top of page

Shodan dorks 2026

Shodan è un motore di ricerca di tutti i dispositivi del mondo connessi a Internet, ovvero alla rete esterna, che scannerizza tramite crawler periodicamente, ogni settimana, l'intero spazio cibernetico globale e rileva porte aperte, servizi sulle quali girano a partire da un host, che può comprendere uno o più sistemi, di natura informatica, IoT, industriale ICS/SCADA, medicali, banking, pannelli admin di siti web, stampanti, webcam e IPTV cam, impianti di sorveglianza, dati inviati da sensori ed attuatori, comparti elettromeccanici e HMI (Human-Machine Interface, il pannello dove l'operatore umano agisce toccando per dare comandi all'impianto di automazione collegato), database, ma anche PC domestici infetti da malware di vario genere che consentono a chiunque da remoto di collegarsi tramite protocollo VNC o RDP al sistema casalingo ed osservare quanto avviene sullo schermo, oppure interagire in totale inconsapevolezza del proprietario del dispositivo o della rete in questione.


A tal proposito, anche quest'anno 2026 è comparsa la lista di Shodan Dorks, ovvero parole chiave (keywords) per avviare query di ricerca mirate ai sistemi di maggiore interesse.

Come si può osservare, l'elenco è suddiviso per categorie e per ognuna ove sia presente un'immagine di screenshot dimostrativo, esso è stato riportato nell'articolo.


N.B.: si ricorda che per avviare la ricerca di alcune query è necessario effettuare il login al proprio account Shodan, con piano che va da quello base e free, ai pacchetti di ricerca avanzata, con un numero di pagine mostrate più elevato (il piano di default consente di visualizzare massimo 2 pagine di risultati), così come nei piani a pagamento è possibile accedere alle informazioni raw per ogni Host, oltre ad avere già organizzato per categoria l'intero elenco di elementi disponibili.


Buona ricerca! ♠



CAMERA


General camera search:

camera

Hikvision IP cameras

product:"Hikvision IP Camera"

Webcams running on IPCam Client

title:"IPCam Client"

Older webcams running on GeoVision

server: GeoHttpServer

ContaCam cameras

title:"ContaCam"

Avigilon camera or monitoring device

title:"Avigilon"

Vivotek IP cameras

server: VVTK-HTTP-Server

DVR CCTV camera accessible via HTTP

200 ok dvr port:"81"

Netwave IP cameras

Netwave IP Camera Content-Length: 2574

UI3 (HTML5 web interface for Blue Iris)

title:"ui3 -"

Various IP camera and video management system products

ACTi

Yawcam cameras web interface

product:"Yawcam webcam viewer httpd"

Unsecured Linksys webcam system

title:"+tm01+"

Webcams running on WebcamXP

server: webcamxp

Webcam with screenshot

webcam has_screenshot:true

Webcams running on webcam 7

server: "webcam 7"

Canon Megapixel security cameras

title:"Network Camera VB-M600"

i-Catcher IP CCTV system

server: "i-Catcher Console"

IP webcams with screenshot

has_screenshot:true IP Webcam

Linksys WVC80N cameras

WVC80N

Webcams running on Blue Iris

title:"blue iris remote view"


Industrial Control System


S7

port:102

Ethernet/IP

port:44818

Modbus

port:502

GaugeTech Electricity Meters

"Server: EIG Embedded Web Server" "200 Document follows"

BACnet

port:47808

Niagara Fox

port:1911,4911 product:Niagara

VNC server

"authentication disabled" "RFB 003.008" or product:"VNC" "authentication disabled"

IEC 60870-5-104

port:2404 asdu address

Gas station pump controllers

"in-tank inventory" port:10001

Siemens Industrial Automation

"Siemens, SIMATIC" port:161

DICOM Medical X-Rays Machines
"DICOM Server Response" port:104

ProConOS

port:20547 PLC

Omron FINS

port:9600 response code

PCWorkx

port:1962 PLC

DNP3

port:20000 source address

XZERES wind turbine

title:"xzeres wind"

MELESEC-Q

port:5006,5007 product:mitsubishi

Door Lock access controllers

"HID VertX" port:4070

Voting machines in the United States

"voter system serial" country:US

C4 Max Commercial Vehicle GPS Trackers

[1m[35mWelcome on console

Open ATM

NCR Port:"161"

Nordex wind turbine fans

http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"

Traffic light controllers

mikrotik streetlight

Fuel pumps connected to the internet

"privileged command" GET

CAREL PlantVisor refrigerator units

"Server: CarelDataServer" "200 Document follows"

HART-IP

port:5094 hart-ip

Railroad management

"log off" "select the appropriate"

Samsung electronic billboards

Server: Prismview Player

Siemens HVAC controllers

"Server: Microsoft-WinCE" "Content-Length: 12581"

Railroad management

"log off" "select the appropriate"


Network Infrastructure


General MySQL Database search

product:MySQL

Remote PostGreSQL Connections

port:5432 PostgreSQL

Default MongoDB Istances

mongodb port:27017

MongoDB Server Information on Default Port

"MongoDB Server Information" port:27017

Open Elasticsearch Database

port:"9200" all:elastic

Listed Apache CouchDB

product:"CouchDB"

Cisco Smart Install

smart install client active

Pi-hole DNS Servers

"dnsmasq-pi-hole" "Recursion: enabled"

Jenkins CI

"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"

Polycom Video Conferences

http.title:"- Polycom" "Server: lighttpd"

Android Root Bridges

"Android Debug Bridge" "Device" port:5555

Latronix Leaking Telnet Password

Lantronix password port:30718 -secured

Already Logged in as Root via Telnet

"root@" port:23 -login -password -name -Session

Accessible Kibana Dashboards

kibana content-length:217

Exposed MongoDB Web Interfaces

"Set-Cookie: mongo-express=" "200 OK"

Citrix Virtual Apps

"Citrix Applications:" port:1604

PBX IP Phone Gateways

PBX "gateway console" -password port:23

Telnet Configuration

"Polycom Command Shell" -failed port:23

Vulnerable CouchDB Instances

port:"5984"+Server: "CouchDB/2.1.0"

Weave Scope Dashboards

title:"Weave Scope" http.favicon.hash:567176827


Printers


General Printers Search

printer

Canon HTTP Servers

Server: CANON HTTP Server

HP Printers Remote Restart

port:161 hp

HTTP Accessible Epson Printers

http 200 server epson -upnp or "Server: EPSON-HTTP" "200 OK"

Samsung Printers with SyncThru Web Service

title:"syncthru web service"

Unsecured Telnet Access to Printers

port:23 "Password is not set"

Remote Access to Xerox Printers

ssl:"Xerox Generic Root"

Lexmark Printer Control Panels

Printer Type: Lexmark

HP LaserJet Printers via HTTP

"HP-ChaiSOE" port:"80"

Brother Printers Admin Interface

"Location: /main/main.html" debut

Exposed Octoprint 3D Printer Admin Interfaces

title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944

Printers with FTP Access

Laser Printer FTP Server


Files and Directories


Open Lists of Files and Directories

http.title:"Index of /"

Filezilla FTP

filezilla port:"21"

Open Lists of Port on 80

port:80 title:"Index of /"

Samba Shares with Authentication Disabled

"Authentication: disabled" port:445 product:"Samba"

FTP Access without Credentials

"220" "230 Login successful." port:21

Anonymous FTP Access

"Anonymous access allowed" port:"21"

NDMP on FTP Port

ftp port:"10000"

Vulnerable VSFTDP Service

vsftpd 2.3.4

QuickBook Files Shared over Network

"QuickBooks files OverNetwork" -unix port:445


Compromised Devices and Websites


Compromised Legacy Systems

port:4444 system32

General Hacked Label Search

hacked

Hacked by HTTP (in title)

http.title:"Hacked by" or hacked by

Compromised Routers Labeled

HACKED-ROUTER or hacked by

Compromised Routers

hacked-router-help-sos

Ransomware Infected RDP Services

"attention" "encrypted" port:3389

Compromised Host Advertising

HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD

Compromised FTP Services

HACKED FTP server

Bitcoin Wallet Compromised with Screenshot

bitcoin has_screenshot:true



GOOD LUCK AND GOOD GAME ;)

Commenti


bottom of page