Archive | Security RSS feed for this section

Security content from Leo Nelson

Shodan Search Shortcuts

Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.

Listed below are some popular search shortcuts/search keywords to help with narrowing your search results:

Keyword Values Description Example
port Any Numeric Value Specific Ports port:554
has_screenshot True/False Has Screenshot has_screenshot:true
org Organization Value Organization org:”Microsoft”
ssl Organization Value SSL Certificates for Organizatio ssl:edellroot
ssl:Some University
ssl.version SSL Version Value SSL Version ssl.version:sslv2 -ssl.version:sslv3,tlsv1,tlsv1.1,tlsv1.2
net IP Range IP Range net:18.27.7.0/24

Search Examples

Example Search Query Used For
port:9100 product:”LaserJet” Finding HP LaserJet printers on the network
ssl:edellroot Finding devices with SSL certificates issued by eDellRoot

 

Critical Security Controls

CSC 1: Inventory of Authorized and Unauthorized Devices
CSC 2: Inventory of Authorized and Unauthorized Software
CSC 3: Secure Configurations for Hardware and Software on Mobile Device Laptops, Workstations, and Servers
CSC 4: Continuous Vulnerability Assessment and Remediation
CSC 5: Controlled Use of Administrative Privileges
CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
CSC 7: Email and Web Browser Protections
CSC 8: Malware Defenses
CSC 9: Limitation and Control of Network Ports, Protocols, and Services
CSC 10: Data Recovery Capability
CSC 11: Secure Configurations for Network Devices such as Firewall Routers, and Switches
CSC 12: Boundary Defense
CSC 13: Data Protection
CSC 14: Controlled Access Based on the Need to Know
CSC 15: Wireless Access Control
CSC 16: Account Monitoring and Control
CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps
CSC 18: Application Software Security
CSC 19: Incident Response and Management
CSC 20: Penetration Tests and Red Team Exercises