shodan-dorks.md - Opengist

shodan-dorks.txt · 11 KiB · Text Raw

Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions From: https://github.com/lothos612/shodan Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates. geo:"56.913055,118.250862" Location country:us country:ru country:de city:chicago hostname: Find devices matching the hostname. server: "gws" hostname:"google" hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org net: Find devices based on an IP address or /x CIDR. net:210.214.0.0/16 Organization org:microsoft org:"United States Department" Autonomous System Number (ASN) asn:ASxxxx os: Find devices based on operating system. os:"windows 7" port: Find devices based on open ports. proftpd port:21 before/after: Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010 SSL/TLS Certificates Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com Expired certificates ssl.cert.expired:true ssl.cert.subject.cn:example.com Device Type device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge Operating System os:"windows 7" os:"windows server 2012" os:"linux 3.x" Product product:apache product:nginx product:android product:chromecast Customer Premises Equipment (CPE) cpe:apple cpe:microsoft cpe:nginx cpe:cisco Server server: nginx server: apache server: microsoft server: cisco-ios ssh fingerprints dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0 Web Pulse Secure http.html:/dana-na PEM Certificates http.title:"Index of /" http.html:".pem" Tor / Dark Web sites onion-location Databases MySQL "product:MySQL" mysql port:"3306" MongoDB "product:MongoDB" mongodb port:27017 Fully open MongoDBs "MongoDB Server Information { "metrics":" "Set-Cookie: mongo-express=" "200 OK" "MongoDB Server Information" port:27017 -authentication Kibana dashboards without authentication kibana content-legth:217 elastic port:9200 json port:"9200" all:elastic port:"9200" all:"elastic indices" Memcached "product:Memcached" CouchDB "product:CouchDB" port:"5984"+Server: "CouchDB/2.1.0" PostgreSQL "port:5432 PostgreSQL" Riak "port:8087 Riak" Redis "product:Redis" Cassandra "product:Cassandra" Industrial Control Systems Samsung Electronic Billboards "Server: Prismview Player" Gas Station Pump Controllers "in-tank inventory" port:10001 Fuel Pumps connected to internet: No auth required to access CLI terminal. "privileged command" GET Automatic License Plate Readers P372 "ANPR enabled" Traffic Light Controllers / Red Light Cameras mikrotik streetlight Voting Machines in the United States "voter system serial" country:US Open ATM: May allow for ATM Access availability NCR Port:"161" Telcos Running Cisco Lawful Intercept Wiretaps "Cisco IOS" "ADVIPSERVICESK9_LI-M" Prison Pay Phones "[2J[H Encartele Confidential" Tesla PowerPack Charging Status http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 Electric Vehicle Chargers "Server: gSOAP/2.8" "Content-Length: 583" Maritime Satellites Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too! "Cobham SATCOM" OR ("Sailor" "VSAT") Submarine Mission Control Dashboards title:"Slocum Fleet Mission Control" CAREL PlantVisor Refrigeration Units "Server: CarelDataServer" "200 Document follows" Nordex Wind Turbine Farms http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)" C4 Max Commercial Vehicle GPS Trackers "[1m[35mWelcome on console" DICOM Medical X-Ray Machines Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet. "DICOM Server Response" port:104 GaugeTech Electricity Meters "Server: EIG Embedded Web Server" "200 Document follows" Siemens Industrial Automation "Siemens, SIMATIC" port:161 Siemens HVAC Controllers "Server: Microsoft-WinCE" "Content-Length: 12581" Door / Lock Access Controllers "HID VertX" port:4070 Railroad Management "log off" "select the appropriate" Tesla Powerpack charging Status: Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 XZERES Wind Turbine title:"xzeres wind" PIPS Automated License Plate Reader "html:"PIPS Technology ALPR Processors"" Modbus "port:502" Niagara Fox "port:1911,4911 product:Niagara" GE-SRTP "port:18245,18246 product:"general electric"" MELSEC-Q "port:5006,5007 product:mitsubishi" CODESYS "port:2455 operating system" S7 "port:102" BACnet "port:47808" HART-IP "port:5094 hart-ip" Omron FINS "port:9600 response code" IEC 60870-5-104 "port:2404 asdu address" DNP3 "port:20000 source address" EtherNet/IP "port:44818" PCWorx "port:1962 PLC" Crimson v3.0 "port:789 product:"Red Lion Controls" ProConOS "port:20547 PLC" Remote Desktop Unprotected VNC "authentication disabled" port:5900,5901 "authentication disabled" "RFB 003.008" Windows RDP 99.99% are secured by a secondary Windows login screen. "\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00" C2 Infrastructure CobaltStrike Servers product:"cobalt strike team server" product:"Cobalt Strike Beacon" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik Brute Ratel http.html_hash:-1957161625 product:"Brute Ratel C4" Covenant ssl:”Covenant” http.component:”Blazor” Metasploit ssl:"MetasploitSelfSignedCA" Network Infrastructure Hacked routers: Routers which got compromised hacked-router-help-sos Redis open instances product:"Redis key-value store" Citrix: Find Citrix Gateway. title:"citrix gateway" Weave Scope Dashboards Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure. title:"Weave Scope" http.favicon.hash:567176827 Jenkins CI "X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard" Jenkins: Jenkins Unrestricted Dashboard x-jenkins 200 Docker APIs "Docker Containers:" port:2375 Docker Private Registries "Docker-Distribution-Api-Version: registry" "200 OK" -gitlab Pi-hole Open DNS Servers "dnsmasq-pi-hole" "Recursion: enabled" DNS Servers with recursion "port: 53" Recursion: Enabled Already Logged-In as root via Telnet "root@" port:23 -login -password -name -Session Telnet Access: NO password required for telnet access. port:23 console gateway Polycom video-conference system no-auth shell "polycom command shell" NPort serial-to-eth / MoCA devices without password nport -keyin port:23 Android Root Bridges A tangential result of Google's sloppy fractured update approach. 🙄 More information here. "Android Debug Bridge" "Device" port:5555 Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords Lantronix password port:30718 -secured Citrix Virtual Apps "Citrix Applications:" port:1604 Cisco Smart Install Vulnerable (kind of "by design," but especially when exposed). "smart install client active" PBX IP Phone Gateways PBX "gateway console" -password port:23 Polycom Video Conferencing http.title:"- Polycom" "Server: lighttpd" "Polycom Command Shell" -failed port:23 Telnet Configuration: "Polycom Command Shell" -failed port:23 Example: Polycom Video Conferencing Bomgar Help Desk Portal "Server: Bomgar" "200 OK" Intel Active Management CVE-2017-5689 "Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995 ”Active Management Technology” HP iLO 4 CVE-2017-12542 HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900 Lantronix ethernet adapter’s admin interface without password "Press Enter for Setup Mode port:9999" Wifi Passwords: Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword" Misconfigured Wordpress Sites: The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file" Outlook Web Access: Exchange 2007 "x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0" Exchange 2010 "x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392 Exchange 2013 / 2016 "X-AspNet-Version" http.title:"Outlook" -"x-owa-version" Lync / Skype for Business "X-MS-Server-Fqdn" Network Attached Storage (NAS) SMB (Samba) File Shares Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc. "Authentication: disabled" port:445 Specifically domain controllers: "Authentication: disabled" NETLOGON SYSVOL -unix port:445 Concerning default network shares of QuickBooks files: "Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445 FTP Servers with Anonymous Login "220" "230 Login successful." port:21 Iomega / LenovoEMC NAS Drives "Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In" Buffalo TeraStation NAS Drives Redirecting sencha port:9000 Logitech Media Servers "Server: Logitech Media Server" "200 OK" Example: Logitech Media Servers Plex Media Servers "X-Plex-Protocol" "200 OK" port:32400 Tautulli / PlexPy Dashboards "CherryPy/5.1.0" "/home" Home router attached USB "IPC$ all storage devices" Webcams Generic camera search title:camera Webcams with screenshots webcam has_screenshot:true D-Link webcams "d-Link Internet Camera, 200 OK" Hipcam "Hipcam RealServer/V1.0" Yawcams "Server: yawcam" "Mime-Type: text/html" webcamXP/webcam7 ("webcam 7" OR "webcamXP") http.component:"mootools" -401 Android IP Webcam Server "Server: IP Webcam Server" "200 OK" Security DVRs html:"DVR_H264 ActiveX" Surveillance Cams: With username:admin and password: :P NETSurveillance uc-httpd Server: uc-httpd 1.0.0 Printers & Copiers: HP Printers "Serial Number:" "Built:" "Server: HP HTTP" Xerox Copiers/Printers ssl:"Xerox Generic Root" Epson Printers "SERVER: EPSON_Linux UPnP" "200 OK" "Server: EPSON-HTTP" "200 OK" Canon Printers "Server: KS_HTTP" "200 OK" "Server: CANON HTTP Server" Home Devices Yamaha Stereos "Server: AV_Receiver" "HTTP/1.1 406" Apple AirPlay Receivers Apple TVs, HomePods, etc. "\x08_airplay" port:5353 Chromecasts / Smart TVs "Chromecast:" port:8008 Crestron Smart Home Controllers "Model: PYNG-HUB" Random Stuff Calibre libraries "Server: calibre" http.status:200 http.title:calibre OctoPrint 3D Printer Controllers title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944 Etherium Miners "ETH - Total speed" Apache Directory Listings Substitute .pem with any extension or a filename like phpinfo.php. http.title:"Index of /" http.html:".pem" Misconfigured WordPress Exposed wp-config.php files containing database credentials. http.html:"* The wp-config.php creation script uses this file" Too Many Minecraft Servers "Minecraft Server" "protocol 340" port:25565 Literally Everything in North Korea net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24

1	Shodan Dorks by twitter.com/lothos612
2	Feel free to make suggestions
3	From: https://github.com/lothos612/shodan
4
5	Shodan Dorks
6	Basic Shodan Filters
7	city:
8	Find devices in a particular city. city:"Bangalore"
9
10	country:
11	Find devices in a particular country. country:"IN"
12
13	geo:
14	Find devices by giving geographical coordinates. geo:"56.913055,118.250862"
15
16	Location
17	country:us country:ru country:de city:chicago
18
19	hostname:
20	Find devices matching the hostname. server: "gws" hostname:"google" hostname:example.com -hostname:subdomain.example.com hostname:example.com,example.org
21
22	net:
23	Find devices based on an IP address or /x CIDR. net:210.214.0.0/16
24
25	Organization
26	org:microsoft org:"United States Department"
27
28	Autonomous System Number (ASN)
29	asn:ASxxxx
30
31	os:
32	Find devices based on operating system. os:"windows 7"
33
34	port:
35	Find devices based on open ports. proftpd port:21
36
37	before/after:
38	Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010
39
40	SSL/TLS Certificates
41	Self signed certificates ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com
42
43	Expired certificates ssl.cert.expired:true
44
45	ssl.cert.subject.cn:example.com
46
47	Device Type
48	device:firewall device:router device:wap device:webcam device:media device:"broadband router" device:pbx device:printer device:switch device:storage device:specialized device:phone device:"voip" device:"voip phone" device:"voip adaptor" device:"load balancer" device:"print server" device:terminal device:remote device:telecom device:power device:proxy device:pda device:bridge
49
50	Operating System
51	os:"windows 7" os:"windows server 2012" os:"linux 3.x"
52
53	Product
54	product:apache product:nginx product:android product:chromecast
55
56	Customer Premises Equipment (CPE)
57	cpe:apple cpe:microsoft cpe:nginx cpe:cisco
58
59	Server
60	server: nginx server: apache server: microsoft server: cisco-ios
61
62	ssh fingerprints
63	dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0
64
65	Web
66	Pulse Secure
67	http.html:/dana-na
68
69	PEM Certificates
70	http.title:"Index of /" http.html:".pem"
71
72	Tor / Dark Web sites
73	onion-location
74
75	Databases
76	MySQL
77	"product:MySQL" mysql port:"3306"
78
79	MongoDB
80	"product:MongoDB" mongodb port:27017
81
82	Fully open MongoDBs
83	"MongoDB Server Information { "metrics":" "Set-Cookie: mongo-express=" "200 OK" "MongoDB Server Information" port:27017 -authentication
84
85	Kibana dashboards without authentication
86	kibana content-legth:217
87
88	elastic
89	port:9200 json port:"9200" all:elastic port:"9200" all:"elastic indices"
90
91	Memcached
92	"product:Memcached"
93
94	CouchDB
95	"product:CouchDB" port:"5984"+Server: "CouchDB/2.1.0"
96
97	PostgreSQL
98	"port:5432 PostgreSQL"
99
100	Riak
101	"port:8087 Riak"
102
103	Redis
104	"product:Redis"
105
106	Cassandra
107	"product:Cassandra"
108
109	Industrial Control Systems
110	Samsung Electronic Billboards
111	"Server: Prismview Player"
112
113	Gas Station Pump Controllers
114	"in-tank inventory" port:10001
115
116	Fuel Pumps connected to internet:
117	No auth required to access CLI terminal. "privileged command" GET
118
119	Automatic License Plate Readers
120	P372 "ANPR enabled"
121
122	Traffic Light Controllers / Red Light Cameras
123	mikrotik streetlight
124
125	Voting Machines in the United States
126	"voter system serial" country:US
127
128	Open ATM:
129	May allow for ATM Access availability NCR Port:"161"
130
131	Telcos Running Cisco Lawful Intercept Wiretaps
132	"Cisco IOS" "ADVIPSERVICESK9_LI-M"
133
134	Prison Pay Phones
135	"[2J[H Encartele Confidential"
136
137	Tesla PowerPack Charging Status
138	http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
139
140	Electric Vehicle Chargers
141	"Server: gSOAP/2.8" "Content-Length: 583"
142
143	Maritime Satellites
144	Shodan made a pretty sweet Ship Tracker that maps ship locations in real time, too!
145
146	"Cobham SATCOM" OR ("Sailor" "VSAT")
147
148	Submarine Mission Control Dashboards
149	title:"Slocum Fleet Mission Control"
150
151	CAREL PlantVisor Refrigeration Units
152	"Server: CarelDataServer" "200 Document follows"
153
154	Nordex Wind Turbine Farms
155	http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"
156
157	C4 Max Commercial Vehicle GPS Trackers
158	"[1m[35mWelcome on console"
159
160	DICOM Medical X-Ray Machines
161	Secured by default, thankfully, but these 1,700+ machines still have no business being on the internet.
162
163	"DICOM Server Response" port:104
164
165	GaugeTech Electricity Meters
166	"Server: EIG Embedded Web Server" "200 Document follows"
167
168	Siemens Industrial Automation
169	"Siemens, SIMATIC" port:161
170
171	Siemens HVAC Controllers
172	"Server: Microsoft-WinCE" "Content-Length: 12581"
173
174	Door / Lock Access Controllers
175	"HID VertX" port:4070
176
177	Railroad Management
178	"log off" "select the appropriate"
179
180	Tesla Powerpack charging Status:
181	Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2
182
183	XZERES Wind Turbine
184	title:"xzeres wind"
185
186	PIPS Automated License Plate Reader
187	"html:"PIPS Technology ALPR Processors""
188
189	Modbus
190	"port:502"
191
192	Niagara Fox
193	"port:1911,4911 product:Niagara"
194
195	GE-SRTP
196	"port:18245,18246 product:"general electric""
197
198	MELSEC-Q
199	"port:5006,5007 product:mitsubishi"
200
201	CODESYS
202	"port:2455 operating system"
203
204	S7
205	"port:102"
206
207	BACnet
208	"port:47808"
209
210	HART-IP
211	"port:5094 hart-ip"
212
213	Omron FINS
214	"port:9600 response code"
215
216	IEC 60870-5-104
217	"port:2404 asdu address"
218
219	DNP3
220	"port:20000 source address"
221
222	EtherNet/IP
223	"port:44818"
224
225	PCWorx
226	"port:1962 PLC"
227
228	Crimson v3.0
229	"port:789 product:"Red Lion Controls"
230
231	ProConOS
232	"port:20547 PLC"
233
234	Remote Desktop
235	Unprotected VNC
236	"authentication disabled" port:5900,5901 "authentication disabled" "RFB 003.008"
237
238	Windows RDP
239	99.99% are secured by a secondary Windows login screen.
240
241	"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
242
243	C2 Infrastructure
244	CobaltStrike Servers
245	product:"cobalt strike team server" product:"Cobalt Strike Beacon" ssl.cert.serial:146473198 - default certificate serial number ssl.jarm:07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 ssl:foren.zik
246
247	Brute Ratel
248	http.html_hash:-1957161625 product:"Brute Ratel C4"
249
250	Covenant
251	ssl:”Covenant” http.component:”Blazor”
252
253	Metasploit
254	ssl:"MetasploitSelfSignedCA"
255
256	Network Infrastructure
257	Hacked routers:
258	Routers which got compromised hacked-router-help-sos
259
260	Redis open instances
261	product:"Redis key-value store"
262
263	Citrix:
264	Find Citrix Gateway. title:"citrix gateway"
265
266	Weave Scope Dashboards
267	Command-line access inside Kubernetes pods and Docker containers, and real-time visualization/monitoring of the entire infrastructure.
268
269	title:"Weave Scope" http.favicon.hash:567176827
270
271	Jenkins CI
272	"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Dashboard"
273
274	Jenkins:
275	Jenkins Unrestricted Dashboard x-jenkins 200
276
277	Docker APIs
278	"Docker Containers:" port:2375
279
280	Docker Private Registries
281	"Docker-Distribution-Api-Version: registry" "200 OK" -gitlab
282
283	Pi-hole Open DNS Servers
284	"dnsmasq-pi-hole" "Recursion: enabled"
285
286	DNS Servers with recursion
287	"port: 53" Recursion: Enabled
288
289	Already Logged-In as root via Telnet
290	"root@" port:23 -login -password -name -Session
291
292	Telnet Access:
293	NO password required for telnet access. port:23 console gateway
294
295	Polycom video-conference system no-auth shell
296	"polycom command shell"
297
298	NPort serial-to-eth / MoCA devices without password
299	nport -keyin port:23
300
301	Android Root Bridges
302	A tangential result of Google's sloppy fractured update approach. 🙄 More information here.
303
304	"Android Debug Bridge" "Device" port:5555
305
306	Lantronix Serial-to-Ethernet Adapter Leaking Telnet Passwords
307	Lantronix password port:30718 -secured
308
309	Citrix Virtual Apps
310	"Citrix Applications:" port:1604
311
312	Cisco Smart Install
313	Vulnerable (kind of "by design," but especially when exposed).
314
315	"smart install client active"
316
317	PBX IP Phone Gateways
318	PBX "gateway console" -password port:23
319
320	Polycom Video Conferencing
321	http.title:"- Polycom" "Server: lighttpd" "Polycom Command Shell" -failed port:23
322
323	Telnet Configuration:
324	"Polycom Command Shell" -failed port:23
325
326	Example: Polycom Video Conferencing
327
328	Bomgar Help Desk Portal
329	"Server: Bomgar" "200 OK"
330
331	Intel Active Management CVE-2017-5689
332	"Intel(R) Active Management Technology" port:623,664,16992,16993,16994,16995 ”Active Management Technology”
333
334	HP iLO 4 CVE-2017-12542
335	HP-ILO-4 !"HP-ILO-4/2.53" !"HP-ILO-4/2.54" !"HP-ILO-4/2.55" !"HP-ILO-4/2.60" !"HP-ILO-4/2.61" !"HP-ILO-4/2.62" !"HP-iLO-4/2.70" port:1900
336
337	Lantronix ethernet adapter’s admin interface without password
338	"Press Enter for Setup Mode port:9999"
339
340	Wifi Passwords:
341	Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword"
342
343	Misconfigured Wordpress Sites:
344	The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file"
345
346	Outlook Web Access:
347	Exchange 2007
348	"x-owa-version" "IE=EmulateIE7" "Server: Microsoft-IIS/7.0"
349
350	Exchange 2010
351	"x-owa-version" "IE=EmulateIE7" http.favicon.hash:442749392
352
353	Exchange 2013 / 2016
354	"X-AspNet-Version" http.title:"Outlook" -"x-owa-version"
355
356	Lync / Skype for Business
357	"X-MS-Server-Fqdn"
358
359	Network Attached Storage (NAS)
360	SMB (Samba) File Shares
361	Produces ~500,000 results...narrow down by adding "Documents" or "Videos", etc.
362
363	"Authentication: disabled" port:445
364
365	Specifically domain controllers:
366	"Authentication: disabled" NETLOGON SYSVOL -unix port:445
367
368	Concerning default network shares of QuickBooks files:
369	"Authentication: disabled" "Shared this folder to access QuickBooks files OverNetwork" -unix port:445
370
371	FTP Servers with Anonymous Login
372	"220" "230 Login successful." port:21
373
374	Iomega / LenovoEMC NAS Drives
375	"Set-Cookie: iomega=" -"manage/login.html" -http.title:"Log In"
376
377	Buffalo TeraStation NAS Drives
378	Redirecting sencha port:9000
379
380	Logitech Media Servers
381	"Server: Logitech Media Server" "200 OK"
382
383	Example: Logitech Media Servers
384
385	Plex Media Servers
386	"X-Plex-Protocol" "200 OK" port:32400
387
388	Tautulli / PlexPy Dashboards
389	"CherryPy/5.1.0" "/home"
390
391	Home router attached USB
392	"IPC$ all storage devices"
393
394	Webcams
395	Generic camera search
396	title:camera
397
398	Webcams with screenshots
399	webcam has_screenshot:true
400
401	D-Link webcams
402	"d-Link Internet Camera, 200 OK"
403
404	Hipcam
405	"Hipcam RealServer/V1.0"
406
407	Yawcams
408	"Server: yawcam" "Mime-Type: text/html"
409
410	webcamXP/webcam7
411	("webcam 7" OR "webcamXP") http.component:"mootools" -401
412
413	Android IP Webcam Server
414	"Server: IP Webcam Server" "200 OK"
415
416	Security DVRs
417	html:"DVR_H264 ActiveX"
418
419	Surveillance Cams:
420	With username:admin and password: :P NETSurveillance uc-httpd Server: uc-httpd 1.0.0
421
422	Printers & Copiers:
423	HP Printers
424	"Serial Number:" "Built:" "Server: HP HTTP"
425
426	Xerox Copiers/Printers
427	ssl:"Xerox Generic Root"
428
429	Epson Printers
430	"SERVER: EPSON_Linux UPnP" "200 OK"
431
432	"Server: EPSON-HTTP" "200 OK"
433
434	Canon Printers
435	"Server: KS_HTTP" "200 OK"
436
437	"Server: CANON HTTP Server"
438
439	Home Devices
440	Yamaha Stereos
441	"Server: AV_Receiver" "HTTP/1.1 406"
442
443	Apple AirPlay Receivers
444	Apple TVs, HomePods, etc.
445
446	"\x08_airplay" port:5353
447
448	Chromecasts / Smart TVs
449	"Chromecast:" port:8008
450
451	Crestron Smart Home Controllers
452	"Model: PYNG-HUB"
453
454	Random Stuff
455	Calibre libraries
456	"Server: calibre" http.status:200 http.title:calibre
457
458	OctoPrint 3D Printer Controllers
459	title:"OctoPrint" -title:"Login" http.favicon.hash:1307375944
460
461	Etherium Miners
462	"ETH - Total speed"
463
464	Apache Directory Listings
465	Substitute .pem with any extension or a filename like phpinfo.php.
466
467	http.title:"Index of /" http.html:".pem"
468
469	Misconfigured WordPress
470	Exposed wp-config.php files containing database credentials.
471
472	http.html:"* The wp-config.php creation script uses this file"
473
474	Too Many Minecraft Servers
475	"Minecraft Server" "protocol 340" port:25565
476
477	Literally Everything in North Korea
478	net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24