Professional Documents
Culture Documents
How To Find Vulnerable Webcams Across The Globe Using Shodan Null Byte WonderHowTo
How To Find Vulnerable Webcams Across The Globe Using Shodan Null Byte WonderHowTo
NULL BYTE
H OW TO
S earch engines index websites on the web so you can find them more efficiently, and the
same is true for internet-connected devices. Shodan indexes devices like webcams, printers,
and even industrial controls into one easy-to-search database, giving hackers access to
vulnerable devices online across the globe. And you can search its database via its website or
command-line library.
Shodan has changed the way hackers build tools, as it allows for a large part of the target
discovery phase to be automated. Rather than needing to scan the entire internet, hackers can
enter the right search terms to get a massive list of potential targets. Shodan's Python library
allows hackers to quickly write Python scripts that fill in potential targets according to which
vulnerable devices connect at any given moment.
1 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
You can imagine hunting for vulnerable devices as similar to trying to find all the pages on the
internet about a specific topic. Rather than searching every page available on the web yourself,
you can enter a particular term into a search engine to get the most up-to-date, relevant results.
The same is true for discovering connected devices, and what you can find online may surprise
you!
Step 1
Log in to Shodan
First, whether using the website or the command line, you need to log in to shodanhq.com in a
web browser. Although you can use Shodan without logging in, Shodan restricts some of its
capabilities to only logged-in users. For instance, you can only view one page of search results
without logging in. And you can only see two pages of search results when logged in to a free
account. As for the command line, you will need your API Key to perform some requests.
2 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Step 2
Collecting shodan
Downloading https://files.pythonhosted.org/packages/22/93/22500512fd9d1799361505a1537a6
100% |████████████████████████████████| 51kB 987kB/s
Requirement already satisfied: XlsxWriter in /usr/lib/python2.7/dist-packages (from shoda
Requirement already satisfied: click in /usr/lib/python2.7/dist-packages (from shodan) (7
Collecting click-plugins (from shodan)
Downloading https://files.pythonhosted.org/packages/e9/da/824b92d9942f4e472702488857914
Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from shodan)
Requirement already satisfied: requests>=2.2.1 in /usr/lib/python2.7/dist-packages (from
Building wheels for collected packages: shodan
Running setup.py bdist_wheel for shodan ... done
Stored in directory: /root/.cache/pip/wheels/fb/99/c7/f763e695efe05966126e1a114ef7241dc
Successfully built shodan
Installing collected packages: click-plugins, shodan
Successfully installed click-plugins-1.1.1 shodan-1.14.0
Then, you can see all the available options -h to bring up the help menu.
3 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
~$ shodan -h
Options:
-h, --help Show this message and exit.
Commands:
alert Manage the network alerts for your account
convert Convert the given input data file into a different format.
count Returns the number of results for a search
data Bulk data access to Shodan
domain View all available information for a domain
download Download search results and save them in a compressed JSON...
honeyscore Check whether the IP is a honeypot or not.
host View all available information for an IP address
info Shows general information about your account
init Initialize the Shodan command-line
myip Print your external IP address
org Manage your organization's access to Shodan
parse Extract information out of compressed JSON files.
radar Real-Time Map of some results as Shodan finds them.
scan Scan an IP/ netblock using Shodan.
search Search the Shodan database
stats Provide summary information about a search query
stream Stream data in real-time.
version Print version of this tool.
These controls are pretty straightforward, but not all of them work without connecting it to
your Shodan API Key. In a web browser, log in to your Shodan account, then go to "My
Account" where you'll see your unique API Key. Copy it, then use the init command to connect
the key.
• Don't Miss How to Use the Shodan API with Python to Automate Scans for Vulnerable
Devices (Like Mr. Robot)
Successfully initialized
Step 3
4 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
There are many ways to find webcams on Shodan. Usually, using the name of the webcam's
manufacturer or webcam server is a good start. Shodan indexes the information in the banner,
not the content, which means that if the manufacturer puts its name in the banner, you can
search by it. If it doesn't, then the search will be fruitless.
One of my favorites is webcamxp, a webcam and network camera software designed for older
Windows systems. After typing this into the Shodan search engine online, it pulls up links to
hundreds, if not thousands, of web-enabled security cameras around the world.
To do this from the command line, use the search option. (Results below truncated.)
115.135.██.185 8086
5 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
...
(END)
To exit results, hit Q on your keyboard. If you only want to see certain fields instead of
everything, there are ways to omit some information. First, let's see how the syntax works by
viewing the help page for search.
~$ shodan search -h
Options:
--color / --no-color
--fields TEXT List of properties to show in the search results.
--limit INTEGER The number of search results that should be returned.
Maximum: 1000
--separator TEXT The separator between the properties of the search
results.
-h, --help Show this message and exit.
Unfortunately, the help page does not list all of the available fields you can search, but
Shodan's website has a handy list, seen below.
Properties:
6 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Optional Properties:
uptime [Integer] The number of minutes that the device has been onli
link [String] The network link type. Possible values are: "Etherne
title [String] The title of the website as extracted from the HTML
html [String] The raw HTML source for the website.
product [String] The name of the product that generated the banner.
version [String] The version of the product that generated the banner
devicetype [String] The type of device (webcam, router, etc.).
info [String] Miscellaneous information that was extracted about t
cpe [String] The relevant Common Platform Enumeration for the pro
SSL Properties:
If the service uses SSL, such as HTTPS, then the banner will also contain a property call
So, if we wanted to only view the IP address, port number, organization name, and hostnames
for the IP address, we could use --fields as such:
7 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
(END)
Look through the results and find webcams you want to try out. Input their domain name into
a browser and see if you get instant access. Here is an array of open webcams from various
hotels in Palafrugell, Spain, that I was able to access without any login credentials:
8 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Although it can be fun and exciting to voyeuristically watch what's going on in front of these
unprotected security cameras, unbeknownst to people around the world, you probably want to
be more specific in your search for webcams.
There is no guarantee that any of those will work, but many inattentive and lazy
administrators simply leave the default settings in place. In those cases, the default usernames
and passwords for the hardware or software will give you access to confidential and private
webcams around the world.
Step 4
9 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Now that we know how to find webcams and potentially log in to them using default
usernames and passwords, let's get more specific and try to find webcams in a specific
geographical location. For example, if we were interested in webcams by the manufacturer
WebcamXP in Australia, we could find them by typing webcamxp country:AU into the search
box on Shodan's website.
So how would we do an advanced search in the command line? Here's a quick list of some of
the things you can search for in Shodan via the command line:
10 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
On the website, searching for webcamxp country:AU will pull up a list of every WebcamXP in
Australia that is web-enabled in Shodan's index, as shown below.
Step 5
11 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
When we click on one of these links, we find ourselves in someone's backyard in Sydney,
Australia!
Step 6
12 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
In this case, we will be looking for WebcamXP cameras at the longitude and latitude (-37.81,
144.96) of the city of Melbourne, Australia. When we search, we get a list of every WebcamXP
at those coordinates on the globe. We must use the keyword geo followed by the longitude and
latitude. So in the search bar, use webcamxp geo: -37.81,144.96. On the command line
interface, again, which is a paid feature, it'd look like one of these:
When we get that specific, on Shodan's website, it only finds four WebcamXP cameras. Click
on one, and we can find that once again, we have a private webcam view of someone's camera
in their backyard in Melbourne, Australia.
13 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Step 7
~$ shodan myip
174.███.██.███
Once we know it, we can search Shodan for information by running the host command.
174.███.██.███
Hostnames: cpe-174-███-██-███.socal.res.rr.com
Country: United States
Organization: Spectrum
Updated: 2019-08-02T23:04:59.182949
Number of open ports: 1
Ports:
80/tcp
Whether you use Shodan or an easier site such as Insecam to view webcams, don't limit
yourself to WebcamXP, but instead try each of the webcam manufacturers at a specific
location, and who knows what you will find.
I hope you enjoyed this guide to using Shodan to discover vulnerable devices. If you have any
questions about this tutorial on using Shodan or have a comment, ask below or feel free to
14 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Want to start making money as a white hat hacker? Jump-start your hacking career with our
2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and
get over 60 hours of training from cybersecurity professionals.
• 97% off The Ultimate 2021 White Hat Hacker Certification Bundle
• 99% off The 2021 All-in-One Data Scientist Mega Bundle
• 98% off The 2021 Premium Learn To Code Certification Bundle
• 62% off MindMaster Mind Mapping Software: Perpetual License
Cover image via Val Thoermer/Shutterstock; Screenshots and GIF by Kody/Null Byte
15 of 16 12/28/23, 07:23
How to Find Vulnerable Webcams Across the Globe Usi... https://null-byte.wonderhowto.com/how-to/find-vulnera...
Don't Miss:
All the New iOS 16.5 Features for iPhone You Need to Know About
Your iPhone Has a Secret Button That Can Run Hundreds of Actions
7 Hidden iPhone Apps You Didn’t Know Existed
You’re Taking Screenshots Wrong — Here Are Better Ways to Capture Your iPhone’s Screen
Keep Your Night Vision Sharp with the iPhone’s Hidden Red Screen
Your iPhone Finally Has a Feature That Macs Have Had for Almost 40 Years
If You Wear Headphones with Your iPhone, You Need to Know About This
By using this site you acknowledge and agree to our terms of use & privacy policy.
We do not sell personal information to 3rd parties.
16 of 16 12/28/23, 07:23