# SHODAN DORK

* webcamXP/webcam7:  `("webcam 7" OR "webcamXP") http.component:"mootools" -401`

* Some Webcams(SQ Webcams?): Server: SQ-WEBCAM

* Yawcam Webcams: "Server: yawcam" "Mime-Type: text/html"

* Surveillance Cams:&#x20;
  * Server: uc-httpd 1.0.0&#x20;
  * NETSurveillance uc-httpd&#x20;
  * Surveillance cams with admin:admin or admin:(none) creds

* Hikvision Cameras:&#x20;

  * product:"Hikvision IP Camera"&#x20;
  * Link for Hikvision backdoor here: <https://ipvm.com/reports/hik-exploit>

* Generic dork for finding cameras: title:camera

* Generic dork for finding cameras (with screenshots): webcam has\_screenshot:true

* Dahua Cameras: http.title:"WEB VIEW"

* Some random webcams: http.title:"Webcam"

Vulnerable Services / Servers

* EternalBlue SMB RCE: os:"Windows 10 Home 19041
* ProFTPD 1.3.5 (mod\_copy exec; CVE-2015-3306) : "220 ProFTPD 1.3.5"
* Anonymous FTP Login #1: "230 User anonymous"
* Anonymous FTP Login #2: "220" "230 Login successful." port:21
* Already Logged-In as root via Telnet: "root@" port:23 -login -password -name -Session
* No password for Telnet Access: port:23 console gateway

Other Services that you can find

* OpenSSH: openssh port:22
* Logitech Media Servers: "Server: Logitech Media Server" "200 OK"
* Jenkins Unrestricted Dashboard: x-jenkins 200
* MySQL: "product:MySQL"
* MongoDB #1: mongodb port:27017
* MongoDB #2: product:"MongoDB"

Interesting Things that you can find on Shodan

* RDP/VNC's WITHOUT AUTH: "authentication disabled" "RFB 003.008" remote desktop "port:3389"
* XZERES Wind Turbines: title:"xzeres wind"
* title:"IP CAMERA Viewer" Content-Length: 703
* MikroTik Routers: port:8291 os:"MikroTik RouterOS 6.45.9"
* Minecraft Servers: "Minecraft Server" "protocol 340" port:25565
* Smart TVs: "Chromecast:" port:8008
* Maritime Satellites: "Cobham SATCOM" OR ("Sailor" "VSAT") Real-time location of ships via satelite
* Tesla PowerPack Charging Status Page: http.title:"Tesla PowerPack System" http.component:"d3"
* Samsung Electronic Billboards: "Server: Prismview Player"


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://akuma-s.gitbook.io/akuma/pentesting-web/shodan-dork.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.