An auto-updating list of shodan dorks with info on the amount of results they return!
Most search filters require a Shodan account.
This has tons of titles, info and categorisation a lot of other mass-lists don't have.
Also, every hour, it re-checks every query on here and updates their count. It also removes dorks that have 0 results.
General camera search.
camera
- 3,620,742 results
Hikvision IP Cameras.
product:"Hikvision IP Camera"
- 2,675,397 results
Backdoor exploit at https://ipvm.com/reports/hik-exploit
Webcams running on IPCam Client.
title:"IPCam Client"
- 59,145 results
Older webcams running on GeoVision.
server: GeoHttpServer
- 40,659 results
Avigilion-brand camera/monitoring devices.
title:"Avigilon"
- 18,951 results
Vivotek IP cameras.
server: VVTK-HTTP-Server
- 15,169 results
DVR CCTV cameras accessible via http.
200 ok dvr port:"81"
- 9,275 results
Netwave-make IP cameras.
Netwave IP Camera Content-Length: 2574
- 1,287 results
A UK-based IP camera provider.
WWW-Authenticate: "Merit LILIN Ent. Co., Ltd."
- 1,196 results
Yet another WebCAM software.
product:"Yawcam webcam viewer httpd"
- 613 results
UI3 - the HTML5 web interface for Blue Iris.
title:"ui3 -"
- 496 results
Unsecured Linksys webcams.
title:"+tm01+"
- 447 results
Various IP camera/video management system products.
ACTi
- 385 results
Webcams with screenshots.
webcam has_screenshot:true
- 196 results
Webcams running on webcamXP
server: webcamxp
- 163 results
Webcams running on webcam 7.
server: "webcam 7"
- 89 results
IP Webcams with screenshots.
has_screenshot:true IP Webcam
- 78 results
Webcams running on Blue Iris.
title:"blue iris remote view"
- 34 results
Canon-manufactured megapixel security cameras.
title:"Network Camera VB-M600"
- 33 results
i-Catcher IP-based CCTV systems.
server: "i-Catcher Console"
- 25 results
Linksys WVC80N cameras.
WVC80N
- 24 results
EtherNet/IP
port:44818
- 532,436 results
S7
port:102
- 513,648 results
Modbus
port:502
- 504,375 results
BACnet
port:47808
- 44,747 results
Niagara Fox
port:1911,4911 product:Niagara
- 9,182 results
VNC Servers
"authentication disabled" "RFB 003.008"
- 6,473 results
While not always 100% guaranteed to be a system, lots of embedded systems can show up here, along with personal systems.
More VNC Servers
"authentication disabled" port:5900,5901
- 6,321 results
Another search term for VNC servers - most are on port 5900 or 5901 as these are VNC display ports.
Gas Station Pump Controllers
"in-tank inventory" port:10001
- 5,903 results
Find gas station pump controllers with accessible inventory data.
IEC 60870-5-104
port:2404 asdu address
- 3,426 results
Siemens Industrial Automation
"Siemens, SIMATIC" port:161
- 3,024 results
DICOM Medical X-Ray Machines
"DICOM Server Response" port:104
- 1,816 results
Omron FINS
port:9600 response code
- 1,803 results
DNP3
port:20000 source address
- 1,002 results
PCWorx
port:1962 PLC
- 965 results
XZERES Wind Turbine
title:"xzeres wind"
- 556 results
ProConOS
port:20547 PLC
- 499 results
MELSEC-Q
port:5006,5007 product:mitsubishi
- 255 results
Door / Lock Access Controllers
"HID VertX" port:4070
- 184 results
C4 Max Commercial Vehicle GPS Trackers
[1m[35mWelcome on console
- 70 results
Electric Vehicle Chargers
"Server: gSOAP/2.8" "Content-Length: 583"
- 45 results
Nordex Wind Turbine Farms
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
- 37 results
GaugeTech Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows"
- 33 results
Voting Machines in the United States
"voter system serial" country:US
- 23 results
Open ATM
NCR Port:"161"
- 21 results
Traffic Light Controllers / Red Light Cameras
mikrotik streetlight
- 20 results
CAREL PlantVisor Refrigeration Units
"Server: CarelDataServer" "200 Document follows"
- 12 results
HART-IP
port:5094 hart-ip
- 12 results
Siemens HVAC Controllers
"Server: Microsoft-WinCE" "Content-Length: 12581"
- 6 results
Fuel Pumps connected to internet
"privileged command" GET
- 5 results
Samsung Electronic Billboards
Server: Prismview Player
- 3 results
Search for electronic billboards managed by Prismview servers.
Automatic License Plate Readers
P372 "ANPR enabled"
- 2 results
Submarine Mission Control Dashboards
title:"Slocum Fleet Mission Control"
- 1 result
Tesla Powerpack charging Status
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
- 1 result
General MySQL Database Search
product:MySQL
- 3,319,173 results
Remote PostgreSQL Connections
port:5432 PostgreSQL
- 761,333 results
MongoDB Server Information on Default Port
"MongoDB Server Information" port:27017
- 103,117 results
Default MongoDB Instances
mongodb port:27017
- 102,910 results
Open Elasticsearch Databases
port:"9200" all:elastic
- 30,464 results
Jenkins CI
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
- 14,767 results
Cisco Smart Install
smart install client active
- 7,077 results
Listed Apache CouchDB
product:"CouchDB"
- 4,626 results
Android Root Bridges
"Android Debug Bridge" "Device" port:5555
- 4,027 results
Polycom Video Conferencing
http.title:"- Polycom" "Server: lighttpd"
- 3,625 results
Pi-hole Open DNS Servers
"dnsmasq-pi-hole" "Recursion: enabled"
- 2,933 results
Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords
Lantronix password port:30718 -secured
- 637 results
Already Logged-In as root via Telnet
"root@" port:23 -login -password -name -Session
- 572 results
Accessible Kibana Dashboards
kibana content-length:217
- 533 results
Exposed MongoDB Express Web Interfaces
"Set-Cookie: mongo-express=" "200 OK"
- 394 results
Citrix Virtual Apps
"Citrix Applications:" port:1604
- 293 results
PBX IP Phone Gateways
PBX "gateway console" -password port:23
- 179 results
Docker Private Registries
"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab
- 140 results
Telnet Configuration
"Polycom Command Shell" -failed port:23
- 39 results
Weave Scope Dashboards
title:"Weave Scope" http.favicon.hash:567176827
- 13 results
Vulnerable CouchDB Instances
port:"5984"+Server: "CouchDB/2.1.0"
- 3 results
General Printer Search
printer
- 85,132 results
HP Printers Remote Restart
port:161 hp
- 10,838 results
Canon Printer HTTP Servers
Server: CANON HTTP Server
- 9,696 results
HTTP Accessible Epson Printers
http 200 server epson -upnp
- 2,016 results
Samsung Printers with SyncThru Web Service
title:"syncthru web service"
- 983 results
Unsecured Telnet Access to Printers
port:23 "Password is not set"
- 415 results
Remote Access to Xerox Printers
ssl:"Xerox Generic Root"
- 367 results
Epson Printers via HTTP Server
"Server: EPSON-HTTP" "200 OK"
- 318 results
HP LaserJet Printers via HTTP
"HP-ChaiSOE" port:"80"
- 161 results
Lexmark Printer Control Panels
Printer Type: Lexmark
- 157 results
Brother Printers Admin Interface
"Location: /main/main.html" debut
- 68 results
Printers with FTP Access
Laser Printer FTP Server
- 4 results
Open Lists of Files and Directories
http.title:"Index of /"
- 364,147 results
Filezilla FTP
filezilla port:"21"
- 252,812 results
Samba Shares with Authentication Disabled
"Authentication: disabled" port:445 product:"Samba"
- 206,074 results
Open Lists on Port 80
port:80 title:"Index of /"
- 141,058 results
FTP Access Without Credentials
"220" "230 Login successful." port:21
- 62,010 results
Anonymous Access Allowed FTP
"Anonymous access allowed" port:"21"
- 32,629 results
NDMP on FTP Port 10000
ftp port:"10000"
- 6,111 results
Vulnerable vsftpd Service
vsftpd 2.3.4
- 2,895 results
QuickBooks Files Shared Over Network
"QuickBooks files OverNetwork" -unix port:445
- 41 results
General Hacked Label Search
hacked
- 1,723 results
Compromised Legacy Systems on Port 4444
port:4444 system32
- 1,141 results
Compromised Routers Labeled HACKED-ROUTER
HACKED-ROUTER
- 762 results
Compromised Routers
hacked-router-help-sos
- 743 results
Hacked By in HTTP Title
http.title:"Hacked by"
- 516 results
Variation of Hacked By Label Search
hacked by
- 268 results
Compromised Hosts Advertising Default Password
HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD
- 98 results
Compromised FTP Servers
HACKED FTP server
- 68 results
Ransomware Infected RDP Services
"attention" "encrypted" port:3389
- 9 results
Owned By Label in HTTP Title
http.title:"0wn3d by"
- 6 results
Bitcoin Ransomware with Screenshot
bitcoin has_screenshot:true
- 2 results
General Dashboard Interfaces
http.title:"dashboard"
- 158,426 results
Control Panel Access Points
http.title:"control panel"
- 64,207 results
Minecraft Servers
"Minecraft Server" "protocol 340" port:25565
- 10,652 results
Tesla-related Interfaces
http.title:"Tesla"
- 587 results
Everything in North Korea
net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24
- 44 results
EIG Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows"
- 33 results
Misconfigured WordPress Installations
http.html:"* The wp-config.php creation script uses this file"
- 10 results
Ethereum Miners
ETH - Total speed
- 1 result
i'm not responsible for any misuse of this list :) explore responsibly!