ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services

Shodan has been acknowledged as one of the most popular search engines available today, designed to crawl the Internet and to index discovered services. This paper expands the features exposed by Shodan with advanced vulnerability assessment capabilities embedded into a novel tool called ShoVAT. ShoVAT takes the output of traditional Shodan queries and performs an in-depth analysis of service-specific data, i.e., service banners. It embodies specially crafted algorithms which rely on novel in-memory data structures to automatically reconstruct Common Platform Enumeration (CPE) names and to proficiently extract vulnerabilities from National Vulnerability Database (NVD). Compared to the state-of-the-art, ShoVAT brings several novel and significant contributions, since it encompasses automated vulnerability identification techniques, it can return highly accurate results with customized and even purposefully modified service banners, and it supports historical service vulnerability analysis without the need to deploy additional monitoring infrastructures. Experiments performed on 1501 services in twelve different institutions across different sectors revealed high accuracy of results and a total of 3922 known vulnerabilities. This is the accepted version of the following article: B. Genge and C. Enăchescu: ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and communication networks, Wiley, 2015, DOI: DOI: 10.1002/sec.1262, available online here: http://onlinelibrary.wiley.com/doi/10.1002/sec.1262/abstract. SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2014; 00:1–18