Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 23 / Issue 4

available in:   PDF (591 kB) PS (1 MB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-023-04-0404

 

Contactless Vulnerability Analysis using Google and Shodan

Kai Simon (Kai Simon - Consulting, Germany)

Cornelius Moucha (Kai Simon - Consulting, Germany)

Jörg Keller (FernUniversitat in Hagen, Germany)

Abstract: The increasing number of attacks on internet-based systems calls for security measures on behalf those systems' operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively. We evaluate our approach and confirm its suitability for a timely determination of vulnerabilities in large-scale networks. In addition, the approach can also be used to perform vulnerability analyses of network areas or domains in unclear legal situations.

Keywords: Google, Shodan, contactless test technique, vulnerability analysis

Categories: C.2.2, D.4.6, K.6.5