1
00:00:01,270 --> 00:00:08,200
‫Showdown is a search engine over the Internet for finding connected devices.

2
00:00:09,430 --> 00:00:17,200
‫If a device is directly hooked up to the Internet, then Shodan queries it for various publicly available

3
00:00:17,200 --> 00:00:17,850
‫information.

4
00:00:19,550 --> 00:00:22,610
‫So it scans the entire IP version for network.

5
00:00:23,650 --> 00:00:27,900
‫And parses the results using the better information.

6
00:00:29,530 --> 00:00:37,300
‫The types of devices that are indexed can vary tremendously, ranging from small desktops right up through

7
00:00:37,300 --> 00:00:40,960
‫nuclear power plants and just about everything in between.

8
00:00:42,390 --> 00:00:45,480
‫Some describe it as a search engine for hackers.

9
00:00:46,940 --> 00:00:53,660
‫Now, Shodan is integrated with MSF, so you can query Shodan from MSF.

10
00:00:55,060 --> 00:01:02,950
‫However, to accomplish this, the first step is to get an API key by registering with Shodan.

11
00:01:04,430 --> 00:01:07,550
‫Then you can you should end from MSF console.

12
00:01:10,320 --> 00:01:13,440
‫So I'll set up a search for a showdown just like that.

13
00:01:17,650 --> 00:01:20,890
‫OK, so there are only three auxiliaries for showdown.

14
00:01:22,290 --> 00:01:25,590
‫And I'll use the showdown search module.

15
00:01:28,100 --> 00:01:29,930
‫OK, so now show the options.

16
00:01:31,710 --> 00:01:38,700
‫And these are the options, and as you can see here, you don't have classic variables such as our host

17
00:01:38,700 --> 00:01:39,660
‫and Arpad.

18
00:01:40,870 --> 00:01:43,070
‫But there is an important variable here.

19
00:01:43,870 --> 00:01:47,150
‫It is Shodan Apink.

20
00:01:48,220 --> 00:01:53,290
‫Now you must have an API key to perform searches on showdown.

21
00:01:54,530 --> 00:02:00,200
‫So how about if I show you the showdown interface and copy my API key to use?

22
00:02:01,520 --> 00:02:06,050
‫So go to your Web browser and just type showed in in the address bar.

23
00:02:08,750 --> 00:02:15,440
‫And of course, the first row of the result list is what you're going to look for, Shodan Dot Io.

24
00:02:17,240 --> 00:02:23,540
‫Now, I suggest strongly that you explore the website and create an account because you really going

25
00:02:23,540 --> 00:02:24,560
‫to get to love showdown.

26
00:02:27,670 --> 00:02:28,900
‫So now I'm going to log in.

27
00:02:33,130 --> 00:02:40,480
‫This is my account's homepage, and in the upper right hand corner, there is a button and it's called

28
00:02:40,480 --> 00:02:41,980
‫Show Apink.

29
00:02:43,460 --> 00:02:46,490
‫So let's click on that and here is my APIC.

30
00:02:47,680 --> 00:02:50,860
‫You can get one for yourself in exactly the same way.

31
00:02:51,840 --> 00:02:59,520
‫But what I'm going to do is I'll copy it and I'll use it in my MSF console and go back to MSF console.

32
00:03:01,430 --> 00:03:08,990
‫All right, so now I set the showdown API key variable to the copied key.

33
00:03:10,820 --> 00:03:16,970
‫And let's write a query to the query variable.

34
00:03:18,440 --> 00:03:22,850
‫Let's look for my admin pages.

35
00:03:25,080 --> 00:03:32,820
‫Now, wouldn't you love to have some search filters here, but I can't at this point because I don't

36
00:03:32,820 --> 00:03:34,110
‫use the paid service.

37
00:03:35,840 --> 00:03:37,490
‫So I'll just make a simple search.

38
00:03:40,420 --> 00:03:44,230
‫And let me take one more time just to make sure everything's right.

39
00:03:45,560 --> 00:03:46,940
‫OK, now we can run the module.

40
00:03:49,250 --> 00:03:54,400
‫Now, sometimes it takes a while, but I don't think it's not working.

41
00:03:57,020 --> 00:03:58,280
‫So here are the result.

42
00:04:00,500 --> 00:04:08,150
‫And let's randomly choose an IP, so I'm going to copy this and open it from the browser.

43
00:04:10,520 --> 00:04:13,980
‫And this is your imaginary targets page.

44
00:04:15,470 --> 00:04:23,090
‫Now, what I want to do here is, yeah, you can look for Internet connected services that your target's

45
00:04:23,090 --> 00:04:23,690
‫connected to.

46
00:04:24,770 --> 00:04:30,740
‫Besides a keyword search, shodan allows you to be specific in your search.

47
00:04:31,670 --> 00:04:32,410
‫So what does that mean?

48
00:04:33,260 --> 00:04:43,040
‫You can, for instance, find devices by city, country or IP address or IP address range using c IDR

49
00:04:43,040 --> 00:04:52,190
‫notation so we can get even more specific, providing it with GPS coordinates, hostname operating system

50
00:04:52,190 --> 00:04:52,790
‫and port.

51
00:04:54,160 --> 00:04:58,180
‫So I've made a random search, but you can also make a detailed one.