Shodan OSINT Automation to Mass Exploitation of Vulnerabilities

A talk by Dheeraj Madhukar
Director, TechnoLegends

Register to watch this content

By submitting your email you agree to the Terms of Service and Privacy Statement
Watch this content now

Tracks covered by this talk

About this talk


"karma v2" can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. Output from the "karma v2" is displayed to the screen and saved to files/directories.


  • Powerful and flexible results via Shodan Dorks
  • SSL SHA1 checksum/fingerprint Search
  • Only hit In-Scope IPs
  • Verify each IP with SSL/TLS certificate issuer match RegEx
  • Provide Out-Of-Scope IPs
  • Find out all ports including well known/uncommon/dynamic
  • Grab all targets vulnerabilities related to CVEs
  • Banner grab for each IP, Product, OS, Services & Org etc.
  • Grab favicon Icons
  • Generate Favicon Hash using python3 mmh3 Module

For more info on this session, please visit the session page at the Summit's website

Sponsor this Event

Your logo could go here!

If you'd like to get your brand in front of attendees contact us.