Using Shodan Monitoring

Published: 2019-05-21. Last Updated: 2019-05-21 00:34:29 UTC
by Tom Webb (Version: 1)
5 comment(s)

Back in March, Shodan started a new service called Shodan Monitor(1). What this service does is notify you of ports that are open on the network you  specify. When you initially setup your network, you put in your CIDR to monitor and then select notification triggers where you will get emails for any of these categories that show up on the specified network.   In the notification emails, you get a link to be able to whitelist systems. I’m finding that the uncommon ports to be chatty for large networks, and tend to whitelist many of these.

 

 

 

They have a heat map that shows you what hosts has the most open ports.  You can hover over them and see what system have the largest footprint on the Internet.

 

 

 

The Initial dashboard shows you the top port breakdown, notable ports and possible vulnerabilities for your networks you are watching.

 

 

 

 

While this list could be useful, it’s only gathering these details based on banner information, which web applications have lots of backported patches which make this less valuable for web.

 

 

 

 


While you can and should script this within you organization using Nmap, this is great way to validate and see what attackers are seeing from outside with little effort. Has anyone found other cool uses of this service yet?

 

(1) https://monitor.shodan.io/

 

Keywords: Shodan
5 comment(s)

Comments

My bean-counters wouldn't spring for it (I didn't even ask them), so I wrote a powershell script to query our info via the API and let me know of any differences. Also useful for certificate expiry. Seems to work quite well...
Any chance you could share that script in GitHub (or another public repository)?
There are several scripts already available to do this. If you seach for "NMAP NDIFF script", you should find several. This is one I tracked down on GIT https://github.com/rommelfs/scanner. There is at least one for powershell there too.
This feature requires a Shodan paid subscription.
It's also available to users that have purchased the Shodan Membership which is a one-time payment of $49 (i.e. no subscription required). And it's available for free to academic or law enforcement users.

Diary Archives