ZoomEye

{{subst:AFC draft|Elfinx}}

Introduction[edit]

ZoomEye is a search engine for cyberspace. Through the analysis of the global nodes by the distributed crawler engine of the back end, the characteristics of each node are discriminated, thereby obtaining information such as devices, websites and services or components used in the Internet space. Security researchers can use ZoomEye to learn about component penetration rate and the scope of the vulnerability impact.^[1][2]

ZoomEye uses Xmap and Wmap at its core for grabbing data from publicly exposed devices and web services and doing fingerprint analysis.^[3]

It supports website component fingerprinting and host device fingerprint retrieval:^[4][5]

• Website component fingerprinting: including operating system, web services, server language, web development framework, web applications, front-end libraries and third-party components.
• Host device fingerprint: Integrating with NMAP large-scale scan results.

The Chinese name of ZoomEye is Eye of Zhong Kui. ^[1]

According to legend, Zhong Kui is a master of catching ghosts. The website collects information from global websites and hosts for catching the "ghosts", which are to curb black produce and snipe them.

It supports specifying a version number for web applications, such as searching for a website using wordpress 3.5.1 and inputting the search phrase wordpress:3.5.1. It is also possible to limit the country and city, such as input wordpress: 3.5.1 country:cn city:beijing can search for websites with host version 3.5.1 in Beijing, China.

ZoomEye API[edit]

A web service that provides access to ZoomEye features, data, information over HTTPS. The platform API empowers developers to automate, extend and connected with the website. Programmatically creating apps, provision add-ons and performing some automated tasks can be performed using the ZoomEye platform API.^[6][7]

Combined query :

Multiple countries, cities, ports, services, hostnames, IPs, sites, headers, keywords, descs, titles can be combined in a query, the filters act as a logical OR. Registered users are limited to 5 searches/day for CIDR.

Event Impact[edit]

1. In July 2013, the first version of ZoomEye was released.
2. In March 2014, the ZoomEye team dig deep into the global impact of the webcam vulnerability and then conducted a program with CCTV (CCTV13 news live show on 2014/03/27, 13 minutes and 46 seconds).^[8][9]
3. In 2014, ZoomEye's emergency of "heart bleeding" was reported by CCTV.^[10]
4. April 2014, after the OpenSSL vulnerability, ZoomEye immediately began responding and drew the 3D map of the vulnerability affecting the global distribution.^[11]
5. In August 2017, after CCTV exposed a large number of cameras with weak passwords being hacked, Network Security Labs used the Zoomeye device search platform to reproduce the vulnerability of weak password cameras.^[12]
6. In March 2018, the zoomeye V4 version went live. ^[12]
7. In July 2018, a security researcher Ankit Anubhav, Principal Researcher at NewSky Security discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs.^[13]

Reference[edit]

External links[edit]

• ZoomEye - Computer Search Engine - Main Site

This article "ZoomEye" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:ZoomEye. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.