TLDR; Shodan can be used to find Calibre servers. I wrote an nmap script for identification and metadata analysis 2.5 million titles are available on identified servers An average of 10k~ titles per server If you use the Calibre web server, verify the authentication and it's network connectivity. The Calibre developers don't have the best history of dealing with security issues. I love reading, and I especially like my e-readers. They allow you to carry and travel with hundreds of books. Calibre is an open source e-book management application, and probably one of the most popular. It's capable of running a server to allow remote users to browse and download books. Knowing this and being a pentester by trade, I became quite curious if there was any notable presence of Calibre on the internet. In it's default configuration, Calibre does not require any authentication to access the web interface. Using Shodan.io , we can search for the keyword Calibre in the