Bug Bounty for Beginners - Reference Little Book
  • 📘Little Bug Bounty Book
  • ❓What is Bug Bounty
  • 🎯Bug Bounty Platforms
  • 🪜Phases of Bug Hunting
  • ⚠️Required Knowledge
  • 📣So, where do I start?
    • Network Security
    • Application Security
    • Mobile Security
    • Code Review and SAST
    • OWASP?
  • 🔎Reconnaissance Phase
    • Footprinting
      • OSINT
      • Google Dorks
      • Censys
      • Shodan
    • Subdomain Enumeration
      • Amass
      • Subfinder
      • Assetfinder
      • Aquatone
      • DNSrecon
      • DNSEnum
      • HTTPX
      • ReconFTW
    • Fingerprint
      • Nmap
      • Rustscan
      • Masscan
  • 🐞Scanning Phase
    • OpenVAS
    • Nuclei
    • OWASP Zap
    • NMAP
    • Looking for Parameters with Katana
    • Searching for XSS
    • SQL Injection (SQLi)
  • ♨️Testing Phase
    • Manual Validation
    • Severity Assessment in Vulnerability Testing
    • Exploitation Phase
    • Documentation of Findings
  • 📖Reporting Phase
Powered by GitBook
On this page
  1. Reconnaissance Phase
  2. Footprinting

Shodan

PreviousCensysNextSubdomain Enumeration

Last updated 2 years ago

Shodan is a search engine for internet-connected devices that allows you to find and explore devices and the services they host. Here are the steps to use Shodan for reconnaissance of the domain "example.com" endpoints and hosts: URL:

  1. Create an account: Visit the Shodan website and create an account to gain access to the search engine.

  2. Search for the target domain: Once you have logged in, you can use the search bar to search for the target domain. For example, you can search for "example.com" to find all the endpoints and hosts associated with the domain.

  3. Analyze the results: Review the results of the search and look for any relevant information about the target domain. Shodan will provide information about the IP addresses, protocols, and ports associated with the domain, along with any software and hardware information that might be useful for reconnaissance.

  4. Filter the results: You can use the filters available in Shodan to narrow down the search results and find specific information. For example, you can filter the results by port, protocol, or operating system to focus on specific types of endpoints and hosts.

  5. Repeat the process: Repeat the above steps and search for different keywords related to the target domain to find more information about the endpoints and hosts associated with the domain.

🔎
https://www.shodan.io