Favour time - anybody got a business Shodan license?
UPDATE: Somebody has done this, thank you!
I'm after somebody running this search:
http.favicon.hash:-1292923998,-1166125415
and downloading the results
I'm poor* and only have a personal account, limited to 100 results.
Reason = I know how to remotely fingerprint CitrixBleed2 unintrusively, I want to scan to see who is still vuln.
* not a business
Edit: done
This entry was edited (6 days ago)
V4N4D1S
in reply to Kevin Beaumont • • •Skyr
in reply to Kevin Beaumont • • •susika512
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •An update to this - the scan is still running, but it looks like I'm going to end up with 8 times more vulnerable hosts than @shadowserver are seeing.
I'll update tomorrow and likely publish the full data - a shocking amount of orgs haven't patched. E.g. there's hundreds of .gov* SSL cert names unpatched.
Chonky Boi
in reply to Kevin Beaumont • • •@shadowserver
is the fingerprint that favicon search, or are you withholding the real search for obvious reasons?
Kevin Beaumont
in reply to Chonky Boi • • •Dr. Christopher Kunz
in reply to Kevin Beaumont • • •I guess we're looking for Last-Modified <= 1737799969?
Weird Socks
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •If anybody from the NSA follows me, you might want to patch:
103.41.70.207,vdicorp.nsa.gov,13.1-55.34,VULNERABLE
There's a bunch of DOGE'd departments which haven't updated Netscaler this year.
cR0w
in reply to Kevin Beaumont • • •NosirrahSec 🏴☠️ guillotine enthusiast
in reply to cR0w • • •@cR0w I giggled a bit aloud, but then thought "Let 'em burn."
Because...ya know...*gestures around at the current Nazi-state my government is*
cR0w
in reply to NosirrahSec 🏴☠️ guillotine enthusiast • • •Kevin Beaumont
in reply to cR0w • • •cR0w
in reply to Kevin Beaumont • • •@NosirrahSec Oh I missed who reported it. That's hilarious. I wonder if anyone has scan data from before it was reported.
Glad I don't have to deal with this one. Sucks to suck, feds.
vey
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to vey • • •Odo
in reply to Kevin Beaumont • • •JP
in reply to Kevin Beaumont • • •Atomic Orbitals
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Good news everybody, the NSA have patched this week
103.41.70.207,vdicorp.nsa.gov,13.1-59.19,NOT_VULNERABLE
They were 7 months behind with patching.
Kevin Beaumont
in reply to Kevin Beaumont • • •JP
in reply to Kevin Beaumont • • •da_667
in reply to Kevin Beaumont • • •Lowlands
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Lowlands • • •@lowlands it’s just this, nothing too interesting - cyberplace.social/@GossiTheDog…
Kevin Beaumont
2025-07-03 19:11:03
Rairii
in reply to Kevin Beaumont • • •Darses
in reply to Kevin Beaumont • • •leakix
in reply to Kevin Beaumont • • •