Many people ask that how to hack with search engines but first I want to talk about normal search engines, for example, Google search engine which is mainly used by normal people to do normal things such as download images, videos, reading news, surfing websites, etc. But is these are only things that are connected to the Internet? is there nothing on the Internet except these things? as you know computers, mobile phones, laptops are not only things that are connected to the Internet.
Nowadays Traffic light, refrigerator, heating system, web cameras all these are connected to the Internet. They work with the Internet, they have separate IP addresses, they have protocols, they have some kind of web pages, web interface traffics, data sharing and many things. So the hackers who do penetration testing will not do on only websites, computer servers, mobile applications, they will also do on such things that make our life easier.
So in that case, there come some search engines which search IoT (Internet Of Things) devices and show their ports, locations.
If there are traffic lights then the search engine will show it`s open ports, SSH or HTTP protocol. The search engine will show all these things. If we want then we can use the Google search engine as a hacking tool too! If we use it in the right way it can be used as a very good hacking tool.
The Google search engine is used as a hacking tool by both white hat hackers and black hat hackers. They use it to search vulnerabilities of websites by writing inurl and particular dorks in the search box that are related to particular CMS and Google shows the websites which are vulnerable by that kind of vulnerability which is not patched by the owner. Now the hacker can crash the server of the website and can do SQL injection, defacement, etc.
Now I will tell you about two popular search engines that are used to search for IoT devices.
CENSYS SEARCH ENGINE
This search engine is the best IOT search engine and it`s searching speed is very fast. A researcher can get a quick list of available vulnerabilities of IoT devices.
If we search webcams here it shows all the webcams across the world connected to the Internet. It also has the ability to show adult webcams with their IPs, ports, protocols.
Why it is used by hackers? look, if any hacker wants to hack a webcam(For example) then he has to collect the information about that webcam. Normal search engines do not show information about any particular webcam. So, in this case, a hacker can use this type of search engine that can search for IoT devices.
The name of the search engine we are talking about is Censys. Censys collects data on hosts and websites daily through Zmap and ZGrab scans of IPV4 address spaces. Researchers can search the collected data through a search interface, report builder, and SQL engine.
But a researcher cannot get access to all data of censys as they have some restrictions and policies. To get access to restricted data a researcher have to get verified by censys authority. The only disadvantage of censys is, it provides only readable information. It does not provide any visual information like the Shodan search engine.
SHODAN SEARCH ENGINE:
For a long time, Shodan was the only IOT search engine but in 2013 some creators made the censys search engine.
Actually, censys look the same as Shodan but it is quite different from Censys. Censys shows the lists of vulnerabilities of IoT devices. It is made for finding only vulnerabilities.
But the databases provided by shodan are not only vulnerabilities, it provides some extra information too. Shodan allows researchers to download the searched data. It also provides to purchase extra data to build own Internet of Things database.
Shodan can also be used for searching new devices popped in a network and to discover leaked cloud data. Shodan gives unlimited access to the database of websites and enterprises. It also provides Map facility for real-time tracking.
But data policy is the same as censys. If researchers want to explore extra data then they should buy the shodan license first. Shodan also provides its integration module for Mozzila Firefox, Nmap, Metasploit, maltego, Chrome. Shodan`s search interface is user-friendly as you can see all worldwide live webcams but its advertisement way is very disturbing.
So I think you got the point of how to hack with search engines. Have a good hacking life and don’t get caught.