Vulnerable IoT Devices! (Using Publicly-available Information To Learn More About A Target pt. 2)

Three very cool search engines. Use them 1-2-3 bang all together.

IoT devices are horribly insecure nowadays. You can search for information in your passive footprinting.  Stuff like webcams by manufacturer or version.

  1. https://Shodan.io – SCADA, ICS devices, anything connected could have version information or send back a reply. Will show open ports. Loads slower than Censys. Here’s a search for logitech devices. Click on the highlighted button and you may be able to view or maybe just come to a login screen. (You will have to login using Twitter; don’t use Windows or Google.)
    Returned “logitech” for San Diego
  2. https://search.censys.io – Additional data, even latitude and longitude for location of device.

    MikroTik Balboa Market
  3. https://www.thingful.net – very cool stuff.  You will have to login again using Twitter. Click watchYour device is available under Open.

    Webcams

Leave a Reply

Your email address will not be published. Required fields are marked *