HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Dorks 🔎 Shodan Dorks Megalist – Parte 1: Advanced search filters

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,860
Solutions
4
Reputation
27
Reaction score
45,546
Points
1,813
Credits
55,340
‎7 Years of Service‎
 
56%
🔎 Shodan Dorks Megalist – Parte 1: Advanced search filters

🚀 Created for Hack Tools Dark Community

Disclaimer: This post is intended for educational and research purposes only. Do not scan or interact with systems without proper authorization.
Click to expand...

This section covers basic filters that allow you to refine your Shodan results by location, organization, operating system, ports, SSL certificates, and more.

🌍 Geographic Location
  • City: city:"Bangalore"
  • Country (ISO code): country:"IN"
  • Coordinates (lat,long): geo:"56.913055,118.250862"
  • Regional combinations: country:us country:ru country:de city:chicago

🌐 Hostnames & Networks
  • Exact hostname: hostname:example.com
  • Exclude subdomains: hostname:example.com -hostname:subdomain.example.com
  • Multiple domains: hostname:example.com,example.org
  • Server + domain: server:"gws" hostname:"google"
  • IP range or CIDR: net:210.214.0.0/16

🏢 Organization & ASN
  • Specific organization: org:microsoft
  • With spaces: org:"United States Department"
  • By Autonomous System Number (ASN): asn:AS15169

🧠 Operating System
  • os:"windows 7"
  • os:"windows server 2012"
  • os:"linux 3.x"

🚪 Open Ports
  • port:21 – FTP (ej: proftpd port:21)
  • port:22 – SSH
  • port:80 – HTTP
  • port:443 – HTTPS
  • port:3306 – MySQL
  • port:27017 – MongoDB

📅 Temporary Filters
  • apache after:22/02/2009 before:14/3/2010

🔐 SSL/TLS Certificates
  • Self-signed certificates: ssl.cert.issuer.cn:example.com ssl.cert.subject.cn:example.com
  • Expired certificates: ssl.cert.expired:true
  • Specific certificate: ssl.cert.subject.cn:example.com
  • Certificate serial number: ssl.cert.serial:146473198
  • Known C2 certificates: ssl:"Covenant" ssl:"MetasploitSelfSignedCA"

🖥 Device Type
  • device:firewall device:router device:webcam device:printer
  • device:media device:storage device:voip phone
  • device:switch device:power device:telecom
  • device:"load balancer" device:"print server" device:remote

📦Product, CPE & Stack
  • product:apache product:nginx product:chromecast
  • cpe:apple cpe:microsoft cpe:nginx cpe:cisco
  • server: nginx server: apache server: microsoft

🔑 SSH Fingerprints
  • Exact fingerprint: dc:14:de:8e:d7:c1:15:43:23:82:25:81:d2:59:e8:c0

Next: Part 2 will include Database exposure (MySQL, Mongo, Redis...), ICS/SCADA, C2 infra, webcams, NAS and more.

Join the discussion:
Share your favorite dorks, use cases, or insane things you've found. Let's expand this list together! 💀
 
Last edited:
You must log in or register to reply here.
Back
Top