Shodan Dorks Save

An auto-updating list of shodan dorks with info on the amount of results they return!

Project README

Shodan Dorks


Most search filters require a Shodan account.

What makes this different from other dork/query lists?

This has tons of titles, info and categorisation a lot of other mass-lists don't have.

Also, every hour, it re-checks every query on here and updates their count. It also removes dorks that have 0 results.

Contents

Cameras

General camera search.
camera - 3,620,742 results

Hikvision IP Cameras.
product:"Hikvision IP Camera" - 2,675,397 results
Backdoor exploit at https://ipvm.com/reports/hik-exploit

Webcams running on IPCam Client.
title:"IPCam Client" - 59,145 results

Older webcams running on GeoVision.
server: GeoHttpServer - 40,659 results

Avigilion-brand camera/monitoring devices.
title:"Avigilon" - 18,951 results

Vivotek IP cameras.
server: VVTK-HTTP-Server - 15,169 results

DVR CCTV cameras accessible via http.
200 ok dvr port:"81" - 9,275 results

Netwave-make IP cameras.
Netwave IP Camera Content-Length: 2574 - 1,287 results

A UK-based IP camera provider.
WWW-Authenticate: "Merit LILIN Ent. Co., Ltd." - 1,196 results

Yet another WebCAM software.
product:"Yawcam webcam viewer httpd" - 613 results

UI3 - the HTML5 web interface for Blue Iris.
title:"ui3 -" - 496 results

Unsecured Linksys webcams.
title:"+tm01+" - 447 results

Various IP camera/video management system products.
ACTi - 385 results

Webcams with screenshots.
webcam has_screenshot:true - 196 results

Webcams running on webcamXP
server: webcamxp - 163 results

Webcams running on webcam 7.
server: "webcam 7" - 89 results

IP Webcams with screenshots.
has_screenshot:true IP Webcam - 78 results

Webcams running on Blue Iris.
title:"blue iris remote view" - 34 results

Canon-manufactured megapixel security cameras.
title:"Network Camera VB-M600" - 33 results

i-Catcher IP-based CCTV systems.
server: "i-Catcher Console" - 25 results

Linksys WVC80N cameras.
WVC80N - 24 results

Industrial Control Systems

EtherNet/IP
port:44818 - 532,436 results

S7
port:102 - 513,648 results

Modbus
port:502 - 504,375 results

BACnet
port:47808 - 44,747 results

Niagara Fox
port:1911,4911 product:Niagara - 9,182 results

VNC Servers
"authentication disabled" "RFB 003.008" - 6,473 results
While not always 100% guaranteed to be a system, lots of embedded systems can show up here, along with personal systems.

More VNC Servers
"authentication disabled" port:5900,5901 - 6,321 results
Another search term for VNC servers - most are on port 5900 or 5901 as these are VNC display ports.

Gas Station Pump Controllers
"in-tank inventory" port:10001 - 5,903 results
Find gas station pump controllers with accessible inventory data.

IEC 60870-5-104
port:2404 asdu address - 3,426 results

Siemens Industrial Automation
"Siemens, SIMATIC" port:161 - 3,024 results

DICOM Medical X-Ray Machines
"DICOM Server Response" port:104 - 1,816 results

Omron FINS
port:9600 response code - 1,803 results

DNP3
port:20000 source address - 1,002 results

PCWorx
port:1962 PLC - 965 results

XZERES Wind Turbine
title:"xzeres wind" - 556 results

ProConOS
port:20547 PLC - 499 results

MELSEC-Q
port:5006,5007 product:mitsubishi - 255 results

Door / Lock Access Controllers
"HID VertX" port:4070 - 184 results

C4 Max Commercial Vehicle GPS Trackers
[1m[35mWelcome on console - 70 results

Electric Vehicle Chargers
"Server: gSOAP/2.8" "Content-Length: 583" - 45 results

Nordex Wind Turbine Farms
http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)" - 37 results

GaugeTech Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows" - 33 results

Voting Machines in the United States
"voter system serial" country:US - 23 results

Open ATM
NCR Port:"161" - 21 results

Traffic Light Controllers / Red Light Cameras
mikrotik streetlight - 20 results

CAREL PlantVisor Refrigeration Units
"Server: CarelDataServer" "200 Document follows" - 12 results

HART-IP
port:5094 hart-ip - 12 results

Siemens HVAC Controllers
"Server: Microsoft-WinCE" "Content-Length: 12581" - 6 results

Fuel Pumps connected to internet
"privileged command" GET - 5 results

Samsung Electronic Billboards
Server: Prismview Player - 3 results
Search for electronic billboards managed by Prismview servers.

Automatic License Plate Readers
P372 "ANPR enabled" - 2 results

Submarine Mission Control Dashboards
title:"Slocum Fleet Mission Control" - 1 result

Tesla Powerpack charging Status
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 - 1 result

Network Infastructure

General MySQL Database Search
product:MySQL - 3,319,173 results

Remote PostgreSQL Connections
port:5432 PostgreSQL - 761,333 results

MongoDB Server Information on Default Port
"MongoDB Server Information" port:27017 - 103,117 results

Default MongoDB Instances
mongodb port:27017 - 102,910 results

Open Elasticsearch Databases
port:"9200" all:elastic - 30,464 results

Jenkins CI
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard" - 14,767 results

Cisco Smart Install
smart install client active - 7,077 results

Listed Apache CouchDB
product:"CouchDB" - 4,626 results

Android Root Bridges
"Android Debug Bridge" "Device" port:5555 - 4,027 results

Polycom Video Conferencing
http.title:"- Polycom" "Server: lighttpd" - 3,625 results

Pi-hole Open DNS Servers
"dnsmasq-pi-hole" "Recursion: enabled" - 2,933 results

Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords
Lantronix password port:30718 -secured - 637 results

Already Logged-In as root via Telnet
"root@" port:23 -login -password -name -Session - 572 results

Accessible Kibana Dashboards
kibana content-length:217 - 533 results

Exposed MongoDB Express Web Interfaces
"Set-Cookie: mongo-express=" "200 OK" - 394 results

Citrix Virtual Apps
"Citrix Applications:" port:1604 - 293 results

PBX IP Phone Gateways
PBX "gateway console" -password port:23 - 179 results

Docker Private Registries
"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab - 140 results

Telnet Configuration
"Polycom Command Shell" -failed port:23 - 39 results

Weave Scope Dashboards
title:"Weave Scope" http.favicon.hash:567176827 - 13 results

Vulnerable CouchDB Instances
port:"5984"+Server: "CouchDB/2.1.0" - 3 results

Printers

General Printer Search
printer - 85,132 results

HP Printers Remote Restart
port:161 hp - 10,838 results

Canon Printer HTTP Servers
Server: CANON HTTP Server - 9,696 results

HTTP Accessible Epson Printers
http 200 server epson -upnp - 2,016 results

Samsung Printers with SyncThru Web Service
title:"syncthru web service" - 983 results

Unsecured Telnet Access to Printers
port:23 "Password is not set" - 415 results

Remote Access to Xerox Printers
ssl:"Xerox Generic Root" - 367 results

Epson Printers via HTTP Server
"Server: EPSON-HTTP" "200 OK" - 318 results

HP LaserJet Printers via HTTP
"HP-ChaiSOE" port:"80" - 161 results

Lexmark Printer Control Panels
Printer Type: Lexmark - 157 results

Brother Printers Admin Interface
"Location: /main/main.html" debut - 68 results

Printers with FTP Access
Laser Printer FTP Server - 4 results

Files and Directories

Open Lists of Files and Directories
http.title:"Index of /" - 364,147 results

Filezilla FTP
filezilla port:"21" - 252,812 results

Samba Shares with Authentication Disabled
"Authentication: disabled" port:445 product:"Samba" - 206,074 results

Open Lists on Port 80
port:80 title:"Index of /" - 141,058 results

FTP Access Without Credentials
"220" "230 Login successful." port:21 - 62,010 results

Anonymous Access Allowed FTP
"Anonymous access allowed" port:"21" - 32,629 results

NDMP on FTP Port 10000
ftp port:"10000" - 6,111 results

Vulnerable vsftpd Service
vsftpd 2.3.4 - 2,895 results

QuickBooks Files Shared Over Network
"QuickBooks files OverNetwork" -unix port:445 - 41 results

Compromised devices and websites

General Hacked Label Search
hacked - 1,723 results

Compromised Legacy Systems on Port 4444
port:4444 system32 - 1,141 results

Compromised Routers Labeled HACKED-ROUTER
HACKED-ROUTER - 762 results

Compromised Routers
hacked-router-help-sos - 743 results

Hacked By in HTTP Title
http.title:"Hacked by" - 516 results

Variation of Hacked By Label Search
hacked by - 268 results

Compromised Hosts Advertising Default Password
HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD - 98 results

Compromised FTP Servers
HACKED FTP server - 68 results

Ransomware Infected RDP Services
"attention" "encrypted" port:3389 - 9 results

Owned By Label in HTTP Title
http.title:"0wn3d by" - 6 results

Bitcoin Ransomware with Screenshot
bitcoin has_screenshot:true - 2 results

Miscellaneous

General Dashboard Interfaces
http.title:"dashboard" - 158,426 results

Control Panel Access Points
http.title:"control panel" - 64,207 results

Minecraft Servers
"Minecraft Server" "protocol 340" port:25565 - 10,652 results

Tesla-related Interfaces
http.title:"Tesla" - 587 results

Everything in North Korea
net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24 - 44 results

EIG Electricity Meters
"Server: EIG Embedded Web Server" "200 Document follows" - 33 results

Misconfigured WordPress Installations
http.html:"* The wp-config.php creation script uses this file" - 10 results

Ethereum Miners
ETH - Total speed - 1 result

i'm not responsible for any misuse of this list :) explore responsibly!

Open Source Agenda is not affiliated with "Shodan Dorks" Project. README Source: dootss/shodan-dorks
Stars
47
Open Issues
0
Last Commit
2 weeks ago
Repository
dootss/shodan-dorks
Tags
Cybersecurity Hacking Infosec Iot Opsec Osint Pentest Pentesting Security Security Scanner Shodan Shodan Dorks Shodan Search

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?