Exploring the Cloud Through Shodan: An OSINT x Cloud Security Journey

Note: This blog is for educational purposes only. The techniques and findings discussed should be used responsibly and not for any malicious activity.

1.Introduction

OSINT stands for Open Source Intelligence, the art of gathering and analyzing data from publicly available resources. It’s a skill used by security researchers to understand systems, discover vulnerabilities, and improve defenses—all ethically and responsibly.

Shodan is a search engine that indexes internet-connected devices, services, and systems. Unlike Google, which indexes web pages, Shodan collects information from device “banners” and open ports to identify servers, routers, webcams, and other IoT devices.

Cloud services are everywhere, powering everything from personal apps to enterprise infrastructure. But even the biggest providers like Azure and AWS aren’t immune to misconfigurations. By responsibly exploring Shodan, I discovered exposed Azure Blob Storage and AWS S3 buckets, gaining hands-on insight into how cloud misconfigurations can create real security risks.

For my exploration, I used basic Shodan search queries such as "Azure Blob Storage" and "Amazon S3 buckets", focusing only on public information while keeping sensitive identifiers blurred.

2. Methodology

To explore cloud misconfigurations responsibly, I used Shodan’s free search engine to discover publicly exposed services. My approach was simple and safe:

1. Define the search queries

   • "Azure Blob Storage" to identify exposed Microsoft cloud storage containers.

   • "Amazon S3 buckets" to identify publicly accessible AWS storage.

2. Filter results

   • Focused only on standard ports (80, 443) and service banners.

   • Avoided clicking or interacting with any private resources.

3. Document findings

   • Took screenshots of Shodan search results.

   • Blurred IP addresses, city, organization (private info), and map locations.

   • Kept only safe info visible: service type, ports, Microsoft org name, and ASN.

This approach ensured ethical research while still allowing me to observe trends and patterns in cloud exposure.

3.Findings

Here’s what I observed from my exploration:

• Azure Blob Storage

  • Several endpoints were visible publicly.

  • Ports mostly standard (443/HTTPS).

  • Some services revealed basic metadata like service type and ASN (Microsoft), all public info.

• AWS S3 Buckets

  • Publicly accessible buckets exist in multiple regions.

  • Again, only metadata was recorded, with all sensitive info blurred.

• Patterns & Insights

  • Misconfigurations are not rare — even large providers have publicly visible cloud storage instances.

  • Exposed storage can lead to data leakage if left unprotected.

  • OSINT can help students and security professionals understand real-world cloud risks without ever touching private data.

Figure 1*: Shodan search for "Azure Blob Storage" showing publicly indexed endpoints. Sensitive identifiers like IP addresses, city, and organization names are blurred to maintain privacy.*

Figure 2: Open ports for cloud services detected by Shodan. Standard and common ports like 22, 80, 443, 8080, and 8443 are shown for educational purposes; sensitive details such as IPs and organizations are hidden.

Figure 3:Shodan search for "Amazon S3 buckets" showing publicly indexed cloud storage. IP address, Hostnames, domain names, specific cloud regions, and other sensitive identifiers are hidden. Only service type, ports, and ASN are visible for educational purposes.

4.Lessons Learned

• Cloud exposure is real: Even major providers like Azure and AWS have misconfigured resources visible online.

• OSINT is powerful: Tools like Shodan help researchers identify potential risks safely.

• Ethical responsibility matters: Always blur identifiers and never access private content.

• Defensive mindset: Observing these patterns strengthens your understanding of blue-team strategies, cloud hardening, and monitoring.

By exploring cloud security through Shodan, I gained hands-on insights into how misconfigurations occur and how students can learn responsible cloud security practices.

5.Conclusion

Exploring cloud security through OSINT has shown me that even widely used cloud services like Azure and AWS can be accidentally exposed to the public internet. Tools like Shodan allow security enthusiasts and students to safely identify these misconfigurations, learn from them, and understand the attack surface—all without accessing private data.

This exercise reinforced the importance of combining ethical OSINT practices with a defensive mindset. By observing cloud exposure patterns, students and professionals alike can contribute to stronger security practices, better monitoring, and safer cloud deployments.

For more content like this on cloud security, OSINT, and hands-on student projects, subscribe to my news channel*!*