Integration of Shodan in HuntDown

Nowadays, with the widespread of internet and online services, the need to protect these systems is increasing. One of the key and most used methods to evaluate, protect and improve security of systems is penetration testing or pentesting. Pentesting is a service consisting on attempting to access s...

Descripción completa

Detalles Bibliográficos
Autor: Peralta Farré, Guillem
Tipo de recurso: tesis de maestría
Fecha de publicación:2025
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/450984
Acceso en línea:https://hdl.handle.net/2117/450984
Access Level:acceso abierto
Palabra clave:Penetration testing (Computer security)
Shodan
Pentesting
HuntDown
Cybersecurity
JSON
Reconnaissance
Prova de penetració (Seguretat informàtica)
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:Nowadays, with the widespread of internet and online services, the need to protect these systems is increasing. One of the key and most used methods to evaluate, protect and improve security of systems is penetration testing or pentesting. Pentesting is a service consisting on attempting to access systems and obtain as much information and as many sensitive assets as possible. In this project, we extend an existing open-source pentesting application by integrating a new attack module, Shodan, a web-based search engine for internet-connected devices. With this addition, users can leverage Shodan to analyze public devices on the internet or within their own networks by searching for open ports, services, and other relevant information. Shodan supports a wide variety of queries, and in our implementation, we have integrated the most useful ones for practical pentesting scenarios. After the executing a query, the application provides users a summarized result in the form of a synthesized table and a report, tailored to the specific search performed. This enhancement provides a crucial and valuable tool for the reconnaissance phase of an attack, which is often considered the most critical step in the pentesting process.