,\napplicable law, Affirmer hereby overtly, fully, permanently, irrevocably and\nunconditionally waives, abandons, and surrenders all of Affirmer's Copyright\nand Related Rights and associated claims and causes of action, whether now\nknown or unknown (including existing as well as future claims and causes of\naction), in the Work (i) in all territories worldwide, (ii) for the maximum\nduration provided by applicable law or treaty (including future time\nextensions), (iii) in any current or future medium and for any number of\ncopies, and (iv) for any purpose whatsoever, including without limitation\ncommercial, advertising or promotional purposes (the \"Waiver\"). Affirmer makes\nthe Waiver for the benefit of each member of the public at large and to the\ndetriment of Affirmer's heirs and successors, fully intending that such Waiver\nshall not be subject to revocation, rescission, cancellation, termination, or\nany other legal or equitable action to disrupt the quiet enjoyment of the Work\nby the public as contemplated by Affirmer's express Statement of Purpose.\n\n3. Public License Fallback. Should any part of the Waiver for any reason be\njudged legally invalid or ineffective under applicable law, then the Waiver\nshall be preserved to the maximum extent permitted taking into account\nAffirmer's express Statement of Purpose. In addition, to the extent the Waiver\nis so judged Affirmer hereby grants to each affected person a royalty-free,\nnon transferable, non sublicensable, non exclusive, irrevocable and\nunconditional license to exercise Affirmer's Copyright and Related Rights in\nthe Work (i) in all territories worldwide, (ii) for the maximum duration\nprovided by applicable law or treaty (including future time extensions), (iii)\nin any current or future medium and for any number of copies, and (iv) for any\npurpose whatsoever, including without limitation commercial, advertising or\npromotional purposes (the \"License\"). The License shall be deemed effective as\nof the date CC0 was applied by Affirmer to the Work. Should any part of the\nLicense for any reason be judged legally invalid or ineffective under\napplicable law, such partial invalidity or ineffectiveness shall not\ninvalidate the remainder of the License, and in such case Affirmer hereby\naffirms that he or she will not (i) exercise any of his or her remaining\nCopyright and Related Rights in the Work or (ii) assert any associated claims\nand causes of action with respect to the Work, in either case contrary to\nAffirmer's express Statement of Purpose.\n\n4. Limitations and Disclaimers.\n\n a. No trademark or patent rights held by Affirmer are waived, abandoned,\n surrendered, licensed or otherwise affected by this document.\n\n b. Affirmer offers the Work as-is and makes no representations or warranties\n of any kind concerning the Work, express, implied, statutory or otherwise,\n including without limitation warranties of title, merchantability, fitness\n for a particular purpose, non infringement, or the absence of latent or\n other defects, accuracy, or the present or absence of errors, whether or not\n discoverable, all to the greatest extent permissible under applicable law.\n\n c. Affirmer disclaims responsibility for clearing rights of other persons\n that may apply to the Work or any use thereof, including without limitation\n any person's Copyright and Related Rights in the Work. Further, Affirmer\n disclaims responsibility for obtaining any necessary consents, permissions\n or other rights required for any use of the Work.\n\n d. Affirmer understands and acknowledges that Creative Commons is not a\n party to this document and has no duty or obligation with respect to this\n CC0 or use of the Work.\n\nFor more information, please see\n\n"
},
{
"path": "readme.md",
"content": "# Awesome Shodan Search Queries [](https://awesome.re)\n\n\nOver time, I've collected an assortment of interesting, funny, and depressing search queries to plug into [Shodan](https://www.shodan.io/), the ([literal](https://www.vice.com/en_uk/article/9bvxmd/shodan-exposes-the-dark-side-of-the-net)) internet search engine. Some return facepalm-inducing results, while others return serious and/or ancient vulnerabilities in the wild.\n\n\n ![](\"screenshots/shodan.png\")
\n Most search filters require a Shodan account.\n
\n\nYou can assume these queries only return unsecured/open instances when possible. For your own legal benefit, do not attempt to login (even with default passwords) if they aren't! Narrow down results by adding filters like `country:US` or `org:\"Harvard University\"` or `hostname:\"nasa.gov\"` to the end.\n\nThe world and its devices are quickly becoming more connected through the shiny new [Internet of ~~Things~~ Sh*t](https://motherboard.vice.com/en_us/topic/internet-of-shit) — and exponentially [more dangerous](https://blog.malwarebytes.com/101/2017/12/internet-things-iot-security-never/) as a result. To that end, I hope this list spreads awareness (and, quite frankly, pant-wetting fear) rather than harm. \n\n**And as always, [discover and disclose responsibly](https://www.bugcrowd.com/resource/what-is-responsible-disclosure/)! 🤓**\n\n\n---\n\n\n### **Table of Contents**\n\n- [Industrial Control Systems](#industrial-control-systems)\n- [Remote Desktop](#remote-desktop)\n- [Network Infrastructure](#network-infrastructure)\n- [Network Attached Storage (NAS)](#network-attached-storage-nas)\n- [Webcams](#webcams)\n- [Printers & Copiers](#printers--copiers)\n- [Home Devices](#home-devices)\n- [Random Stuff](#random-stuff)\n\n\n---\n\n\n## Industrial Control Systems\n\n\n### Samsung Electronic Billboards [🔎 →](https://www.shodan.io/search?query=%22Server%3A+Prismview+Player%22)\n\n```\n\"Server: Prismview Player\"\n```\n\n\n\n\n### Gas Station Pump Controllers [🔎 →](https://www.shodan.io/search?query=%22in-tank+inventory%22+port%3A10001)\n\n```\n\"in-tank inventory\" port:10001\n```\n\n\n\n\n### Automatic License Plate Readers [🔎 →](https://www.shodan.io/search?query=P372+%22ANPR+enabled%22)\n\n```\nP372 \"ANPR enabled\"\n```\n\n\n\n\n### Traffic Light Controllers / Red Light Cameras [🔎 →](https://www.shodan.io/search?query=mikrotik+streetlight)\n\n```\nmikrotik streetlight\n```\n\n\n### Voting Machines in the United States [🔎 →](https://www.shodan.io/search?query=%22voter+system+serial%22+country%3AUS)\n\n```\n\"voter system serial\" country:US\n```\n\n\n### Telcos Running [Cisco Lawful Intercept](https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/lawful/intercept/book/65LIch1.html) Wiretaps [🔎 →](https://www.shodan.io/search?query=%22Cisco+IOS%22+%22ADVIPSERVICESK9_LI-M%22)\n\n```\n\"Cisco IOS\" \"ADVIPSERVICESK9_LI-M\"\n```\n\nWiretapping mechanism outlined by Cisco in [RFC 3924](https://tools.ietf.org/html/rfc3924):\n\n> Lawful intercept is the lawfully authorized interception and monitoring of communications of an intercept subject. The term \"intercept subject\" [...] refers to the subscriber of a telecommunications service whose communications and/or intercept related information (IRI) has been lawfully authorized to be intercepted and delivered to some agency.\n\n\n### Prison Pay Phones [🔎 →](https://www.shodan.io/search?query=%22%5B2J%5BH+Encartele+Confidential%22)\n\n```\n\"[2J[H Encartele Confidential\"\n```\n\n\n### [Tesla PowerPack](https://www.tesla.com/powerpack) Charging Status [🔎 →](https://www.shodan.io/search?query=http.title%3A%22Tesla+PowerPack+System%22+http.component%3A%22d3%22+-ga3ca4f2)\n\n```\nhttp.title:\"Tesla PowerPack System\" http.component:\"d3\" -ga3ca4f2\n```\n\n\n\n\n### Electric Vehicle Chargers [🔎 →](https://www.shodan.io/search?query=%22Server%3A+gSOAP%2F2.8%22+%22Content-Length%3A+583%22)\n\n```\n\"Server: gSOAP/2.8\" \"Content-Length: 583\"\n```\n\n\n### Maritime Satellites [🔎 →](https://www.shodan.io/search?query=%22Cobham+SATCOM%22+OR+%28%22Sailor%22+%22VSAT%22%29)\n\nShodan made a pretty sweet [Ship Tracker](https://shiptracker.shodan.io/) that maps ship locations in real time, too!\n\n```\n\"Cobham SATCOM\" OR (\"Sailor\" \"VSAT\")\n```\n\n\n\n\n### Submarine Mission Control Dashboards [🔎 →](https://www.shodan.io/search?query=title%3A%22Slocum+Fleet+Mission+Control%22)\n\n```\ntitle:\"Slocum Fleet Mission Control\"\n```\n\n\n### [CAREL PlantVisor](https://www.carel.com/product/plantvisor) Refrigeration Units [🔎 →](https://www.shodan.io/search?query=%22Server%3A+CarelDataServer%22+%22200+Document+follows%22)\n\n```\n\"Server: CarelDataServer\" \"200 Document follows\"\n```\n\n\n\n\n### [Nordex Wind Turbine](http://www.nordex-online.com/en/products-services/wind-turbines.html) Farms [🔎 →](https://www.shodan.io/search?query=http.title%3A%22Nordex+Control%22+%22Windows+2000+5.0+x86%22+%22Jetty%2F3.1+%28JSP+1.1%3B+Servlet+2.2%3B+java+1.6.0_14%29%22)\n\n```\nhttp.title:\"Nordex Control\" \"Windows 2000 5.0 x86\" \"Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)\"\n```\n\n\n### [C4 Max](https://www.mobile-devices.com/our-products/c4-max/) Commercial Vehicle GPS Trackers [🔎 →](https://www.shodan.io/search?query=%22%5B1m%5B35mWelcome+on+console%22)\n\n```\n\"[1m[35mWelcome on console\"\n```\n\n\n\n\n### [DICOM](https://www.dicomstandard.org/about/) Medical X-Ray Machines [🔎 →](https://www.shodan.io/search?query=%22DICOM+Server+Response%22+port%3A104)\n\nSecured by default, thankfully, but these 1,700+ machines still [have no business](https://documents.trendmicro.com/assets/rpt/rpt-securing-connected-hospitals.pdf) being on the internet.\n\n```\n\"DICOM Server Response\" port:104\n```\n\n\n### [GaugeTech](https://electroind.com/all-products/) Electricity Meters [🔎 →](https://www.shodan.io/search?query=%22Server%3A+EIG+Embedded+Web+Server%22+%22200+Document+follows%22)\n\n```\n\"Server: EIG Embedded Web Server\" \"200 Document follows\"\n```\n\n\n\n\n### Siemens Industrial Automation [🔎 →](https://www.shodan.io/search?query=%22Siemens%2C+SIMATIC%22+port%3A161)\n\n```\n\"Siemens, SIMATIC\" port:161\n```\n\n\n### Siemens HVAC Controllers [🔎 →](https://www.shodan.io/search?query=%22Server%3A+Microsoft-WinCE%22+%22Content-Length%3A+12581%22)\n\n```\n\"Server: Microsoft-WinCE\" \"Content-Length: 12581\"\n```\n\n\n### Door / Lock Access Controllers [🔎 →](https://www.shodan.io/search?query=%22HID+VertX%22+port%3A4070)\n\n```\n\"HID VertX\" port:4070\n```\n\n\n### Railroad Management [🔎 →](https://www.shodan.io/search?query=%22log+off%22+%22select+the+appropriate%22)\n\n```\n\"log off\" \"select the appropriate\"\n```\n\n\n\n---\n\n\n\n## Remote Desktop\n\n\n### Unprotected VNC [🔎 →](https://www.shodan.io/search?query=%22authentication+disabled%22+%22RFB+003.008%22)\n\n```\n\"authentication disabled\" \"RFB 003.008\"\n```\n\n[Shodan Images](https://images.shodan.io/) is a great supplementary tool to browse screenshots, by the way! [🔎 →](https://images.shodan.io/?query=%22authentication+disabled%22+%21screenshot.label%3Ablank)\n\n\n ![\"Example:](\"screenshots/vnc.png\")
\n The first result right now. 😞\n
\n\n\n### Windows RDP [🔎 →](https://www.shodan.io/search?query=%22%5Cx03%5Cx00%5Cx00%5Cx0b%5Cx06%5Cxd0%5Cx00%5Cx00%5Cx124%5Cx00%22)\n\n99.99% are secured by a secondary Windows login screen.\n\n```\n\"\\x03\\x00\\x00\\x0b\\x06\\xd0\\x00\\x00\\x124\\x00\"\n```\n\n\n---\n\n\n## Network Infrastructure\n\n\n### [Weave Scope](https://www.weave.works/oss/scope/) Dashboards [🔎 →](https://www.shodan.io/search?query=title%3A%22Weave+Scope%22+http.favicon.hash%3A567176827)\n\nCommand-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.\n\n```\ntitle:\"Weave Scope\" http.favicon.hash:567176827\n```\n\n\n\n\n### MongoDB [🔎 →](https://www.shodan.io/search?query=product%3AMongoDB+-authentication)\n\nOlder versions were insecure by default. [Very scary.](https://krebsonsecurity.com/tag/mongodb/)\n\n```\n\"MongoDB Server Information\" port:27017 -authentication\n```\n\n\n\n\n### [Mongo Express](https://github.com/mongo-express/mongo-express) Web GUI [🔎 →](https://www.shodan.io/search?query=%22Set-Cookie%3A+mongo-express%3D%22+%22200+OK%22)\n\nLike the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/vendor_id-784/Phpmyadmin.html) but for MongoDB.\n\n```\n\"Set-Cookie: mongo-express=\" \"200 OK\"\n```\n\n\n\n\n### Jenkins CI [🔎 →](https://www.shodan.io/search?query=%22X-Jenkins%22+%22Set-Cookie%3A+JSESSIONID%22+http.title%3A%22Dashboard%22)\n\n```\n\"X-Jenkins\" \"Set-Cookie: JSESSIONID\" http.title:\"Dashboard\"\n```\n\n\n\n\n### Docker APIs [🔎 →](https://www.shodan.io/search?query=%22Docker+Containers%3A%22+port%3A2375)\n\n```\n\"Docker Containers:\" port:2375\n```\n\n\n### Docker Private Registries [🔎 →](https://www.shodan.io/search?query=%22Docker-Distribution-Api-Version%3A+registry%22+%22200+OK%22+-gitlab)\n\n```\n\"Docker-Distribution-Api-Version: registry\" \"200 OK\" -gitlab\n```\n\n\n### [Pi-hole](https://pi-hole.net/) Open DNS Servers [🔎 →](https://www.shodan.io/search?query=%22dnsmasq-pi-hole%22+%22Recursion%3A+enabled%22)\n\n```\n\"dnsmasq-pi-hole\" \"Recursion: enabled\"\n```\n\n\n### Already Logged-In as `root` via Telnet [🔎 →](https://www.shodan.io/search?query=%22root%40%22+port%3A23+-login+-password+-name+-Session)\n\n```\n\"root@\" port:23 -login -password -name -Session\n```\n\n\n### Android Root Bridges [🔎 →](https://www.shodan.io/search?query=%22Android+Debug+Bridge%22+%22Device%22+port%3A5555)\n\nA tangential result of Google's sloppy fractured update approach. 🙄 [More information here.](https://medium.com/p/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20)\n\n```\n\"Android Debug Bridge\" \"Device\" port:5555\n```\n\n\n### Lantronix Serial-to-Ethernet Adapter [Leaking Telnet Passwords](https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ethernet-devices-leak-telnet-passwords/) [🔎 →](https://www.shodan.io/search?query=Lantronix+password+port%3A30718+-secured)\n\n```\nLantronix password port:30718 -secured\n```\n\n\n### Citrix Virtual Apps [🔎 →](https://www.shodan.io/search?query=%22Citrix+Applications%3A%22+port%3A1604)\n\n```\n\"Citrix Applications:\" port:1604\n```\n\n\n\n\n### Cisco Smart Install [🔎 →](https://www.shodan.io/search?query=%22smart+install+client+active%22)\n\n[Vulnerable](https://2016.zeronights.ru/wp-content/uploads/2016/12/CiscoSmartInstall.v3.pdf) (kind of \"by design,\" but especially when exposed).\n\n```\n\"smart install client active\"\n```\n\n\n### PBX IP Phone Gateways [🔎 →](https://www.shodan.io/search?query=PBX+%22gateway+console%22+-password+port%3A23)\n\n\n```\nPBX \"gateway console\" -password port:23\n```\n\n\n### [Polycom](https://www.polycom.com/hd-video-conferencing.html) Video Conferencing [🔎 →](https://www.shodan.io/search?query=http.title%3A%22-+Polycom%22+%22Server%3A+lighttpd%22)\n\n```\nhttp.title:\"- Polycom\" \"Server: lighttpd\"\n```\n\nTelnet Configuration: [🔎 →](https://www.shodan.io/search?query=%22Polycom+Command+Shell%22+-failed+port%3A23)\n\n```\n\"Polycom Command Shell\" -failed port:23\n```\n\n\n\n\n### [Bomgar Help Desk](https://www.beyondtrust.com/remote-support/integrations) Portal [🔎 →](https://www.shodan.io/search?query=%22Server%3A+Bomgar%22+%22200+OK%22)\n\n```\n\"Server: Bomgar\" \"200 OK\"\n```\n\n\n### Intel Active Management [CVE-2017-5689](https://www.exploit-db.com/exploits/43385) [🔎 →](https://www.shodan.io/search?query=%22Intel%28R%29+Active+Management+Technology%22+port%3A623%2C664%2C16992%2C16993%2C16994%2C16995)\n\n```\n\"Intel(R) Active Management Technology\" port:623,664,16992,16993,16994,16995\n```\n\n\n### HP iLO 4 [CVE-2017-12542](https://nvd.nist.gov/vuln/detail/CVE-2017-12542) [🔎 →](https://www.shodan.io/search?query=HP-ILO-4+%21%22HP-ILO-4%2F2.53%22+%21%22HP-ILO-4%2F2.54%22+%21%22HP-ILO-4%2F2.55%22+%21%22HP-ILO-4%2F2.60%22+%21%22HP-ILO-4%2F2.61%22+%21%22HP-ILO-4%2F2.62%22+%21%22HP-iLO-4%2F2.70%22+port%3A1900)\n\n```\nHP-ILO-4 !\"HP-ILO-4/2.53\" !\"HP-ILO-4/2.54\" !\"HP-ILO-4/2.55\" !\"HP-ILO-4/2.60\" !\"HP-ILO-4/2.61\" !\"HP-ILO-4/2.62\" !\"HP-iLO-4/2.70\" port:1900\n```\n\n\n### Outlook Web Access:\n\n#### Exchange 2007 [🔎 →](https://www.shodan.io/search?query=%22x-owa-version%22+%22IE%3DEmulateIE7%22+%22Server%3A+Microsoft-IIS%2F7.0%22)\n\n```\n\"x-owa-version\" \"IE=EmulateIE7\" \"Server: Microsoft-IIS/7.0\"\n```\n\n\n\n#### Exchange 2010 [🔎 →](https://www.shodan.io/search?query=%22x-owa-version%22+%22IE%3DEmulateIE7%22+http.favicon.hash%3A442749392)\n\n```\n\"x-owa-version\" \"IE=EmulateIE7\" http.favicon.hash:442749392\n```\n\n\n\n#### Exchange 2013 / 2016 [🔎 →](https://www.shodan.io/search?query=%22X-AspNet-Version%22+http.title%3A%22Outlook%22+-%22x-owa-version%22)\n\n```\n\"X-AspNet-Version\" http.title:\"Outlook\" -\"x-owa-version\"\n```\n\n\n\n\n### Lync / Skype for Business [🔎 →](https://www.shodan.io/search?query=%22X-MS-Server-Fqdn%22)\n\n```\n\"X-MS-Server-Fqdn\"\n```\n\n\n---\n\n\n## Network Attached Storage (NAS)\n\n\n### SMB (Samba) File Shares [🔎 →](https://www.shodan.io/search?query=%22Authentication%3A+disabled%22+port%3A445)\n\nProduces ~500,000 results...narrow down by adding \"Documents\" or \"Videos\", etc.\n\n```\n\"Authentication: disabled\" port:445\n```\n\nSpecifically domain controllers: [🔎 →](https://www.shodan.io/search?query=%22Authentication%3A+disabled%22+NETLOGON+SYSVOL+-unix+port%3A445)\n\n```\n\"Authentication: disabled\" NETLOGON SYSVOL -unix port:445\n```\n\nConcerning [default network shares of QuickBooks](https://quickbooks.intuit.com/learn-support/en-us/help-articles/set-up-folder-and-windows-access-permissions-to-share-company/01/201880) files: [🔎 →](https://www.shodan.io/search?query=%22Authentication%3A+disabled%22+%22Shared+this+folder+to+access+QuickBooks+files+OverNetwork%22+-unix+port%3A445)\n\n```\n\"Authentication: disabled\" \"Shared this folder to access QuickBooks files OverNetwork\" -unix port:445\n```\n\n\n### FTP Servers with Anonymous Login [🔎 →](https://www.shodan.io/search?query=%22220%22+%22230+Login+successful.%22+port%3A21)\n\n```\n\"220\" \"230 Login successful.\" port:21\n```\n\n\n### Iomega / LenovoEMC NAS Drives [🔎 →](https://www.shodan.io/search?query=%22Set-Cookie%3A+iomega%3D%22+-%22manage%2Flogin.html%22+-http.title%3A%22Log+In%22)\n\n```\n\"Set-Cookie: iomega=\" -\"manage/login.html\" -http.title:\"Log In\"\n```\n\n\n\n\n### Buffalo TeraStation NAS Drives [🔎 →](https://www.shodan.io/search?query=Redirecting+sencha+port%3A9000)\n\n```\nRedirecting sencha port:9000\n```\n\n\n\n\n### Logitech Media Servers [🔎 →](https://www.shodan.io/search?query=%22Server%3A+Logitech+Media+Server%22+%22200+OK%22)\n\n```\n\"Server: Logitech Media Server\" \"200 OK\"\n```\n\n\n\n\n### [Plex](https://www.plex.tv/) Media Servers [🔎 →](https://www.shodan.io/search?query=%22X-Plex-Protocol%22+%22200+OK%22+port%3A32400)\n\n```\n\"X-Plex-Protocol\" \"200 OK\" port:32400\n```\n\n\n### [Tautulli / PlexPy](https://github.com/Tautulli/Tautulli) Dashboards [🔎 →](https://www.shodan.io/search?query=%22CherryPy%2F5.1.0%22+%22%2Fhome%22)\n\n```\n\"CherryPy/5.1.0\" \"/home\"\n```\n\n\n\n\n---\n\n\n## Webcams\n\nExample images not necessary. 🤦\n\n### Yawcams [🔎 →](https://www.shodan.io/search?query=%22Server%3A+yawcam%22+%22Mime-Type%3A+text%2Fhtml%22)\n\n```\n\"Server: yawcam\" \"Mime-Type: text/html\"\n```\n\n\n### webcamXP/webcam7 [🔎 →](https://www.shodan.io/search?query=%28%22webcam+7%22+OR+%22webcamXP%22%29+http.component%3A%22mootools%22+-401)\n\n```\n(\"webcam 7\" OR \"webcamXP\") http.component:\"mootools\" -401\n```\n\n\n### Android IP Webcam Server [🔎 →](https://www.shodan.io/search?query=%22Server%3A+IP+Webcam+Server%22+%22200+OK%22)\n\n```\n\"Server: IP Webcam Server\" \"200 OK\"\n```\n\n\n### Security DVRs [🔎 →](https://www.shodan.io/search?query=html%3A%22DVR_H264+ActiveX%22)\n\n```\nhtml:\"DVR_H264 ActiveX\"\n```\n\n\n---\n\n\n## Printers & Copiers:\n\n\n### HP Printers [🔎 →](https://www.shodan.io/search?query=%22Serial+Number%3A%22+%22Built%3A%22+%22Server%3A+HP+HTTP%22)\n\n```\n\"Serial Number:\" \"Built:\" \"Server: HP HTTP\"\n```\n\n\n\n\n### Xerox Copiers/Printers [🔎 →](https://www.shodan.io/search?query=ssl%3A%22Xerox+Generic+Root%22)\n\n```\nssl:\"Xerox Generic Root\"\n```\n\n\n\n\n### Epson Printers [🔎 →](https://www.shodan.io/search?query=%22SERVER%3A+EPSON_Linux+UPnP%22+%22200+OK%22)\n\n```\n\"SERVER: EPSON_Linux UPnP\" \"200 OK\"\n```\n\n```\n\"Server: EPSON-HTTP\" \"200 OK\"\n```\n\n\n\n\n### Canon Printers [🔎 →](https://www.shodan.io/search?query=%22Server%3A+KS_HTTP%22+%22200+OK%22)\n\n```\n\"Server: KS_HTTP\" \"200 OK\"\n```\n\n```\n\"Server: CANON HTTP Server\"\n```\n\n\n\n\n--- \n\n\n## Home Devices\n\n\n### Yamaha Stereos [🔎 →](https://www.shodan.io/search?query=%22Server%3A+AV_Receiver%22+%22HTTP%2F1.1+406%22)\n\n```\n\"Server: AV_Receiver\" \"HTTP/1.1 406\"\n```\n\n\n\n\n### Apple AirPlay Receivers [🔎 →](https://www.shodan.io/search?query=%22%5Cx08_airplay%22+port%3A5353)\n\nApple TVs, HomePods, etc.\n\n```\n\"\\x08_airplay\" port:5353\n```\n\n\n### Chromecasts / Smart TVs [🔎 →](https://www.shodan.io/search?query=%22Chromecast%3A%22+port%3A8008)\n\n```\n\"Chromecast:\" port:8008\n```\n\n\n### [Crestron Smart Home](https://www.crestron.com/Products/Market-Solutions/Residential-Solutions) Controllers [🔎 →](https://www.shodan.io/search?query=%22Model%3A+PYNG-HUB%22)\n\n```\n\"Model: PYNG-HUB\"\n```\n\n---\n\n\n## Random Stuff\n\n\n### OctoPrint 3D Printer Controllers [🔎 →](https://www.shodan.io/search?query=title%3A%22OctoPrint%22+-title%3A%22Login%22+http.favicon.hash%3A1307375944)\n\n```\ntitle:\"OctoPrint\" -title:\"Login\" http.favicon.hash:1307375944\n```\n\n\n\n\n### Etherium Miners [🔎 →](https://www.shodan.io/search?query=%22ETH+-+Total+speed%22)\n\n```\n\"ETH - Total speed\"\n```\n\n\n\n\n### Apache Directory Listings [🔎 →](https://www.shodan.io/search?query=http.title%3A%22Index+of+%2F%22+http.html%3A%22.pem%22)\n\nSubstitute `.pem` with any extension or a filename like `phpinfo.php`.\n\n```\nhttp.title:\"Index of /\" http.html:\".pem\"\n```\n\n\n### Misconfigured WordPress [🔎 →](https://www.shodan.io/search?query=http.html%3A%22*+The+wp-config.php+creation+script+uses+this+file%22)\n\nExposed [`wp-config.php`](https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php) files containing database credentials.\n\n```\nhttp.html:\"* The wp-config.php creation script uses this file\"\n```\n\n\n### Too Many Minecraft Servers [🔎 →](https://www.shodan.io/search?query=%22Minecraft+Server%22+%22protocol+340%22+port%3A25565)\n\n```\n\"Minecraft Server\" \"protocol 340\" port:25565\n```\n\n\n### Literally [Everything](https://www.vox.com/2014/12/22/7435625/north-korea-internet) in North Korea 🇰🇵 [🔎 →](https://www.shodan.io/search?query=net%3A175.45.176.0%2F22%2C210.52.109.0%2F24)\n\n```\nnet:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24\n```\n\n\n### TCP Quote of the Day [🔎 →](https://www.shodan.io/search?query=port%3A17+product%3A%22Windows+qotd%22)\n\nPort 17 ([RFC 865](https://tools.ietf.org/html/rfc865)) has a [bizarre history](https://en.wikipedia.org/wiki/QOTD)...\n\n```\nport:17 product:\"Windows qotd\"\n```\n\n\n### Find a Job Doing This! 👩💼 [🔎 →](https://www.shodan.io/search?query=%22X-Recruiting%3A%22)\n\n```\n\"X-Recruiting:\"\n```\n\n\n---\n\n\n\nIf you've found any other juicy Shodan gems, whether it's a search query or a specific example, definitely [drop a comment](https://jarv.is/notes/shodan-search-queries/#commento) on the blog or [open an issue/PR here on GitHub](https://github.com/jakejarvis/awesome-shodan-queries).\n\nBon voyage, fellow penetrators! 😉\n\n\n\n## License\n\n[](https://creativecommons.org/publicdomain/zero/1.0/)\n\nTo the extent possible under law, [Jake Jarvis](https://jarv.is/) has waived all copyright and related or neighboring rights to this work.\n\nMirrored from a blog post at https://jarv.is/notes/shodan-search-queries/.\n"
}
] ![\"Example:](\"screenshots/billboard3.png\")
![\"Example:](\"screenshots/7-11.png\")
![\"Example:](\"screenshots/plate-reader.png\")
![\"Example:](\"screenshots/tesla.png\")
![\"Example:](\"screenshots/sailor-vsat.png\")
![\"Example:](\"screenshots/refrigeration.png\")
![\"Example:](\"screenshots/c4max.png\")
![\"Example:](\"screenshots/power-gaugetech.png\")
![\"Example:](\"screenshots/weavescope.png\")
![\"Example:](\"screenshots/mongo.png\")
![\"Example:](\"screenshots/mongo-express.png\")
![\"Example:](\"screenshots/jenkins.png\")
![\"Example:](\"screenshots/citrix.png\")
![\"Example:](\"screenshots/polycom.png\")
![\"Example:](\"screenshots/owa2007.png\")
![\"Example:](\"screenshots/owa2010.png\")
![\"Example:](\"screenshots/owa2013.png\")
![\"Example:](\"screenshots/iomega.png\")
![\"Example:](\"screenshots/buffalo.png\")
![\"Example:](\"screenshots/logitech.png\")
![\"Example:](\"screenshots/plexpy.png\")
![\"Example:](\"screenshots/hp.png\")
![\"Example:](\"screenshots/xerox.png\")
![\"Example:](\"screenshots/epson.png\")
![\"Example:](\"screenshots/canon.png\")
![\"Example:](\"screenshots/yamaha.png\")
![\"Example:](\"screenshots/octoprint.png\")
![\"Example:](\"screenshots/eth.png\")