CCC, 100-gbps, and your own private Shodan

CCC, 100-gbps, and your own private Shodan: One of the oldest/biggest “hacker” conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. That’s ‘g’ as in ‘giga’, and as in ‘omfg that’s a lot of bandwidth’.

So, what shall we do with all this bandwidth? The answer is masscan: scan the entire Internet and create your own, private, Shodan-style database.

Here is an example:
masscan 0.0.0.0/0 -p80,21,22,23,25,110,143,443,3389,U:161 –banners –rate 1500000 -oB ccc-shodan.scan –exclude 224.0.0.0/4

This scans the entire Internet at one gigabit speed saving the results into a binary file. When you get home, you can extract the contents of that file to build a searchable database, such as sticking everything into an Elastisearch engine. You’ll have everything: HTTP headers, SSL certificates, SNMP device descriptions, and so on.

In the above example, I’m grabbing HTTP, FTP, SSH, Telnet, SMTP, POP, IMAP, SSL, RDP, and SNMP, including their banners. That’s 10 ports, which at only 1-gbps, will take about 7 hours to complete.

But that’s doing things the normal way, using the Ethernet port on your laptop. If you’ve got two laptops, you can spread the scan across them. Add the “–shard 1/2” on one laptop, and “–shard 2/2” on the other. Any number of shards are supported, so if you have 10 friends, you can combine your efforts and complete this scan in 40 minutes. Remember: the CCC promises enough bandwidth to satisfy all your friends (well, up to 100, but seriously, nobody has that many people they can put up with).