Hunting Open Directories and malware with Shodan

morimolymoly
2 min readJun 11, 2024

--

Hi! I am moly.

In this article, I will introduce how to hunt open directories with Shodan and how it is!

Background

We always read articles say researchers found open directories and malwares.

That is 100% true. After read this ariticle, you can actively hunt malware and realize threat actors use Opendir as usual!

Hunting with simple query

We can use queries for Shodan to recon something fun.

We gonna use this below.

http.title:”Directory listing for” http.html:.exe

This query means that website title is “Directory listing for” and that html has .exe string.

Let’s hunt with this query!

Hunted Example

You need to spend time on hunting and most of results are not malicious.

I have hunted interesting things in China!

OpenDir in China

I realize that if this server is owned by threat actor, they know tokens for 360 AV download and serve beacons on it.

This Leaked token should be revoked as soon as possible!!!!!!

Conclusion

In this article, I simply introduced how to hunt opendir and malware using Shodan. It is very easy and great starting point of research!

Have a great hunting!

IOCs

  • y0PuSGed.exe e6237696a2afa993513c44ede3b2a3e9f2407d3184b775a9b6109bf6ef266260
  • we.exe e17488b7b3c9a600dca703cf0aeb28a4cd8fa229e931edbc206f6ef3fd66b03b
  • IHue87edpdf.scr b5aad6ea245195769361446a5009bd22a1560fe58a9f351965d9cdca12eb756d

--

--