diff --git a/readme.md b/readme.md index 23462b0..d865ab5 100644 --- a/readme.md +++ b/readme.md @@ -233,6 +233,51 @@ Secured by default, thankfully, but these 1,700+ machines still [have no busines --- +## Common Exposures + +### Config Files [🔎 →](https://www.shodan.io/search?query=%22Index+of+%2F%22+%22config%22) + +Search for exposed directory listings potentially revealing sensitive configuration files. + +``` +"Index of /" "config" +``` + +### DB Files [🔎 →](https://www.shodan.io/search?query=%22Index+of+%2F%22+%22database%22) + +Search for exposed directory listings potentially revealing database files. + +``` +"Index of /" "database" +``` + +### Exposed `.bak` Backup Files [🔎 →](https://www.shodan.io/search?query=%22index+of%22+%22.bak%22) + +``` +"index of" ".bak" +``` + +### Servers Exposing .env Files with DB Password References [🔎 →](https://www.shodan.io/search?query=http.html%3A%22.env%22+http.html%3A%22DB_PASSWORD%22) + +``` +http.html:".env" http.html:"DB_PASSWORD" +``` + +**You can use `filetype:env intext:DB_PASSWORD` in a Google search to display indexed passwords from some exposed servers. This method often reveals sensitive information in `.env` files that are publicly accessible.** + +### Exposed PHP Session ID Cookies [🔎 →](https://www.shodan.io/search?query=%22Set-Cookie%3A+PHPSESSID%22) + +``` +"Set-Cookie: PHPSESSID" +``` + + +### Exposed Directory Listings in India [🔎 →](https://www.shodan.io/search?query=http.title%3A%22index+of%22+port%3A80+country%3AIN) +``` +http.title:"index of" port:80 country:"IN" +``` + +--- ## Network Infrastructure @@ -269,6 +314,18 @@ Like the [infamous phpMyAdmin](https://www.cvedetails.com/vulnerability-list/ven
Example: Mongo Express GUI
+### MySQL [🔎 →](https://www.shodan.io/search?query=%22mysql%22+port%3A3306+-authentication) + +Misconfigured or exposed instances lacking proper authentication. + +``` +"mysql" port:3306 -authentication +``` + +### Exposed PostgreSQL Databases [🔎 →](https://www.shodan.io/search?query=product%3A%22PostgreSQL%22+%22authentication+failed%22+port%3A5432) +``` +product:"PostgreSQL" "authentication failed" port:5432 +``` ### Jenkins CI [🔎 →](https://www.shodan.io/search?query=%22X-Jenkins%22+%22Set-Cookie%3A+JSESSIONID%22+http.title%3A%22Dashboard%22) @@ -322,7 +379,12 @@ A tangential result of Google's sloppy fractured update approach. 🙄 [More inf Lantronix password port:30718 -secured ``` +### Boa Web Server Embedded Device Interfaces [🔎 →](https://www.shodan.io/search?query=%22Server%3A+Boa%22+%22Content-Length%3A%22+-authentication+port%3A80) +``` +"Server: Boa" "Content-Length:" -authentication port:80 +``` + ### Citrix Virtual Apps [🔎 →](https://www.shodan.io/search?query=%22Citrix+Applications%3A%22+port%3A1604) ``` @@ -419,6 +481,25 @@ HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"H ``` +--- + +## OpenSSH + +### Servers Using Weak Diffie-Hellman Key Exchange [🔎 →](https://www.shodan.io/search?query=product%3A%22OpenSSH%22+%22diffie-hellman-group1-sha1%22) +``` +product:"OpenSSH" "diffie-hellman-group1-sha1" +``` + +### Servers Using Deprecated Triple DES (3DES) Encryption [🔎 →](https://www.shodan.io/search?query=product%3A%22OpenSSH%22+%223des-cbc%22) +``` +product:"OpenSSH" "3des-cbc" +``` + +### Servers Running Vulnerable OpenSSH Versions (5.9, 6.0, 6.2) [🔎 →](https://www.shodan.io/search?query=product%3A%22OpenSSH%22+version%3A%225.9%2C6.0%2C6.2%22) +``` +product:"OpenSSH" version:"5.9,6.0,6.2" +``` + --- @@ -530,6 +611,17 @@ Example images not necessary. 🤦 html:"DVR_H264 ActiveX" ``` +### Unsecured DVR Web Interfaces [🔎 →](https://www.shodan.io/search?query=%22Server%3A+uc-httpd%22+%22200+OK%22+-authentication+port%3A80) + +``` +"Server: uc-httpd" "200 OK" -authentication port:80 +``` + +### GoAhead-Webs Cameras with Exposed Web Interfaces [🔎 →](https://www.shodan.io/search?query=%22http.title%3Acamera%22+%22200+OK%22+%22Server%3A+GoAhead-Webs%22+-authentication+port%3A80) + +``` +"http.title:camera" "200 OK" "Server: GoAhead-Webs" -authentication port:80 +``` --- @@ -545,6 +637,13 @@ html:"DVR_H264 ActiveX"
Example: HP Printers
+### Open HP Printer Web Interfaces [🔎 →](https://www.shodan.io/search?query=%22Server%3A+HP+HTTP%22+%22200+OK%22+-authentication+port%3A80) + +``` +"Server: HP HTTP" "200 OK" -authentication port:80 +``` + +
Example: HP Printers
### Xerox Copiers/Printers [🔎 →](https://www.shodan.io/search?query=ssl%3A%22Xerox+Generic+Root%22) diff --git a/screenshots/hp1.png b/screenshots/hp1.png new file mode 100644 index 0000000..139b932 Binary files /dev/null and b/screenshots/hp1.png differ