JUCS - Journal of Universal Computer Science 23(4): 404-430, doi: 10.3217/jucs-023-04-0404
Contactless Vulnerability Analysis using Google and Shodan
Kai Simon‡, Cornelius Moucha‡, Jörg Keller‡ Kai Simon - Consulting, Kaiserslautern, Germany
Corresponding author: Kai Simon ( kai.simon@kaisimon-consulting.de ) © Kai Simon, Cornelius Moucha, Jörg Keller. This article is freely available under the J.UCS Open Content License. Citation:
Simon K, Moucha C, Keller J (2017) Contactless Vulnerability Analysis using Google and Shodan. JUCS - Journal of Universal Computer Science 23(4): 404-430. https://doi.org/10.3217/jucs-023-04-0404 |  |
Abstract
The increasing number of attacks on internet-based systems calls for security measures on behalf those systems' operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively. We evaluate our approach and confirm its suitability for a timely determination of vulnerabilities in large-scale networks. In addition, the approach can also be used to perform vulnerability analyses of network areas or domains in unclear legal situations.
Keywords
vulnerability analysis, contactless test technique, Shodan, Google