Video Description

In this lab, Subject Matter Expert Dean Pompilio demonstrates the features and the uses for a Web site called Shodan (www.shodan.io). You need to register and create an account to fully use this Web site. Shodan crawls the Internet and identifies IP addresses that have a service running. Then it does a banner grab of the service that is running, and it saves the banner information. You can search on a keyword or an IP address to find the services that are running. You will learn how to use the explore link to find out more about popular recent searches, and you are encouraged to read the site's blog. The blog is for people who want more information or who want to share their projects SME Pompilio describes the idea of gathering IP addresses of your target in the context of Shodan. He demonstrates using the Web site for a penetration test or audit by identifying your target organization and their IP addresses. Then Shodan can be used to find the location and all the services that are running. You will be working within the IP address range that your target is using and you will not be working randomly. Shodan helps to define the attack surface for your particular penetration test of an audit target.

Course Modules