Vulnerability Analysis Using Google and Shodan

There is a continuously increasing number of attacks on publicly available systems in the internet. This requires an intensified consideration of security issues and vulnerabilities of IT systems by security responsibles and service providers. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. In this paper we present an alternative approach for vulnerability analysis with both classical as well as subject-specific engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively.