Go home now Header Background Image
Search
Submission Procedure
share: |
 
Follow us
 
 
 
 
Volume 23 / Issue 4

available in:   PDF (591 kB) PS (1 MB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future

 

Contactless Vulnerability Analysis using Google and Shodan

Kai Simon (Kai Simon - Consulting, Germany)

Cornelius Moucha (Kai Simon - Consulting, Germany)

Jörg Keller (FernUniversitat in Hagen, Germany)

Abstract: The increasing number of attacks on internet-based systems calls for security measures on behalf those systems' operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively. We evaluate our approach and confirm its suitability for a timely determination of vulnerabilities in large-scale networks. In addition, the approach can also be used to perform vulnerability analyses of network areas or domains in unclear legal situations.

Keywords: Google, Shodan, contactless test technique, vulnerability analysis

Categories: C.2.2, D.4.6, K.6.5