Advanced search with shodan
Shodan is an advanced search engine that is used to search for internet connected devices such as webcams and SCADA systems. It can also be effectively used for searching vulnerable systems. Interestingly, the Metasploit Framework has a capability to integrate with Shodan to fire search queries right from msfconsole.
In order to integrate Shodan with the Metasploit Framework, you first need to register yourself on https://www.shodan.io. Once registered, you can get the API key from the Account Overview section shown as follows:
Its auxiliary module name is auxiliary/gather/shodan_search, and this auxiliary module connects to the Shodan search engine to fire search queries from msfconsole and get the search results.
You will have to configure the following parameters:
- SHODAN_APIKEY: The Shodan API key available to registered Shodan users
- QUERY: Keyword to be searched
You can run the shodan_search command to get the following result:
