Information Gathering is one of the most important factors in Penetration Testing. The more information you got of a target, the higher the chances that you successfully penetrate the system. In this tutorial, we will learn about Information Gathering with Metasploit, specifically Metasploit and the powerful Shodan.
Shodan is integrated into the Metasploit Framework. To use it, you first have to create a Free account with Shodan.io, because we need to have an API Key.
Once you are done with the registration, we can fire up Metasploit and get started.
Setting up Shodan with Metasploit
Before we can start Information Gathering with Metasploit, we need to set up the API Key. Launch Metasploit first and set it to the Shodan Module.
use auxiliarly/gather/shodan_search info
Running <info> will give you some additional information about the module. We also can see the Basic Options, where we will set up the API Key next.
Open shodan.io in your browser. On the top right-corner, you see “Show API Key”. Click on it to reveal your key. Copy it.
Back in Metasploit, set your API Key.
set SHODAN_APIKEY PasteYourKeyHere
Using Shodan search in Metasploit
Now you can run a quick:
And you see that we have to set a search Query. To familiarize yourself with the Shodan Query Syntax, check out their official documentation.
To set a query we have to type:
set QUERY webcamxp
To search for accessible webcams. Using the Free Shodan Account, it is not possible to filter countries or cities within Metasploit, however, you are able to filter for countries using their Website. To run the search type:
Now you can see a list of random webcams popping up. Picking a random one lets us watch some ladies cut hair.
You can use the same method of searching for different things, although, things get interesting once you are able to use filters. If you use Shodan for professional work, I highly recommend upgrading to the paid plan.
Saving the Shodan configuration
If you don’t want to enter your API Key again every time you start Metasploit, there is a trick on how to save your configuration.
setg SHODAN_APIKEY YourAPIKey save
This saves your API Key globally, next time you fire up Metasploit, it will be automatically set.
Shodan is a handy tool if you can pin down the location of your target and check if it has any internet facing devices. The PRO version definitely has its merits over the free version, but this way you can try and see if you like to use Shodan!