Zoomeye is a website that searches for information related to network services, IPs, and ports on the Internet. This is a search engine for hackers and pentesters. There are many outstanding Zoomeye related news on the internet that you can find out. This search engine has easy-to-use functionality, flexible search settings, and its own API. In this article, we will talk about the features that the Zoomeye search engine supports and compare the results of Zoomeye with Shodan.
What is Zoomeye?
Zoomeye is a search engine developed by Chinese security company Knownsec Inc. The first version was released in 2013. The 3rd version of the project is currently in use. ZoomEye uses Xmap and Wmap to collect data from open web services/devices for analysis.
How to use Zoomeye?
On the Zoomeye website, you can enter multiple requests at once and see the results, but more detailed information will show up later. subscribe to Zoomeye. To register, you need to specify email and phone number mine. After registration, the extended features will be enabled and there are no restrictions on the details on the server (in guest mode, only 20 results displayed). You can also view general statistics.
Another very handy feature is the category. User can choose any letter from the alphabet and choose device name, The search engine will display search results for this request. Equipment list includes cameras, printers and other devices. A separate list for WEB has been implemented, which includes all technologies and CMS.
Not to mention the vulnerability database built into Zoomeye’s search process. You can immediately see the details of the search results which list the device, which IP has Is there a security hole?.
The system has its own keywords (keywords) to help increase the accuracy of search results. They are quite similar to Shodan and Censys. These keywords can save you time, especially if you are looking for a specific version or a phrase in a meta tag, for example.
Search by keyword on Zoomeye
Search by app and version
app: app name
Search by geographical location
country: country abbreviations (RU, US, PL, UK, UA, FR, etc.)
Example: country:Canada +city:Delta
Search by Port and OS
os: operating system
Example: os:linux +port:22 +country:PL
Search by service and server
service: service name
hostname: server name
Example: service:ftp +hostname:www.microsoft.com
Search by IP
ip: IP address
cidr: network address
Search by keyword
keywords: key word
desc: description information
headers: Name of HTTP header
Example: site:google.com +headers:Server
Search by title
title: page title
Access to the unsecured database, you can view the internal data of the system completely
This is a CMS for Online Shops that has quite a few security holes.
How to search webcam on zoomeye
Request: “Mobotix Camera http config”
Webcam Mobotix access without login. Sometimes you will see devices such as garage door control systems, light switches/switches, etc.
speaker +app: "Mobotix Camera http config"
Open mongodb database. You can see what base and size.
Request: NessusWWW +”HTTP / 1.1 200 OK”
Access to Nessus vulnerability scanning software
NessusWWW +"HTTP / 1.1 200 OK"
Comparison between Zoomeye and Shodan
I will compare the results to see which search engine has better results. In the test, we will use a comparison table for clarity and accessibility. 10 searches were performed and the table below shows the number of results for each query and the total.
For 10 queries, 890,868,935 results were found from the two search engines. Of these, only 13% from Shodan and 87% from Zoomeye. A simple and intuitive comparison of why hackers love using Zoomeye. An overwhelming statistical advantage. In all 10 searches, Zoomeye has a clear advantage. But shodan also has its own advantages, read this article to find out more.
Zoomeye is a great search engine for Hackers. Convenient functions, enough keywords to search, API and a lot of search results. You just need to sign up for Zoomeye. The system does not limit the number of requests and allows searching for almost any task (limited to 10,000 requests per month). Enough for you to play with.