Professional hacker’s search engine

Zoomeye is a website that searches for information related to network services, IPs, and ports on the Internet. This is a search engine for hackers and pentesters. There are many outstanding Zoomeye related news on the internet that you can find out. This search engine has easy-to-use functionality, flexible search settings, and its own API. In this article, we will talk about the features that the Zoomeye search engine supports and compare the results of Zoomeye with Shodan.

What is Zoomeye?

Zoomeye is a search engine developed by Chinese security company Knownsec Inc. The first version was released in 2013. The 3rd version of the project is currently in use. ZoomEye uses Xmap and Wmap to collect data from open web services/devices for analysis.

Zoomeye: Professional hacker's search engine

How to use Zoomeye?

On the Zoomeye website, you can enter multiple requests at once and see the results, but more detailed information will show up later. subscribe to Zoomeye. To register, you need to specify email and phone number mine. After registration, the extended features will be enabled and there are no restrictions on the details on the server (in guest mode, only 20 results displayed). You can also view general statistics.

How to use Zoomeye?

Another very handy feature is the category. User can choose any letter from the alphabet and choose device name, The search engine will display search results for this request. Equipment list includes cameras, printers and other devices. A separate list for WEB has been implemented, which includes all technologies and CMS.

Zoomeye: Professional hacker's search engine 7

Not to mention the vulnerability database built into Zoomeye’s search process. You can immediately see the details of the search results which list the device, which IP has Is there a security hole?.

The system has its own keywords (keywords) to help increase the accuracy of search results. They are quite similar to Shodan and Censys. These keywords can save you time, especially if you are looking for a specific version or a phrase in a meta tag, for example.

Search by keyword on Zoomeye

Search by app and version

app: app name
ver: version

Example: app:OpenSSH +ver:4.3

Search by geographical location

country: country abbreviations (RU, US, PL, UK, UA, FR, etc.)
city: city

Example: country:Canada +city:Delta

Search by Port and OS

port: gate
os: operating system

Example: os:linux +port:22 +country:PL

Search by service and server

service: service name
hostname: server name

Example: service:ftp +hostname:www.microsoft.com

Search by IP

ip: IP address
cidr: network address

Example: cidr:109.71.46.0/24

Search by keyword

site: webpage
keywords: key word
desc: description information
headers: Name of HTTP header

Example: site:google.com +headers:Server

Search by title

title: page title

Example: title:hacked

Interesting findings

Request: “ClearSCADA”

Access to the unsecured database, you can view the internal data of the system completely

Example:"ClearSCADA"

Request: “beescms”

This is a CMS for Online Shops that has quite a few security holes.

"beescms"

How to search webcam on zoomeye

Request: “Mobotix Camera http config”

Webcam Mobotix access without login. Sometimes you will see devices such as garage door control systems, light switches/switches, etc.

speaker +app: "Mobotix Camera http config"

Request:“mongodb”

Open mongodb database. You can see what base and size.

"mongodb"

Request: NessusWWW +”HTTP / 1.1 200 OK”

Access to Nessus vulnerability scanning software

NessusWWW +"HTTP / 1.1 200 OK"

Comparison between Zoomeye and Shodan

I will compare the results to see which search engine has better results. In the test, we will use a comparison table for clarity and accessibility. 10 searches were performed and the table below shows the number of results for each query and the total.

Zoomeye: Professional hacker's search engine 8

For 10 queries, 890,868,935 results were found from the two search engines. Of these, only 13% from Shodan and 87% from Zoomeye. A simple and intuitive comparison of why hackers love using Zoomeye. An overwhelming statistical advantage. In all 10 searches, Zoomeye has a clear advantage. But shodan also has its own advantages, read this article to find out more.

Conclude

Zoomeye is a great search engine for Hackers. Convenient functions, enough keywords to search, API and a lot of search results. You just need to sign up for Zoomeye. The system does not limit the number of requests and allows searching for almost any task (limited to 10,000 requests per month). Enough for you to play with.

Leave a Reply