Tutorial5 min read

How to Find Exposed Redis Servers on the Internet

A step-by-step guide to discovering unprotected Redis instances using Zondex internet search.

1

Search for Redis on default port

Redis typically runs on port 6379. Start with a basic search to find all indexed Redis instances.

product:redis port:6379
You can also search port:6379 alone to find services running on the Redis default port.
2

Filter by country

Narrow results to a specific country to focus your research scope.

product:redis port:6379 country:US
Use ISO 3166-1 alpha-2 country codes: US, DE, GB, FR, JP, etc.
3

Check for vulnerabilities

Find Redis servers with known CVEs that may be exploitable.

product:redis has_vuln:true
4

Search by organization

Focus on a specific organization to assess their Redis exposure.

product:redis org:"Amazon.com"
Use quotes around organization names with spaces or special characters.
5

Look for specific versions

Older Redis versions may have known vulnerabilities. Search for specific version strings.

product:redis version:5
Redis versions below 6.0 typically have no built-in ACL system.

Remediation & Hardening

  • Enable authentication with requirepass directive in redis.conf

  • Bind Redis to localhost or specific internal IPs only

  • Use firewall rules to restrict port 6379 access

  • Enable TLS encryption for Redis 6.0+

  • Disable dangerous commands (FLUSHALL, CONFIG, DEBUG) with rename-command

  • Keep Redis updated to the latest stable version

Try It Now

Search for Redis across 85M+ indexed hosts — free, no registration required.

Search Redis

More How-To Guides

How to Find Exposed MongoDB DatabasesHow to Find Exposed Elasticsearch ClustersHow to Find Exposed Jenkins ServersHow to Find Exposed Docker APIsHow to Find Exposed RDP ServersHow to Find Exposed MySQL DatabasesHow to Find Exposed Kubernetes Clusters