ShodanTools
Collection of scripts & fingerprinting tricks for Shodan.io
This will become more organized over time. Promise.
F5 Networks Management Interfaces
http.title:"BIG-IP®- Redirect"
http.favicon.hash:-335242539
F5 Networks VPNs:
http.html:"BIG-IP logout"
F5 Devices:
Server: BigIP
BIGipServerPool
Set-Cookie: F5_ST
LastMRH_Session
MRHSession
Palo Alto GlobalProtect
http.html:"Global Protect"
Gradle Server:
http.html:"Gradle Enterprise Server"
http.html:"Gradle Enterprise"
http.html:Gradle
RDP Gateway:
http.html:tdDomainUserNameLabel
RDWeb
TSWAFeatureCheckCookie
path=/RDWeb/
HP Printers:
Server: HP_Compact_Server
ssl.cert.subject.CN:Jetdirect
HP Photosmart
Pulse Secure:
product:"Pulse Secure"
http.title:Pulse
Citrix:
http.title:"Citrix Login"
http.title:netscaler
http.title:citrix
http.title:"Endpoint Management - Console - Logon"
Citrix-TransactionId
http.waf:"Citrix NetScaler"
Oracle E-Business Suite:
http.title:"E-Business Suite Home Page Redirect"
path=/OA_HTML -http.title:"E-Business Suite"
Polycom Phones:
ssl.cert.subject.CN:polycom
Webmin:
http.title:Webmin
Team City:
http.title:Log in to TeamCity -- TeamCity
TeamCity-Node-Id
Barix Streamers (radio encoding systems)
http.favicon.hash:-1964089279
http.favicon.hash:611241354
Barix
Sonos CONNECT:
product:"Sonos CONNECT:AMP"
TP Link Gigagbit:
TP-LINK Gigabit
Server: Router Webserver
TP-Link:
http.title:"TL-WR841N"
Basic realm=TP-LINK
Keenetic Smart Home:
http.title:"Keenetic Web"
Home Assistant Smart Home:
http.title:"Home Assistant"
Fritz!BOX SOHO Router:
http.title:"FRITZ!Box"
CoSHIP SOHO:
http.title:"EMTA"
Broadband Routers:
Basic realm="Broadband Router"
MoviStar FIOS Router:
http.title:"movistar"
Juniper Router:
http.title:"Log In - Juniper Web Device Manager"
Cyberoam SSL VPN:
ssl.cert.issuer.CN:Cyberoam
Blue Iris Video surveillance
http.title:"Blue Iris Login"
Cambrium Networks:
http.title:"ePMP"
Random device setup pages:
http.title:"Setup"
VMWare ESXI:
http.title:"\" + ID_EESX_Welcome + \""
Server Backup Manager:
http.title:"Server Backup Manager"
DrayTek Vigor router:
http.title:"Vigor Login Page"
APC Power (UPS?)
http.title:"APC | Log On"
Kubernetes:
ssl.cert.issuer.CN:kubernetes
Kubernetes API Server:
ssl.cert.subject.cn:kube-apiserver
ssl.cert.subject.cn:kube-apiserver "200 OK"
EA Server:
Server: EA-HTTP/1.0 has_screenshot:true
Metasploit:
http.title:Metasploit
http.title:"Metasploit is initializing"
http.title:"Metasploit - Setup and Configuration"
OpenSMTPD:
product:"OpenSMTPD"
HP iLO3:
ssl.cert.issuer.CN:"iLO3 Default Issuer (Do not trust)"
ZyXEL:
ssl.cert.issuer.CN:ZyXEL
ZTE:
http.title:"F660"
ZTE corp
SonicWall:
http.title:"Policy Jump"
http.title:"SonicWALL - Authentication"
Tilgin SOHO Router:
http.title:myhome
ActionTec:
http.title:"Advanced Setup - Security - Admin User Name & Password"
GPON:
http.title:"GPON ONT"
http.title:"GPON Home Gateway"
MikroTIK:
http.title:"RouterOS router configuration page"
http.title:"Router"
Xiongmai NetSurveillance:
http.title:"NETSurveillance WEB"
WatchGuard:
ssl.cert.issuer.CN:"Fireware web CA"
FosCAM IP Cameras:
http.title:"IPCam Client"
3CX VOIP:
http.title:"3CX Phone System Management Console"