ZoomEye IoT Search Engine

-

IoT Search Engines

There are many known search engines for IoT such as Shodan, IoT Crawler, Thingful and Censys etc. but I will share some interesting features of a very powerful Chinese IoT search engine ZoomEye

What is ZoomEye


ZoomEye is a Cyberspace Search Engine recording information of devices, websites, services and components etc.


ZoomEye has two powerful detection engines Xmap and Wmap aiming at devices and websites in the cyberspace. It can be used to identify all the services and components through 24/7 continuous detection. Therefore it is easier for researchers to understand the component coverage and the damage scope of vulnerabilities.


Although being regarded as a "hacker-friendly" search engine, ZoomEye is not designed to initiate attacks towards network devices or websites. The recorded data is for security research use only. It is more like a navigational chart in the cyberspace.



What ZoomEye Show


You can search ZoomEye for yourself or you can explore its recorded devices and services, for now we will go for exploring the recorded components which are already indexed by ZoomEye. There are Alphanumeric list which contains huge lists of devices available online. Select any device to view its origin and much more details.   


 For instance I will choose a random device from list


We will see a list of online devices ip addresses which will also indicate its country name. We will also see total number of result on the top.


Its not just that, for detail information select the ip address, there you can see a lot of information about the connected device and open ports etc.



There is another useful option in ZoomEye, you can also see the vulnerability listing of online devices and software based on its version and CVE details.


Go Explore and Share

Yes go explore and share your result with others. because sharing is caring. You can write your own queries on ZoomEye search engine and if you wish to share your result use explore and share list option.



There are much to explore on ZoomEye. Go Explore it for yourself. There is explore limit of 400 devices per category for unregistered users. I think its a fair amount of searches for an unregistered user.

Happy Hacking!

Comments

Post a Comment

Popular posts from this blog

Intercepting Signalling System No. 7 (SS7) - Practical Lab

-
Image
Introduction  This is my first blog on blogger.com. I want it to be very interesting for people who are interested in information security field and also want learn new things. I will try to share good reads and intersting articles on my blogs. Lets begin with my favorite one here. Please note that english is not my native language I will apologize for my bad english in advance 😀. It was an awesome experience while playing around Immersive labs machines during the past month, there are much to learn from hands-on practical labs. But one lab I liked the most was Signalling System No. 7 (SS7) interception practical lab, which is used to exchange data between devices in telecommunication networks. We will use it to gain access to a fictional user’s bank account and successfully transfer funds. There are many good tutorials and online resources available for SS7, therefore I will keep it short here.   Introduction to SS7 Interception There have been a number of attacks r
Read more

OSCP Buffer Overflow Practice

-
Image
What is Buffer Overflow?     A buffer overflow occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking. This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer.  I am learning buffer overflow and I just screen record my buffer overflow practice and shared with you. It might help you as well.  Try Harder!!!   Part 1       Part 2
Read more