Shodan dorks 2026
- ӄɾίⲙίռⲁʟ ፀϫፀፀ
- 18 mag
- Tempo di lettura: 4 min
Shodan è un motore di ricerca di tutti i dispositivi del mondo connessi a Internet, ovvero alla rete esterna, che scannerizza tramite crawler periodicamente, ogni settimana, l'intero spazio cibernetico globale e rileva porte aperte, servizi sulle quali girano a partire da un host, che può comprendere uno o più sistemi, di natura informatica, IoT, industriale ICS/SCADA, medicali, banking, pannelli admin di siti web, stampanti, webcam e IPTV cam, impianti di sorveglianza, dati inviati da sensori ed attuatori, comparti elettromeccanici e HMI (Human-Machine Interface, il pannello dove l'operatore umano agisce toccando per dare comandi all'impianto di automazione collegato), database, ma anche PC domestici infetti da malware di vario genere che consentono a chiunque da remoto di collegarsi tramite protocollo VNC o RDP al sistema casalingo ed osservare quanto avviene sullo schermo, oppure interagire in totale inconsapevolezza del proprietario del dispositivo o della rete in questione.
A tal proposito, anche quest'anno 2026 è comparsa la lista di Shodan Dorks, ovvero parole chiave (keywords) per avviare query di ricerca mirate ai sistemi di maggiore interesse.
Come si può osservare, l'elenco è suddiviso per categorie e per ognuna ove sia presente un'immagine di screenshot dimostrativo, esso è stato riportato nell'articolo.
N.B.: si ricorda che per avviare la ricerca di alcune query è necessario effettuare il login al proprio account Shodan, con piano che va da quello base e free, ai pacchetti di ricerca avanzata, con un numero di pagine mostrate più elevato (il piano di default consente di visualizzare massimo 2 pagine di risultati), così come nei piani a pagamento è possibile accedere alle informazioni raw per ogni Host, oltre ad avere già organizzato per categoria l'intero elenco di elementi disponibili.
Buona ricerca! ♠
CAMERA
General camera search:
cameraHikvision IP cameras
product:"Hikvision IP Camera"Webcams running on IPCam Client
title:"IPCam Client"Older webcams running on GeoVision
server: GeoHttpServerContaCam cameras
title:"ContaCam"Avigilon camera or monitoring device
title:"Avigilon"Vivotek IP cameras
server: VVTK-HTTP-ServerDVR CCTV camera accessible via HTTP
200 ok dvr port:"81"Netwave IP cameras
Netwave IP Camera Content-Length: 2574UI3 (HTML5 web interface for Blue Iris)
title:"ui3 -"Various IP camera and video management system products
ACTiYawcam cameras web interface
product:"Yawcam webcam viewer httpd"Unsecured Linksys webcam system
title:"+tm01+"Webcams running on WebcamXP
server: webcamxpWebcam with screenshot
webcam has_screenshot:trueWebcams running on webcam 7
server: "webcam 7"
Canon Megapixel security cameras
title:"Network Camera VB-M600"i-Catcher IP CCTV system
server: "i-Catcher Console"IP webcams with screenshot
has_screenshot:true IP WebcamLinksys WVC80N cameras
WVC80NWebcams running on Blue Iris
title:"blue iris remote view"Industrial Control System
S7
port:102Ethernet/IP
port:44818Modbus
port:502GaugeTech Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows"
BACnet
port:47808Niagara Fox
port:1911,4911 product:NiagaraVNC server
"authentication disabled" "RFB 003.008" or product:"VNC" "authentication disabled"IEC 60870-5-104
port:2404 asdu addressGas station pump controllers
"in-tank inventory" port:10001
Siemens Industrial Automation
"Siemens, SIMATIC" port:161DICOM Medical X-Rays Machines"DICOM Server Response" port:104ProConOS
port:20547 PLCOmron FINS
port:9600 response codePCWorkx
port:1962 PLCDNP3
port:20000 source addressXZERES wind turbine
title:"xzeres wind"MELESEC-Q
port:5006,5007 product:mitsubishiDoor Lock access controllers
"HID VertX" port:4070"voter system serial" country:USC4 Max Commercial Vehicle GPS Trackers
[1m[35mWelcome on console
Open ATM
NCR Port:"161"Nordex wind turbine fans
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"Traffic light controllers
mikrotik streetlightFuel pumps connected to the internet
"privileged command" GETCAREL PlantVisor refrigerator units
"Server: CarelDataServer" "200 Document follows"
HART-IP
port:5094 hart-ipRailroad management
"log off" "select the appropriate"Samsung electronic billboards
Server: Prismview Player
Siemens HVAC controllers
"Server: Microsoft-WinCE" "Content-Length: 12581"Railroad management
"log off" "select the appropriate"Network Infrastructure
General MySQL Database search
product:MySQLRemote PostGreSQL Connections
port:5432 PostgreSQLDefault MongoDB Istances
mongodb port:27017MongoDB Server Information on Default Port
"MongoDB Server Information" port:27017Open Elasticsearch Database
port:"9200" all:elasticListed Apache CouchDB
product:"CouchDB"Cisco Smart Install
smart install client activePi-hole DNS Servers
"dnsmasq-pi-hole" "Recursion: enabled"Jenkins CI
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"Polycom Video Conferences
http.title:"- Polycom" "Server: lighttpd"Android Root Bridges
"Android Debug Bridge" "Device" port:5555Latronix Leaking Telnet Password
Lantronix password port:30718 -securedAlready Logged in as Root via Telnet
"root@" port:23 -login -password -name -SessionAccessible Kibana Dashboards
kibana content-length:217Exposed MongoDB Web Interfaces
"Set-Cookie: mongo-express=" "200 OK"Citrix Virtual Apps
"Citrix Applications:" port:1604PBX IP Phone Gateways
PBX "gateway console" -password port:23Telnet Configuration
"Polycom Command Shell" -failed port:23Vulnerable CouchDB Instances
port:"5984"+Server: "CouchDB/2.1.0"Weave Scope Dashboards
title:"Weave Scope" http.favicon.hash:567176827Printers
General Printers Search
printerCanon HTTP Servers
Server: CANON HTTP ServerHP Printers Remote Restart
port:161 hpHTTP Accessible Epson Printers
http 200 server epson -upnp or "Server: EPSON-HTTP" "200 OK"Samsung Printers with SyncThru Web Service
title:"syncthru web service"Unsecured Telnet Access to Printers
port:23 "Password is not set"Remote Access to Xerox Printers
ssl:"Xerox Generic Root"Lexmark Printer Control Panels
Printer Type: LexmarkHP LaserJet Printers via HTTP
"HP-ChaiSOE" port:"80"Brother Printers Admin Interface
"Location: /main/main.html" debutExposed Octoprint 3D Printer Admin Interfaces
title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944Printers with FTP Access
Laser Printer FTP ServerFiles and Directories
Open Lists of Files and Directories
http.title:"Index of /"Filezilla FTP
filezilla port:"21"Open Lists of Port on 80
port:80 title:"Index of /"Samba Shares with Authentication Disabled
"Authentication: disabled" port:445 product:"Samba"FTP Access without Credentials
"220" "230 Login successful." port:21Anonymous FTP Access
"Anonymous access allowed" port:"21"NDMP on FTP Port
ftp port:"10000"Vulnerable VSFTDP Service
vsftpd 2.3.4QuickBook Files Shared over Network
"QuickBooks files OverNetwork" -unix port:445Compromised Devices and Websites
Compromised Legacy Systems
port:4444 system32General Hacked Label Search
hackedHacked by HTTP (in title)
http.title:"Hacked by" or hacked byCompromised Routers Labeled
HACKED-ROUTER or hacked byCompromised Routers
hacked-router-help-sosRansomware Infected RDP Services
"attention" "encrypted" port:3389Compromised Host Advertising
HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORDCompromised FTP Services
HACKED FTP serverBitcoin Wallet Compromised with Screenshot
bitcoin has_screenshot:true

Commenti