When it first came out - and i’d say much less restricted for community use - it was a step change in my understanding of the extent of observability in place on the internet. I knew the NSA “was out there”, but never knew one could browse, StumbleUpon-style, random internet services and knock on their doors. At the time I dealt with a lot of smaller internet-facing applications, and was excited about being able to search for public instances of them and worried about others finding mine.
> SHODAN watches from Security Cameras, stares out of screens and monitors, sends threats and snide messages over the Station's PA system or via email to the player's data reader, and sometimes cuts off communications from friendly sources.
There is a finite number of IPv4 addresses, you can simply open TCP connection to each of them on multiple ports and index everything that is returned. There are tools to do this by yourself (the only challenge is to find a provider that won't ban you for scanning the entire internet). There are also other services that do the same thing (e.g. ZoomEye, Censys, FOFA)
It's probably scanning most common ports first, so covering breadth of IPs rather than completeness of results. Out of curiosity, have you tried scanning your external IP with Nmap, enabling all ports?
14 comments
[ 3.1 ms ] story [ 29.4 ms ] thread> SHODAN watches from Security Cameras, stares out of screens and monitors, sends threats and snide messages over the Station's PA system or via email to the player's data reader, and sometimes cuts off communications from friendly sources.
For IPv6 there are too many addresses to scan them all so obtaining an IP to scan is a slightly different story (e.g. https://arstechnica.com/information-technology/2016/02/using...) but once you get the address the scanning process looks the same.
I pointed it to my home domains where i know i have about ten port forwards and it's only seeing two of them.