• expired

Shodan.io Lifetime Membership for USD$1 (~AUD$1.50)

3080

Normal $49 US, down to $1 US.

What it is, from Wikipedia:

Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.[1] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

Is this for you ? If you have an interest in IT Security, 100%.

Source: https://www.reddit.com/r/netsec/comments/e0b1yv/shodan_lifet...

Related Stores

Shodan
Shodan

closed Comments

  • Thanks OP. Very handy!

  • Thanks! IT security, hacking, etc
    Basically you can scan for what the rest of the internet can see about your stuff (or anyone elses).

  • +26

    Might be worth noting "We give free upgrades to university students/ professors/ staff. If you sign-up with an academic domain (ex. ending in ".edu" or ".ac.uk" etc.) then your account is automatically upgraded." So you may not need to pay if in that boat

    • +4

      It's $1…

      • +27

        It’s OzBargain…

      • +5

        "But it was 99 cents!"

      • Correction, it's a US$1

    • Didn't work for me :(
      Guess I'll have to contact them…

    • for life? or can I pay $1 and keep it for life

    • +5

      Signed up with .edu and it upgraded me for free…saved me $1

      • Did you have to put in CC details, or it just gives you free upgrade once you put in the .edu email address?

        • +1

          Nope no CC or anything just registered for an account using a .edu address and it was upgraded

          • +1

            @Japius: Yeah, already signed up and it worked fine. Cheers

          • @Japius: Does it still work free with EDUmail even deal expired?

            • +1

              @capslock janitor: No idea but the wording above seems to indicate it’s a normal thing they offer. Just try signing up with an edu and see what type of account you get, I don’t have another edu to try it with sorry

  • Thanks mate

  • +3

    Look at you, hacker.

  • Can someone please explain in detail what this does or can do? I mean it's ozbargain after all and near xmas… and it's only US$1.. could be handy for me or someone I know down the track given the sale is only for this weekend

    • +57

      it lets you watch unsecure webcams, fridges, microwaves, whatever is on the Internet Of Shit and not secure

      basically pointless for 99% of people, great for people with high functioning autism

      • so ones without login credentials? i read articles about my choice of china cameras having permanent backdoors, but this won't list my cameras in like a directory within this app or something will it??

      • more than that, it's a great network monitoring tool for enterprise users and home users that go a little bit too much in depth alike.

        their monitoring panel allows you to see what's publicly accessible on your network and stuff that could possibly be affected by security vulnerabilities.

    • You could use it. To see if ur network is vaulnrable to unsecure devices.

      • +12

        Agreed. I will do one better: I can't support the webcam industry because it enables pedos to spy on kids through their unsecured baby monitors.

        Same logic…

        • -2

          No, it's really not. If you can't tell the difference between selling web cams and making unsecured baby monitors searchable you're a danger behind the keyboard.

          • @syousef: Number 1 question; why is anyone using insecure cameras?? Passwords are important people.

            • +1

              @ryang: you don't understand how any of this works

              • @i7-2600k: LOL sure.. Sure. Let's just say I do and move along.

                If I bought something like this, and I couldn't lock it down, it would go straight back.

                • +4

                  @ryang: nothing this deal is about has anything to do with devices with "no passwords"

                  having an unsecure device does not mean having a device that does not have a password. so keep chuckling

                  next thing is; you'll figure out that having a password doesn't mean that any device is actually secure.

                  dont let your head explode at that time

                  • +1

                    @i7-2600k: Shodan gives you a list of available ports on IPs, all in a very easily searchable database.

                    The most easily accessible way to break into an available device is via blank/default/hard-coded passwords. Close 2nd is breachable devices, via exploits/hacks/etc.

                    The OP quite specifically mentioned unsecured baby monitors, it's what this entire conversation is about.

                    So yes, I'll keep chuckling.

                    • +2

                      @ryang: people wont know they have an unsecured device until it's blasted publicly online

                      the more people think its good that refridgerators and microwaves are on wifi the better for everyone I think, the faster people realise giving up all of your personal private information to mega corporations is not good.

                      People that have been around online for 30 years know this already and find it stupid that people willinging hand over personal private information hand over fist without batting an eye. the same people that cry when their PII is stolen and used in ways they dont like.

                      China has a social credit score where you cant ride a train or fly on a plane because your score isn't high enough. That's on the way here.

                      https://en.wikipedia.org/wiki/Social_Credit_System

            • +2

              @ryang: tt really doesn't matter why someone has left themselves exposed and vulnerable. it doesn't make it legally or ethically okay to take advantage of them.

  • +23

    Bought. Now, what is it really?

    • +20

      that's the spirit

    • Me too LOL, thanks OP……I think.

      • No really, what can I do with this….

        • +1

          Try googling, say, ummmm shodan guide and you'll find all sorts of geeky things….warning, your eyes may glaze over. (Ima novice too)

  • I've got one of those aliexpress motion detection cameras in my kids room and and NVR surveillance outside the house, are you telling me this app is meant to "test" if those china cameras are actually publicly accessible?

    • +3

      those china cameras are unsecure, but that's not the purpose of what shodan does and is

      if you setup wireshark you'll see what your childs spy camera is doing

      • So should I be suspicious of my router logs… of the same device device name connecting to my router wirelessly with different mac addresses, despite the nvr being wired and my router having mac restrictions???

        • +4

          nah I mean there's no point, you're already in a high risk category security wise:

          1) chinese made internet connected video camera
          2) bought on aliexpress

          you'll find almost every single Chinese made device sends stuff back to "the motherland", even expensive stuff like Xiaomi phones

          it's basically impossible to avoid "made in china" devices, if you used something like wireshark to trace what data is being sent and received you could then firewall it all off. Or set your firewall to allow LAN only (if you dont watch the camera via WAN)

          what this thing does is show just how unsecure almost every single device online is in an easy way and on a massive scale

        • +3

          Possible explanation: https://source.android.com/devices/tech/connect/wifi-mac-ran...

          Apple implements something similar.

          MAC restrictions are useless btw. Your client MAC addresses are sent in plaintext in every 802.11 frame. Someone could easily spoof a MAC after analysing your traffic for a few seconds.

          • -1

            @LlamaLlamaLamp: you can use something like SMAC and just simply copy your targets MAC address, its not even secure

  • +7

    Can I spy on jv with this?

  • +2

    Great for reviewing what you're exposing to the internet, or even what JS libraries a cool website might be using.

    Google "what's my ip" and then drop the result in a shodan.io search to check yourself out.

    • Oh nice I forgot I had a webcam plugged In my garage viewing the door

  • thanks OP. I don't get option to pay $1. There is no upgrade button. CURRENT API PLAN :Free API plan.

  • -2

    Just wasted $1, why did I buy this?

  • Does it take a while for the membership to activate after paying?

    • No, it is immediate. Go to your dashboard to check. You should now have credits.

      • Member No
        Export Credits 0

        Looks like something didn't apply :(

  • +5

    Not sure what this is even after reading it. Keeping my $1 thanks!

    • -1

      Ok i give u my user n pass
      User:mrr0bot
      Pass: bogan

      • +3

        Whoever changed my pass, no good

      • +1

        The website clearly appeals to both security-minded individuals and… others

        • +2

          Generous & kind ppl

  • Ow no.. I have seen many accesses from outside periodically in my server. Now I got it. One of them could come from a service like shodan.io which just scan services of ip address ranges and provide them to web. Is there any other things shodan.io supports?

  • -1

    Can someone please share their login details temporarily with me? just curious as to what this does…

    • -1

      You can use it for free to see what it does.

  • +2

    +1 for just the llama avatar
    Not sure what this bargain is about

  • awesome find

  • +2

    How does this compare to just using NMAP?

    • +2

      The scanning has been done for you and catalogued. Saves you from having to scan the entire internet.

  • Why pay when port sniffing is free ?

    • +2

      port sniffing will have you receive a lovely email from your ISP

      I mean it can be done, but not in such a large volume to go unnoticed…. and they are going to notice

      • Nobody sniffs with their local ip, surely not ;)

  • I bought it but not really sure what it does/how to use it? can you view webcams/netcams with it??

    • +1

      It's just a tool that scans the net for certain things. For example X brand of webcam might listen on port 6969 and default to no password. They can then scan for that and return you all results which match what you search for. That means those are the non passworded webcams by X brand. A webcam by X that has a password would reply "fk off m8" so wouldn't be listed in that search.

      I've simplified it immensely but that's the gist of it.

      I used to do this on a smaller scale, trolling Koreans that had rAdmin installed with no passwords and moving their mouse while they were doing stuff lmao.

      • Are there something fun in the cams? LoL

        • +1

          Maybe. However most are mundane things like security cams in places no one really cares about or stuff like that.

  • Nice

  • Every webcam i've tried to access links to a page asking for url/password, or a password prompt. Has anyone found any unsecured webcams?

    • lolz thats not the purpose of this website. They identified only unsecured cams. that's it full stop.

    • +1

      Dude…

  • This reminds me of a website where you could randomly connect to people’s unsecure network drives. Anyone know what it was/is called? I once came across a drive with questionable folder names, made me never visit the website again in case I popped up on somebody’s watch list

  • I don't know what it does, but I purchased it anyway. Now onto learning how and why it works.

  • How do you purchase? I'm not seeing any option to buy anything, and lot of the links are 403 for me.

    • +3

      This worked for me:

      arhankazi 3 hours 49 min ago

      once you are logged-in with your account, open below link and it will give you option to pay:
      https://www.shodan.io/store/member?language=en

      • +1

        Thanks.

      • -1

        I have signed up with an .edu email and when I have followed that link it said I already bought it. Looks like I am all set.

      • Thank you

Login or Join to leave a comment