awesome-shodan-queries

Shodan is a search engine that scans the internet and indexes connected devices, from home routers and security cameras to industrial machinery and hospital equipment. Unlike a typical web search, Shodan reveals what devices are publicly accessible and what software they are running. This repository is a curated list of search queries someone has gathered over time to find specific types of devices on Shodan, organized by category.

The queries cover a wide range of device types: industrial control systems (gas station pump controllers, wind turbine farms, electricity meters), remote desktop interfaces left open to the internet, network storage devices, webcams, printers, and home appliances. Many of the results these queries return are devices that have been left without any password protection, meaning anyone who finds them can view their dashboards or controls without logging in.

The intent behind the list is awareness rather than mischief. The author explicitly notes that users should not attempt to log into any systems they find, even with default credentials, both for legal and ethical reasons. The project is tagged under responsible disclosure ideas and asks users to report vulnerabilities through proper channels.

For non-technical readers, this repository is a reference guide for security researchers and curious people who want to see the scale of the problem: how many real-world systems, from hospital X-ray machines to traffic lights, are publicly reachable on the internet with little or no protection. The number of such devices is sobering.

The list requires a free Shodan account for most queries to work in full. No code is involved; the repository is a plain markdown document with searchable snippets and screenshots showing example results. It has been starred over 7,000 times, reflecting broad interest in the security and internet-of-things community.