Shodan is not easy to use for the average web surfer; but for the tech-savvy (such as both security researchers and hackers) it is an invaluable tool. Researchers seek to strengthen the internet; hackers seek to attack it. Shodan can help both parties. An example of the former is Project SHINE (SHodan INtelligence Extraction) from Bob Radvanovsky and Jake Brodsky of Infracritical. Its purpose is to use Shodan to locate SCADA devices connected to the internet.
"To date," wrote Radvanovsky in a Tofino Security blog last September, "we have not reached a baseline (aka, 'the bottom') in the total number of devices we discovered. The average number of new SCADA/ICS devices found every day is typically between 2000 and 8000. So far we have collected over 1,000,000 unique IP addresses that appear to belong to either SCADA and control systems devices or related software products."
But armed with those IP addresses, knowledge of what they connect to the internet and prepared exploits, hackers – or even foreign states – could attack systems that are part of a nation's critical infrastructure. That's what makes Shodan scary.
Now Shodan has released what developer John Matherly calls "a new way to browse the Shodan search engine in the form of an add-on: Shodan Maps." It works, he says, like any other map search service by graphically displaying the locations of the search results in both 'satellite' and 'street' views. "It will currently display up to 1,000 results at a time on-screen, as well as summary information about all the results (location-independent) such as top 5 services, organizations and countries."
While this new add-on doesn't make the technicalities of using Shodan any simpler, it does make a quick analysis of the results much faster. For example, a hacker wishing to attack a specific area will rapidly see the location of potential weak points. A defender wishing to protect a campus or even a nation can rapidly see the task ahead.
Incidentally, considering the recent massive NTP-based DDoS reflection attack, Shodan has added the NTP service to the list of ports that Shodan surveys. The related NTP Shodan Map immediately shows that the majority of vulnerable servers that could be co-opted into such are an attack are located in the US, Europe in general, and the Far East.
Shodan Maps is not a free addition to the Shodan search engine. It currently costs a one-time fee of $19 to activate.