0

I am trying to do a version range search within Shodan as a one-liner but having trouble doing so. Not eve sure if that is possible, but basically, I am able to get search results if I did it 2 times as follows:

software 1.5.*
software 1.6.*

Is it possible to combine the above two lines into one, so that it will lists me all the 1.5.* and 1.6.* results all at one go?

Adding on, I wasn't able to find much info on the search syntax online.. Tried writing like software 1.[5|6].* but it returns me invalid result.

Chetan Joshi
  • 5,582
  • 4
  • 30
  • 43
dissidia
  • 1,531
  • 3
  • 23
  • 53

1 Answers1

0

You would want to use the version filter and provide it with a comma-separated list of values. For example, the following would find Microsoft IIS servers that are either 5.0 OR 6.0:

product:microsoft-iis version:5.0,6.0

The basic rules of the Shodan search syntax are outlined in this article:

https://help.shodan.io/the-basics/search-query-fundamentals

Values provided in filters are OR-ed together and everything else is AND-ed together. Shodan search syntax doesn't support wildcards currently. If the property you're searching for is always numeric then you can also search for ranges:

port:<1024

This blog post covers it in further detail:

https://blog.shodan.io/search-engine-improvements/

And the list of available search filters is here:

https://beta.shodan.io/search/filters

achillean
  • 520
  • 4
  • 10
  • Hi, thanks for getting back to me. So.. it turns out I am wrong, apparently the software "version range" I am looking for is actually under the product name (eg. `software-1.5.16`) instead, as it does not have a `version` field. Tried using your method and it does not works though, any insight? – dissidia Nov 13 '20 at 14:26