https://www.shodan.io/
https://dorks.s1rn3tz.ovh/shodandorks
$ shodan init <API_KEY> $ shodan count vuln:cve-1984-31337 $ shodan download out.json.gz vuln:cve-1984-31337 [--limit 1000] $ gzip -d out.json.gz $ shodan parse out.json --fields=ip_str,port > out.txt
Find hosts by SSL certs, useful for searching exposed RDPs with an AD FQDN:
ssl.cert.subject.cn:"ad.megacorp.local" ssl.cert.subject.alt:"ad.megacorp.local"
Last updated 4 days ago
