Primary Use Case

This dataset is primarily used by security researchers, threat intelligence analysts, and OSINT practitioners to quickly identify vulnerable or interesting devices and services exposed on the internet via Shodan. It helps automate reconnaissance and network monitoring by providing ready-made search filters for various device types and security-relevant scenarios.

Key Features

Collection of publicly available Shodan dorks for diverse device and service discovery

Covers filters for geographic, OS, port, hostname, and time-based searches

Includes specialized queries for vulnerable devices like surveillance cams, fuel pumps, and hacked routers

Supports advanced combined filters for precise reconnaissance

Facilitates discovery of misconfigured services such as MongoDB, FTP, Jenkins, and Wordpress

Useful for identifying exposed credentials, open access points, and security misconfigurations

Insights & Recommendations

This repository provides a static collection of Shodan search queries and does not include executable code or installation steps. Users should have a Shodan account and understand how to use Shodan's search interface or API to leverage these dorks effectively. Combining filters can yield more precise results but requires familiarity with Shodan's query syntax. Always ensure ethical use and respect privacy and legal boundaries when conducting reconnaissance.

Usage

city:"Bangalore"

Find devices located in the city of Bangalore.

country:"IN"

Find devices located in India.

geo:"56.913055,118.250862"

Find devices by geographic coordinates.

server: "gws" hostname:"google"

Find devices matching the hostname 'google' with server 'gws'.

net:210.214.0.0/16

Find devices within the specified IP range.

os:"windows 7"

Find devices running Windows 7 operating system.

proftpd port:21

Find devices with ProFTPD running on port 21.

apache after:22/02/2009 before:14/3/2010

Find Apache servers active between specified dates.

title:"citrix gateway"

Find Citrix Gateway devices.

html:"def_wirelesspassword"

Find devices exposing cleartext WiFi passwords.

"NETSurveillance uc-httpd"

Find surveillance cameras with default admin credentials.

"privileged command" GET

Find fuel pumps connected to the internet with no authentication required.

"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"

Find Windows RDP servers potentially exposing passwords.

"MongoDB Server Information" port:27017 -authentication

Find MongoDB servers and dashboards without authentication.

"220" "230 Login successful." port:21

Find FTP servers allowing anonymous access.

Smart Usage Notes

Integrate Shodan dorks into automated reconnaissance pipelines to accelerate vulnerability discovery.Use combined filters to tailor network monitoring for specific threat scenarios or geographic regions.Leverage the dataset for continuous exposure assessment to detect newly exposed or misconfigured assets.Augment blue team threat hunting by proactively identifying exposed services and credentials before exploitation.In purple team exercises, simulate adversary reconnaissance phases using these dorks to validate detection controls.

OpenSec Atlas

Shodan-Dorks

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like