Information Gathering with Metasploit: Shodan

Information Gathering is one of the most important factors in Penetration Testing. The more information you got of a target, the higher the chances that you successfully penetrate the system. In this tutorial, we will learn about Information Gathering with Metasploit, specifically Metasploit and the powerful Shodan.

Shodan is integrated into the Metasploit Framework. To use it, you first have to create a Free account with Shodan.io, because we need to have an API Key.

Once you are done with the registration, we can fire up Metasploit and get started.

 

Setting up Shodan with Metasploit

Before we can start Information Gathering with Metasploit, we need to set up the API Key. Launch Metasploit first and set it to the Shodan Module.

use auxiliarly/gather/shodan_search
info

Information Gathering with Metasploit

Running <info> will give you some additional information about the module. We also can see the Basic Options, where we will set up the API Key next.

Information Gathering with Metasploit

Open shodan.io in your browser. On the top right-corner, you see “Show API Key”. Click on it to reveal your key. Copy it.

Information Gathering with Metasploit

 

Back in Metasploit, set your API Key.

set SHODAN_APIKEY PasteYourKeyHere

Information Gathering with Metasploit

 

 

Using Shodan search in Metasploit

Now you can run a quick:

show options

Information Gathering with Metasploit

And you see that we have to set a search Query. To familiarize yourself with the Shodan Query Syntax, check out their official documentation.

To set a query we have to type:

set QUERY webcamxp

 

To search for accessible webcams. Using the Free Shodan Account, it is not possible to filter countries or cities within Metasploit, however, you are able to filter for countries using their Website. To run the search type:

run

Information Gathering with Metasploit

 

Now you can see a list of random webcams popping up. Picking a random one lets us watch some ladies cut hair.

Information Gathering with Metasploit

 

You can use the same method of searching for different things, although, things get interesting once you are able to use filters. If you use Shodan for professional work, I highly recommend upgrading to the paid plan.

 

Saving the Shodan configuration

If you don’t want to enter your API Key again every time you start Metasploit, there is a trick on how to save your configuration.

setg SHODAN_APIKEY YourAPIKey
save

This saves your API Key globally, next time you fire up Metasploit, it will be automatically set.

Conclusion

Shodan is a handy tool if you can pin down the location of your target and check if it has any internet facing devices. The PRO version definitely has its merits over the free version, but this way you can try and see if you like to use Shodan!

Tell us what you think!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: