Identification of Services and Devices for Enhancing Vulnerability Analysis

Lucas M. Ponce; Indra Ribeiro; Etelvina Oliveira; Ítalo Cunha; Cristine Hoepers; Klaus Steding-Jessen; Marcelo H. P. C. Chaves; Dorgival Guedes; Wagner Meira Jr.

doi:10.5753/jbcs.2026.5372

Authors

Lucas M. Ponce Universidade Federal de Minas Gerais https://orcid.org/0000-0002-1480-0039
Indra Ribeiro Universidade Federal de Minas Gerais https://orcid.org/0009-0004-4267-7746
Etelvina Oliveira Universidade Federal de Minas Gerais https://orcid.org/0009-0007-9484-8350
Ítalo Cunha Universidade Federal de Minas Gerais https://orcid.org/0000-0002-5756-7775
Cristine Hoepers Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança https://orcid.org/0009-0000-4739-0868
Klaus Steding-Jessen Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança https://orcid.org/0009-0005-2209-433X
Marcelo H. P. C. Chaves Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança https://orcid.org/0000-0002-3200-5813
Dorgival Guedes Universidade Federal de Minas Gerais https://orcid.org/0000-0003-0865-1417
Wagner Meira Jr. Universidade Federal de Minas Gerais https://orcid.org/0000-0002-2614-2723

DOI:

https://doi.org/10.5753/jbcs.2026.5372

Keywords:

Fingerprint matching, Device identification, Search engine, Vulnerability Analysis, Shodan

Abstract

The identification of services and devices is an important step in vulnerability analysis, responsible for listing all assets that should be scanned for vulnerabilities. In recent years, this task has become increasingly complex due to the proliferation of new types of services and Internet-connected devices, such as IoT devices. In this context, search engines like Censys and Shodan have become popular tools, often used in one or more stages of the process for scanning network-accessible vulnerabilities. However, while these tools are capable of probing numerous devices worldwide, the information they process is often incomplete, primarily due to the challenge of keeping pace with the rapid creation of new applications. This paper introduces our solution for efficient service enumeration based on fingerprint matching, which can complement existing information about scanned devices. Our solution is highly efficient as it leverages the responses from connections established by search engines during their probing as input data, eliminating the need for additional scans. Furthermore, our processing engine is optimized and capable of processing data in parallel. To validate our solution, we compared the information obtained by our framework with that provided by Shodan. Overall, we were able to identify a larger number of services and devices. For instance, our approach increased the identification of services such as operating systems by 1.6 times and hardware information by up to 14 times. Additionally, we present two use cases demonstrating how our framework can assist in vulnerability analysis by providing more accurate and detailed information.

Downloads

Download data is not yet available.

References

Al-Alami, H., Hadi, A., and Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. In 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), pages 1-6, Jordan. IEEE. DOI: 10.1109/IT-DREPS.2017.8277814.

Albataineh, A. and Alsmadi, I. (2019). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on ``A World of Wireless, Mobile and Multimedia Networks'', pages 1-5, Washington, USA. IEEE. DOI: 10.1109/WoWMoM.2019.8792986.

Bracciale, L., Loreti, P., Raso, E., and Bianchi, G. (2024). In Plain Sight: A Pragmatic Exploration of the Medical Landscape (In)security. In Proceedings of the 8th Italian Conference on Cyber Security (ITASEC 2024), pages 1-14. IEEE. Available at:[link].

Cheng, H. et al. (2021). Identify IoT Devices through Web Interface Characteristics. In 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pages 405-410. IEEE. DOI: 10.1109/ICCCS52626.2021.9449258.

Daskevics, A. and Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In 2021 Second International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38-45, Estonia. IEEE. DOI: 10.1109/IDSTA53674.2021.9660818.

Durumeric, Z., Wustrow, E., and Halderman, J. A. (2013). ZMap: Fast Internet-wide Scanning and Its Security Applications. In 22nd USENIX Security Symposium (USENIX Security 13), pages 605-620, Washington, USA. USENIX Association. Available at:[link].

Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 542-553, Denver, USA. ACM. DOI: 10.1145/2810103.2813703.

Gasser, O., Holz, R., and Carle, G. (2014). A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, pages 1-9, Poland. IEEE. DOI: 10.1109/NOMS.2014.6838249.

Genge, B. and Enăchescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696-2714. DOI: 10.1002/sec.1262.

Hellberg, N. and Vosseler, R. (2017). Western European Cities Exposed: A Shodan-based Security Study on Exposed Cyber Assets in Western Europe. Technical report, Threat Research Team, Trend Micro, Texas, USA. Available at:[link] (visited on 2024-11-29).

Imperva (2023). Vulnerability Assessment. Available at:[link] (visited on 2024-11-29).

Markowsky, L. and Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), volume 1, pages 463-467, Warsaw, Poland. IEEE. DOI: 10.1109/IDAACS.2015.7340779.

Moriot, C. et al. (2022). How to build socio-organizational information from remote ip addresses to enrich security analysis? In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 287-290, Canada. IEEE. DOI: 10.1109/LCN53696.2022.9843570.

Nogueira, M. et al. (2023). A Large Scale Characterization of Device Uptimes. IEEE Transactions on Emerging Topics in Computing, 11(3):553-565. DOI: 10.1109/TETC.2023.3271315.

Novianto, B., Suryanto, Y., and Ramli, K. (2021). Vulnerability Analysis of Internet Devices from Indonesia Based on Exposure Data in Shodan. In IOP Conference Series: Materials Science and Engineering, volume 1115, page 012045. IOP Publishing. DOI: 10.1088/1757-899X/1115/1/012045.

O'Hare, J., Macfarlane, R., and Lo, O. (2019). Identifying Vulnerabilities Using Internet-Wide Scanning Data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1-10, London, UK. DOI: 10.1109/ICGS3.2019.8688018.

Ponce, L. et al. (2024). Arcabouço Multi-motor para Detecção de Vulnerabilidades na Internet Brasileira. In Anais do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 197-210, Niterói, Brazil. SBC. DOI: 10.5753/sbrc.2024.1302.

Popescu, M. (2016). Internet Census, 2016. Available at:[link] (visited on 2024-11-29).

Raikar, M. and Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), pages 535-540, India. IEEE. DOI: 10.1109/ICSCCC51823.2021.9478156.

Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63-73. DOI: 10.1109/MIS.2018.111145022.

Sarabi, A., Yin, T., and Liu, M. (2023). An LLM-based Framework for Fingerprinting Internet-connected Devices. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC '23, pages 478-484, Montreal QC, Canada. ACM. DOI: 10.1145/3618257.3624845.

Wang, R. et al. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13). DOI: 10.3390/s22134892.

Wang, X., Hong, Y., Chang, H., Park, K., Langdale, G., Hu, J., and Zhu, H. (2019). Hyperscan: a fast multi-pattern regex matcher for modern CPUs. In Proceedings of the 16th USENIX Conference on Networked Systems Design and Implementation, NSDI'19, pages 631–-648, Boston, USA. USENIX Association. Avaialble at:[link].

Wang, X. et al. (2009). Extraction of fingerprint from regular expression for efficient prefiltering. In 2009 IEEE International Conference on Communications Technology and Applications, pages 221-226, Beijing, China. IEEE. DOI: 10.1109/ICCOMTA.2009.5349207.

Zaidi, N., Kaushik, H., Bablani, D., Bansal, R., and Kumar, P. (2018). A Study of Exposure of IoT Devices in India: Using Shodan Search Engine. In Information Systems Design and Intelligent Applications, pages 1044-1053, India. Springer. DOI: 10.1007/978-981-10-7512-4_105.

Zhu, R., Zhang, B., Tan, Y.-a., et al. (2021). Determining the Image Base of ARM Firmware by Matching Function Addresses. Wireless Communications and Mobile Computing, 2021(1):10. DOI: 10.1155/2021/4664882.

Identification of Services and Devices for Enhancing Vulnerability Analysis

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Make a Submission

Metrics: