shodan-dorks.md - Opengist

修訂 a0e548f0f0b7ba32e0e0657a9179681a3ca985d5

shodan-dorks.txt · 11 KiB · Text 原始檔案

Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates. geo:"56.913055,118.250862" Location country:us country:ru country:de city:chicago hostname: Find devices matching the hostname. server: "gws" hostname:"google" hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org net: Find devices based on an IP address or /x CIDR. net:210.214.0.0/16 Organization org:microsoft org:"United States Department" Autonomous System Number (ASN) asn:ASxxxx os: Find devices based on operating system. os:"windows 7" port: Find devices based on open ports. proftpd port:21 before/after: Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010 SSL/TLS Certificates Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com Expired certificates ssl.cert.expired:true ssl.cert.subject.cn:example.com Device Type device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge Operating System os:"windows 7" os:"windows server 2012" os:"linux 3.x" Product product:apache product:nginx product:android product:chromecast Customer Premises Equipment (CPE) cpe:apple cpe:microsoft cpe:nginx cpe:cisco Server server: nginx server: apache server: microsoft server: cisco-ios ssh fingerprints dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0 Web Pulse Secure http.html:/dana-na PEM Certificates http.title:"Index of /" http.html:".pem" Tor / Dark Web sites onion-location Databases MySQL "product:MySQL" mysql port:"3306" MongoDB "product:MongoDB" mongodb port:27017 Fully open MongoDBs "MongoDB Server Information { "metrics":" "Set-Cookie: mongo-express=" "200 OK" "MongoDB Server Information" port:27017 -authentication Kibana dashboards without authentication kibana content-legth:217 elastic port:9200 json port:"9200" all:elastic port:"9200" all:"elastic indices" Memcached "product:Memcached" CouchDB "product:CouchDB" port:"5984"+Server: "CouchDB/2.1.0" PostgreSQL "port:5432 PostgreSQL" Riak "port:8087 Riak" Redis "product:Redis" Cassandra "product:Cassandra" Industrial Control Systems Samsung Electronic Billboards "Server: Prismview Player" Gas Station Pump Controllers "in-tank inventory" port:10001 Fuel Pumps connected to internet: No auth required to access CLI terminal. "privileged command" GET Automatic License Plate Readers P372 "ANPR enabled" Traffic Light Controllers / Red Light Cameras mikrotik streetlight Voting Machines in the United States "voter system serial" country:US Open ATM: May allow for ATM Access availability NCR Port:"161" Telcos Running Cisco Lawful Intercept Wiretaps "Cisco IOS" "ADVIPSERVICESK9_LI-M" Prison Pay Phones "[2J[H Encartele Confidential" Tesla PowerPack Charging Status http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 Electric Vehicle Chargers "Server: gSOAP/2.8" "Content-Length: 583" Maritime Satellites Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too! "Cobham SATCOM" OR ("Sailor" "VSAT") Submarine Mission Control Dashboards title:"Slocum Fleet Mission Control" CAREL PlantVisor Refrigeration Units "Server: CarelDataServer" "200 Document follows" Nordex Wind Turbine Farms http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)" C4 Max Commercial Vehicle GPS Trackers "[1m[35mWelcome on console" DICOM Medical X-Ray Machines Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet. "DICOM Server Response" port:104 GaugeTech Electricity Meters "Server: EIG Embedded Web Server" "200 Document follows" Siemens Industrial Automation "Siemens, SIMATIC" port:161 Siemens HVAC Controllers "Server: Microsoft-WinCE" "Content-Length: 12581" Door / Lock Access Controllers "HID VertX" port:4070 Railroad Management "log off" "select the appropriate" Tesla Powerpack charging Status: Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 XZERES Wind Turbine title:"xzeres wind" PIPS Automated License Plate Reader "html:"PIPS Technology ALPR Processors"" Modbus "port:502" Niagara Fox "port:1911,4911 product:Niagara" GE-SRTP "port:18245,18246 product:"general electric"" MELSEC-Q "port:5006,5007 product:mitsubishi" CODESYS "port:2455 operating system" S7 "port:102" BACnet "port:47808" HART-IP "port:5094 hart-ip" Omron FINS "port:9600 response code" IEC 60870-5-104 "port:2404 asdu address" DNP3 "port:20000 source address" EtherNet/IP "port:44818" PCWorx "port:1962 PLC" Crimson v3.0 "port:789 product:"Red Lion Controls" ProConOS "port:20547 PLC" Remote Desktop Unprotected VNC "authentication disabled" port:5900,5901 "authentication disabled" "RFB 003.008" Windows RDP 99.99% are secured by a secondary Windows login screen. "\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00" C2 Infrastructure CobaltStrike Servers product:"cobalt strike team server" product:"Cobalt Strike Beacon" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik Brute Ratel http.html_hash:-1957161625 product:"Brute Ratel C4" Covenant ssl:”Covenant” http.component:”Blazor” Metasploit ssl:"MetasploitSelfSignedCA" Network Infrastructure Hacked routers: Routers which got compromised hacked-router-help-sos Redis open instances product:"Redis key-value store" Citrix: Find Citrix Gateway. title:"citrix gateway" Weave Scope Dashboards Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure. title:"Weave Scope" http.favicon.hash:567176827 Jenkins CI "X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard" Jenkins: Jenkins Unrestricted Dashboard x-jenkins 200 Docker APIs "Docker Containers:" port:2375 Docker Private Registries "Docker-Distribution-Api-Version: registry" "200 OK" -gitlab Pi-hole Open DNS Servers "dnsmasq-pi-hole" "Recursion: enabled" DNS Servers with recursion "port: 53" Recursion: Enabled Already Logged-In as root via Telnet "root@" port:23 -login -password -name -Session Telnet Access: NO password required for telnet access. port:23 console gateway Polycom video-conference system no-auth shell "polycom command shell" NPort serial-to-eth / MoCA devices without password nport -keyin port:23 Android Root Bridges A tangential result of Google's sloppy fractured update approach. 🙄 More information here. "Android Debug Bridge" "Device" port:5555 Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords Lantronix password port:30718 -secured Citrix Virtual Apps "Citrix Applications:" port:1604 Cisco Smart Install Vulnerable (kind of "by design," but especially when exposed). "smart install client active" PBX IP Phone Gateways PBX "gateway console" -password port:23 Polycom Video Conferencing http.title:"- Polycom" "Server: lighttpd" "Polycom Command Shell" -failed port:23 Telnet Configuration: "Polycom Command Shell" -failed port:23 Example: Polycom Video Conferencing Bomgar Help Desk Portal "Server: Bomgar" "200 OK" Intel Active Management CVE-2017-5689 "Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995 ”Active Management Technology” HP iLO 4 CVE-2017-12542 HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900 Lantronix ethernet adapter’s admin interface without password "Press Enter for Setup Mode port:9999" Wifi Passwords: Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword" Misconfigured Wordpress Sites: The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file" Outlook Web Access: Exchange 2007 "x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0" Exchange 2010 "x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392 Exchange 2013 / 2016 "X-AspNet-Version" http.title:"Outlook" -"x-owa-version" Lync / Skype for Business "X-MS-Server-Fqdn" Network Attached Storage (NAS) SMB (Samba) File Shares Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc. "Authentication: disabled" port:445 Specifically domain controllers: "Authentication: disabled" NETLOGON SYSVOL -unix port:445 Concerning default network shares of QuickBooks files: "Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445 FTP Servers with Anonymous Login "220" "230 Login successful." port:21 Iomega / LenovoEMC NAS Drives "Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In" Buffalo TeraStation NAS Drives Redirecting sencha port:9000 Logitech Media Servers "Server: Logitech Media Server" "200 OK" Example: Logitech Media Servers Plex Media Servers "X-Plex-Protocol" "200 OK" port:32400 Tautulli / PlexPy Dashboards "CherryPy/5.1.0" "/home" Home router attached USB "IPC$ all storage devices" Webcams Generic camera search title:camera Webcams with screenshots webcam has_screenshot:true D-Link webcams "d-Link Internet Camera, 200 OK" Hipcam "Hipcam RealServer/V1.0" Yawcams "Server: yawcam" "Mime-Type: text/html" webcamXP/webcam7 ("webcam 7" OR "webcamXP") http.component:"mootools" -401 Android IP Webcam Server "Server: IP Webcam Server" "200 OK" Security DVRs html:"DVR_H264 ActiveX" Surveillance Cams: With username:admin and password: :P NETSurveillance uc-httpd Server: uc-httpd 1.0.0 Printers & Copiers: HP Printers "Serial Number:" "Built:" "Server: HP HTTP" Xerox Copiers/Printers ssl:"Xerox Generic Root" Epson Printers "SERVER: EPSON_Linux UPnP" "200 OK" "Server: EPSON-HTTP" "200 OK" Canon Printers "Server: KS_HTTP" "200 OK" "Server: CANON HTTP Server" Home Devices Yamaha Stereos "Server: AV_Receiver" "HTTP/1.1 406" Apple AirPlay Receivers Apple TVs, HomePods, etc. "\x08_airplay" port:5353 Chromecasts / Smart TVs "Chromecast:" port:8008 Crestron Smart Home Controllers "Model: PYNG-HUB" Random Stuff Calibre libraries "Server: calibre" http.status:200 http.title:calibre OctoPrint 3D Printer Controllers title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944 Etherium Miners "ETH - Total speed" Apache Directory Listings Substitute .pem with any extension or a filename like phpinfo.php. http.title:"Index of /" http.html:".pem" Misconfigured WordPress Exposed wp-config.php files containing database credentials. http.html:"* The wp-config.php creation script uses this file" Too Many Minecraft Servers "Minecraft Server" "protocol 340" port:25565 Literally Everything in North Korea net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24

1	Shodan Dorks by twitter.com/lothos612
2	Feel free to make suggestions
3
4	Shodan Dorks
5	Basic Shodan Filters
6	city:
7	Find devices in a particular city. city:"Bangalore"
8
9	country:
10	Find devices in a particular country. country:"IN"
11
12	geo:
13	Find devices by giving geographical coordinates. geo:"56.913055,118.250862"
14
15	Location
16	country:us country:ru country:de city:chicago
17
18	hostname:
19	Find devices matching the hostname. server: "gws" hostname:"google" hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org
20
21	net:
22	Find devices based on an IP address or /x CIDR. net:210.214.0.0/16
23
24	Organization
25	org:microsoft org:"United States Department"
26
27	Autonomous System Number (ASN)
28	asn:ASxxxx
29
30	os:
31	Find devices based on operating system. os:"windows 7"
32
33	port:
34	Find devices based on open ports. proftpd port:21
35
36	before/after:
37	Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010
38
39	SSL/TLS Certificates
40	Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com
41
42	Expired certificates ssl.cert.expired:true
43
44	ssl.cert.subject.cn:example.com
45
46	Device Type
47	device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge
48
49	Operating System
50	os:"windows 7" os:"windows server 2012" os:"linux 3.x"
51
52	Product
53	product:apache product:nginx product:android product:chromecast
54
55	Customer Premises Equipment (CPE)
56	cpe:apple cpe:microsoft cpe:nginx cpe:cisco
57
58	Server
59	server: nginx server: apache server: microsoft server: cisco-ios
60
61	ssh fingerprints
62	dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0
63
64	Web
65	Pulse Secure
66	http.html:/dana-na
67
68	PEM Certificates
69	http.title:"Index of /" http.html:".pem"
70
71	Tor / Dark Web sites
72	onion-location
73
74	Databases
75	MySQL
76	"product:MySQL" mysql port:"3306"
77
78	MongoDB
79	"product:MongoDB" mongodb port:27017
80
81	Fully open MongoDBs
82	"MongoDB Server Information { "metrics":" "Set-Cookie: mongo-express=" "200 OK" "MongoDB Server Information" port:27017 -authentication
83
84	Kibana dashboards without authentication
85	kibana content-legth:217
86
87	elastic
88	port:9200 json port:"9200" all:elastic port:"9200" all:"elastic indices"
89
90	Memcached
91	"product:Memcached"
92
93	CouchDB
94	"product:CouchDB" port:"5984"+Server: "CouchDB/2.1.0"
95
96	PostgreSQL
97	"port:5432 PostgreSQL"
98
99	Riak
100	"port:8087 Riak"
101
102	Redis
103	"product:Redis"
104
105	Cassandra
106	"product:Cassandra"
107
108	Industrial Control Systems
109	Samsung Electronic Billboards
110	"Server: Prismview Player"
111
112	Gas Station Pump Controllers
113	"in-tank inventory" port:10001
114
115	Fuel Pumps connected to internet:
116	No auth required to access CLI terminal. "privileged command" GET
117
118	Automatic License Plate Readers
119	P372 "ANPR enabled"
120
121	Traffic Light Controllers / Red Light Cameras
122	mikrotik streetlight
123
124	Voting Machines in the United States
125	"voter system serial" country:US
126
127	Open ATM:
128	May allow for ATM Access availability NCR Port:"161"
129
130	Telcos Running Cisco Lawful Intercept Wiretaps
131	"Cisco IOS" "ADVIPSERVICESK9_LI-M"
132
133	Prison Pay Phones
134	"[2J[H Encartele Confidential"
135
136	Tesla PowerPack Charging Status
137	http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
138
139	Electric Vehicle Chargers
140	"Server: gSOAP/2.8" "Content-Length: 583"
141
142	Maritime Satellites
143	Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too!
144
145	"Cobham SATCOM" OR ("Sailor" "VSAT")
146
147	Submarine Mission Control Dashboards
148	title:"Slocum Fleet Mission Control"
149
150	CAREL PlantVisor Refrigeration Units
151	"Server: CarelDataServer" "200 Document follows"
152
153	Nordex Wind Turbine Farms
154	http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
155
156	C4 Max Commercial Vehicle GPS Trackers
157	"[1m[35mWelcome on console"
158
159	DICOM Medical X-Ray Machines
160	Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet.
161
162	"DICOM Server Response" port:104
163
164	GaugeTech Electricity Meters
165	"Server: EIG Embedded Web Server" "200 Document follows"
166
167	Siemens Industrial Automation
168	"Siemens, SIMATIC" port:161
169
170	Siemens HVAC Controllers
171	"Server: Microsoft-WinCE" "Content-Length: 12581"
172
173	Door / Lock Access Controllers
174	"HID VertX" port:4070
175
176	Railroad Management
177	"log off" "select the appropriate"
178
179	Tesla Powerpack charging Status:
180	Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
181
182	XZERES Wind Turbine
183	title:"xzeres wind"
184
185	PIPS Automated License Plate Reader
186	"html:"PIPS Technology ALPR Processors""
187
188	Modbus
189	"port:502"
190
191	Niagara Fox
192	"port:1911,4911 product:Niagara"
193
194	GE-SRTP
195	"port:18245,18246 product:"general electric""
196
197	MELSEC-Q
198	"port:5006,5007 product:mitsubishi"
199
200	CODESYS
201	"port:2455 operating system"
202
203	S7
204	"port:102"
205
206	BACnet
207	"port:47808"
208
209	HART-IP
210	"port:5094 hart-ip"
211
212	Omron FINS
213	"port:9600 response code"
214
215	IEC 60870-5-104
216	"port:2404 asdu address"
217
218	DNP3
219	"port:20000 source address"
220
221	EtherNet/IP
222	"port:44818"
223
224	PCWorx
225	"port:1962 PLC"
226
227	Crimson v3.0
228	"port:789 product:"Red Lion Controls"
229
230	ProConOS
231	"port:20547 PLC"
232
233	Remote Desktop
234	Unprotected VNC
235	"authentication disabled" port:5900,5901 "authentication disabled" "RFB 003.008"
236
237	Windows RDP
238	99.99% are secured by a secondary Windows login screen.
239
240	"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
241
242	C2 Infrastructure
243	CobaltStrike Servers
244	product:"cobalt strike team server" product:"Cobalt Strike Beacon" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik
245
246	Brute Ratel
247	http.html_hash:-1957161625 product:"Brute Ratel C4"
248
249	Covenant
250	ssl:”Covenant” http.component:”Blazor”
251
252	Metasploit
253	ssl:"MetasploitSelfSignedCA"
254
255	Network Infrastructure
256	Hacked routers:
257	Routers which got compromised hacked-router-help-sos
258
259	Redis open instances
260	product:"Redis key-value store"
261
262	Citrix:
263	Find Citrix Gateway. title:"citrix gateway"
264
265	Weave Scope Dashboards
266	Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.
267
268	title:"Weave Scope" http.favicon.hash:567176827
269
270	Jenkins CI
271	"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
272
273	Jenkins:
274	Jenkins Unrestricted Dashboard x-jenkins 200
275
276	Docker APIs
277	"Docker Containers:" port:2375
278
279	Docker Private Registries
280	"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab
281
282	Pi-hole Open DNS Servers
283	"dnsmasq-pi-hole" "Recursion: enabled"
284
285	DNS Servers with recursion
286	"port: 53" Recursion: Enabled
287
288	Already Logged-In as root via Telnet
289	"root@" port:23 -login -password -name -Session
290
291	Telnet Access:
292	NO password required for telnet access. port:23 console gateway
293
294	Polycom video-conference system no-auth shell
295	"polycom command shell"
296
297	NPort serial-to-eth / MoCA devices without password
298	nport -keyin port:23
299
300	Android Root Bridges
301	A tangential result of Google's sloppy fractured update approach. 🙄 More information here.
302
303	"Android Debug Bridge" "Device" port:5555
304
305	Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords
306	Lantronix password port:30718 -secured
307
308	Citrix Virtual Apps
309	"Citrix Applications:" port:1604
310
311	Cisco Smart Install
312	Vulnerable (kind of "by design," but especially when exposed).
313
314	"smart install client active"
315
316	PBX IP Phone Gateways
317	PBX "gateway console" -password port:23
318
319	Polycom Video Conferencing
320	http.title:"- Polycom" "Server: lighttpd" "Polycom Command Shell" -failed port:23
321
322	Telnet Configuration:
323	"Polycom Command Shell" -failed port:23
324
325	Example: Polycom Video Conferencing
326
327	Bomgar Help Desk Portal
328	"Server: Bomgar" "200 OK"
329
330	Intel Active Management CVE-2017-5689
331	"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995 ”Active Management Technology”
332
333	HP iLO 4 CVE-2017-12542
334	HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900
335
336	Lantronix ethernet adapter’s admin interface without password
337	"Press Enter for Setup Mode port:9999"
338
339	Wifi Passwords:
340	Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword"
341
342	Misconfigured Wordpress Sites:
343	The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file"
344
345	Outlook Web Access:
346	Exchange 2007
347	"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"
348
349	Exchange 2010
350	"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392
351
352	Exchange 2013 / 2016
353	"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"
354
355	Lync / Skype for Business
356	"X-MS-Server-Fqdn"
357
358	Network Attached Storage (NAS)
359	SMB (Samba) File Shares
360	Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.
361
362	"Authentication: disabled" port:445
363
364	Specifically domain controllers:
365	"Authentication: disabled" NETLOGON SYSVOL -unix port:445
366
367	Concerning default network shares of QuickBooks files:
368	"Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445
369
370	FTP Servers with Anonymous Login
371	"220" "230 Login successful." port:21
372
373	Iomega / LenovoEMC NAS Drives
374	"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"
375
376	Buffalo TeraStation NAS Drives
377	Redirecting sencha port:9000
378
379	Logitech Media Servers
380	"Server: Logitech Media Server" "200 OK"
381
382	Example: Logitech Media Servers
383
384	Plex Media Servers
385	"X-Plex-Protocol" "200 OK" port:32400
386
387	Tautulli / PlexPy Dashboards
388	"CherryPy/5.1.0" "/home"
389
390	Home router attached USB
391	"IPC$ all storage devices"
392
393	Webcams
394	Generic camera search
395	title:camera
396
397	Webcams with screenshots
398	webcam has_screenshot:true
399
400	D-Link webcams
401	"d-Link Internet Camera, 200 OK"
402
403	Hipcam
404	"Hipcam RealServer/V1.0"
405
406	Yawcams
407	"Server: yawcam" "Mime-Type: text/html"
408
409	webcamXP/webcam7
410	("webcam 7" OR "webcamXP") http.component:"mootools" -401
411
412	Android IP Webcam Server
413	"Server: IP Webcam Server" "200 OK"
414
415	Security DVRs
416	html:"DVR_H264 ActiveX"
417
418	Surveillance Cams:
419	With username:admin and password: :P NETSurveillance uc-httpd Server: uc-httpd 1.0.0
420
421	Printers & Copiers:
422	HP Printers
423	"Serial Number:" "Built:" "Server: HP HTTP"
424
425	Xerox Copiers/Printers
426	ssl:"Xerox Generic Root"
427
428	Epson Printers
429	"SERVER: EPSON_Linux UPnP" "200 OK"
430
431	"Server: EPSON-HTTP" "200 OK"
432
433	Canon Printers
434	"Server: KS_HTTP" "200 OK"
435
436	"Server: CANON HTTP Server"
437
438	Home Devices
439	Yamaha Stereos
440	"Server: AV_Receiver" "HTTP/1.1 406"
441
442	Apple AirPlay Receivers
443	Apple TVs, HomePods, etc.
444
445	"\x08_airplay" port:5353
446
447	Chromecasts / Smart TVs
448	"Chromecast:" port:8008
449
450	Crestron Smart Home Controllers
451	"Model: PYNG-HUB"
452
453	Random Stuff
454	Calibre libraries
455	"Server: calibre" http.status:200 http.title:calibre
456
457	OctoPrint 3D Printer Controllers
458	title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
459
460	Etherium Miners
461	"ETH - Total speed"
462
463	Apache Directory Listings
464	Substitute .pem with any extension or a filename like phpinfo.php.
465
466	http.title:"Index of /" http.html:".pem"
467
468	Misconfigured WordPress
469	Exposed wp-config.php files containing database credentials.
470
471	http.html:"* The wp-config.php creation script uses this file"
472
473	Too Many Minecraft Servers
474	"Minecraft Server" "protocol 340" port:25565
475
476	Literally Everything in North Korea
477	net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24