1
00:00:01,250 --> 00:00:08,150
Showdown is a search engine over the Internet for finding connected devices.

2
00:00:09,420 --> 00:00:17,190
If a device is directly hooked up to the Internet, then Shodan queries it for various publicly available

3
00:00:17,190 --> 00:00:17,820
information.

4
00:00:19,500 --> 00:00:22,590
So it scans the entire IP version for network.

5
00:00:23,630 --> 00:00:27,850
And parses the results using the better information.

6
00:00:29,530 --> 00:00:37,270
The types of devices that are indexed can vary tremendously, ranging from small desktops right up through

7
00:00:37,270 --> 00:00:40,930
nuclear power plants and just about everything in between.

8
00:00:42,390 --> 00:00:45,450
Some describe it as a search engine for hackers.

9
00:00:46,920 --> 00:00:53,640
Now, Shodan is integrated with MSF, so you can query Shodan from MSF.

10
00:00:55,040 --> 00:01:02,930
However, to accomplish this, the first step is to get an API key by registering with Shodan.

11
00:01:04,390 --> 00:01:07,510
Then you can you should end from MSF console.

12
00:01:10,280 --> 00:01:13,400
So I'll set up a search for a showdown just like that.

13
00:01:17,620 --> 00:01:20,860
OK, so there are only three auxiliaries for Shodan.

14
00:01:22,270 --> 00:01:25,570
And I'll use the showdown search module.

15
00:01:28,050 --> 00:01:29,910
OK, so now show the options.

16
00:01:31,690 --> 00:01:38,680
And these are the options, and as you can see here, you don't have classic variables such as our host

17
00:01:38,680 --> 00:01:39,610
and Arpad.

18
00:01:40,840 --> 00:01:43,040
But there is an important variable here.

19
00:01:43,870 --> 00:01:47,120
It is Shodan APIC.

20
00:01:48,190 --> 00:01:53,260
Now you must have an API key to perform searches on showdown.

21
00:01:54,510 --> 00:02:00,180
So how about if I show you the showdown interface and copy my API key to use?

22
00:02:01,510 --> 00:02:06,040
So go to your Web browser and just type showed in in the address bar.

23
00:02:08,710 --> 00:02:15,400
And of course, the first row of the result list is what you're going to look for, Shodan Dot Io.

24
00:02:17,210 --> 00:02:23,510
Now, I suggest strongly that you explore the Web site and create an account because you were going

25
00:02:23,510 --> 00:02:24,530
to get to love Shodan.

26
00:02:27,650 --> 00:02:28,880
So now I'm going to log in.

27
00:02:33,110 --> 00:02:34,610
This is my account's homepage.

28
00:02:35,890 --> 00:02:41,980
And in the upper right hand corner, there is a button and it's called Show APIC.

29
00:02:43,410 --> 00:02:46,470
So let's click on that and here is my APIC.

30
00:02:47,650 --> 00:02:50,830
You can get one for yourself in exactly the same way.

31
00:02:51,800 --> 00:02:59,480
But what I'm going to do is I'll copy it and I'll use it in my MSF console, then go back to MSF console.

32
00:03:01,410 --> 00:03:03,150
All righty, so now.

33
00:03:03,980 --> 00:03:08,960
I set the showdown API key variable to the copied key.

34
00:03:10,800 --> 00:03:16,950
And let's write a query to the query variable.

35
00:03:18,390 --> 00:03:22,830
Let's look for my admin pages.

36
00:03:25,060 --> 00:03:32,800
Now, wouldn't you love to have some search filters here, but I can't at this point because I don't

37
00:03:32,800 --> 00:03:34,090
use the paid service.

38
00:03:35,830 --> 00:03:37,450
So I'll just make a simple search.

39
00:03:40,370 --> 00:03:44,210
And let me check one more time just to make sure everything's right.

40
00:03:45,510 --> 00:03:46,920
OK, now you can run the module.

41
00:03:49,200 --> 00:03:54,380
Now, sometimes it takes a while, but I don't think it's not working.

42
00:03:56,990 --> 00:03:58,280
So here are the results.

43
00:04:00,470 --> 00:04:02,840
And let's randomly choose an IP.

44
00:04:04,080 --> 00:04:08,130
So I'm going to copy this and open it from the browser.

45
00:04:10,500 --> 00:04:13,960
And this is your imaginary targets page.

46
00:04:15,450 --> 00:04:23,070
Now, what I want to do here is, yeah, you can look for Internet connected services that your target's

47
00:04:23,070 --> 00:04:25,980
connected to besides a keyword search.

48
00:04:27,130 --> 00:04:30,710
Showdown allows you to be specific in your search.

49
00:04:31,630 --> 00:04:32,370
So what does that mean?

50
00:04:33,220 --> 00:04:43,000
You can, for instance, find devices by city, country or IP address or IP address range using C IDR

51
00:04:43,000 --> 00:04:52,150
notation so we can get even more specific, providing it with GPS coordinates, hostname operating system

52
00:04:52,150 --> 00:04:52,780
and port.

53
00:04:54,140 --> 00:04:58,130
So I've made a random search, but you can also make a detailed one.