Shodan#
Shodan is a search engine for internet-connected devices. The operator uses it for recon, asset discovery, and tracking exposure to known services across an estate.
Setup#
Install the CLI.
# easy_install shodan
Upgrade existing Shodan Python library.
# easy_install -U shodan
Once installed initialize with the API key from the Shodan account page.
# shodan init YOUR_API_KEY
CLI#
Command |
Effect |
|---|---|
|
Display Shodan query and scan credits available. |
|
Show your external IP. |
|
Show information about an IP. |
|
Count results for a search. |
|
Show statistical information about a service. |
|
Search banner info for a text string and dump IP, port, org, hostnames. |
|
Same, scoped to a specific country. |
|
Save JSON results to a file. |
|
Shodan network scanning request. |
|
Stream live Shodan scanning results. |
|
Stream live results scoped to ports. |
|
Real-time network alert streaming and monitoring. |
|
Stream by alert ID. |
|
Scan the entire internet (enterprise license). |
|
Query and display subdomains, records, IP, and ports. |
Web UI#
Shodan IP search.
> 185.30.20.1
> 185.30.20.1/24
Filter search results filter:value.
> city:"Istanbul" port:23,3389
Filters.
Filter |
Description |
|---|---|
|
|
|
City name, |
|
Country name, |
|
Match device hostname, |
|
Show results only in a CIDR range, |
|
Narrow by organization, |
|
Service port, |
|
Service running, |
|
Geo coordinates, |
|
Operating system, |
|
Devices in a time range, |
Find clones by searching data.0.http.html_hash in the raw data
view, then search for the value.
> hash:-1604454775