Information Gathering with Metasploit: Shodan

Information Gathering is one of the most important factors in Penetration Testing. The more information you got of a target, the higher the chances that you successfully penetrate the system. In this tutorial, we will learn about Information Gathering with Metasploit, specifically Metasploit and the powerful Shodan.

Shodan is integrated into the Metasploit Framework. To use it, you first have to create a Free account with Shodan.io, because we need to have an API Key.

Once you are done with the registration, we can fire up Metasploit and get started. If you want to learn some Metasploit Basics, check out this article first.

Setting up Shodan with Metasploit

Before we can start Information Gathering with Metasploit, we need to set up the API Key. Launch Metasploit first and set it to the Shodan Module.

use auxiliarly/gather/shodan_search
info
Code language: PHP (php)
Information Gathering with Metasploit

Running <info> will give you some additional information about the module. We also can see the Basic Options, where we will set up the API Key next.

Information Gathering with Metasploit

Open shodan.io in your browser. On the top right corner, you see “Show API Key“. Click on it to reveal your key. Copy it.

Information Gathering with Metasploit

Back in Metasploit, set your API Key.

set SHODAN_APIKEY PasteYourKeyHereCode language: JavaScript (javascript)
Information Gathering with Metasploit

Using Shodan search in Metasploit

Now you can run a quick:

show options
Information Gathering with Metasploit

And you see that we have to set a search Query. To familiarize yourself with the Shodan Query Syntax, check out their official documentation.

To set a query we have to type:

set QUERY webcamxpCode language: JavaScript (javascript)

To search for accessible webcams. Using the Free Shodan Account, it is not possible to filter countries or cities within Metasploit, however, you are able to filter for countries using their Website. To run the search type:

run
Information Gathering with Metasploit

Now you can see a list of random webcams popping up. Picking a random one lets us watch some ladies cut hair.

Information Gathering with Metasploit

You can use the same method of searching for different things, although, things get interesting once you are able to use filters. If you use Shodan for professional work, I highly recommend upgrading to the paid plan.

Saving the Shodan configuration

If you don’t want to enter your API Key again every time you start Metasploit, there is a trick on how to save your configuration.

setg SHODAN_APIKEY YourAPIKey
save

This saves your API Key globally, next time you fire up Metasploit, it will be automatically set.

Conclusion

Shodan is a handy tool if you can pin down the location of your target and check if it has any internet-facing devices. The PRO version definitely has its merits over the free version, but this way, you can try and see if you like to use Shodan!

4 thoughts on “Information Gathering with Metasploit: Shodan”

  1. i have paid shodan api key – when i run the above i get this error
    Auxiliary aborted due to failure: bad-config: 401 Unauthorized. Your SHODAN_APIKEY is invalid
    [*] Auxiliary module execution completed

    please help

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap