Shodan is one of the most powerful search engine for security researcher or pentester. You can find specific type of computer, like webcam, router, etc.. currently connecting on the internet and you can also find just “no password” system currently on line. CNN called Shodan the “Scariest search engine on the Internet” in 2013. So let’s start it !
0x01 Installation
Python and pip should be pre-installed on your system. And you can just quickly install shodan cli via pip.
pip3 install shodan
0x02 Get Your API key and Init Your Shodan CLI
Login to your Shodan website and click Account. You will find out your API key.
And then type the following command to init your shodan command. Replace YourShodanAPIKey to yours.
shodan init YourShodanAPIKey
Successfully initialized
0x03 Cheat Sheet
Your can easily type shodan -h to find all available commands for shodan. Here I will list some frequently used command for shodan.
0x031 myip
This will print your external ip address.
shodan myip
your.external.ip.address
0x032 alert
This will keep track of the devices that you have exposed to the Internet. Setup notification, launch scans and gain complete visibility into what you have connected.
0x033 count
It will return the number of the results for a search.
shodan count port:22
17587085
0x034 stats
It will return the stats of the search result.
0x035 domain
This will return all available information for the specific domain.
0x036 search
Here I will list all available keywords for shodan search.
General: all, asn, city, country, cpe, device, geo, has_ipv6, has_screenshot, screenshot.label, has_ssl, has_vuln, hash hostname, ip, isp, link, net, org, os, port, postal, product, region, scan, shodan.module, state, versionHTTP: http.component, http.component_category, http.favicon.hash, http.html, http.html_hash, http.robots_hash, http.securitytxt, http.status, http.title, http.waf
BITCOIN: bitcoin.ip, bitcoin.ip_count, bitcoin.port, bitcoin.version
SNMP: snmp.contact, snmp.location, snmp.name
SSL: ssl, ssl.alpn, ssl.cert.alg, ssl.cert.expired, ssl.cert.extension, ssl.cert.fingerprint, ssl.cert.issuer.cn, ssl.cert.pubkey.bits, ssl.cert.pubkey.type, ssl.cert.serial, ssl.cert.subject.cn, ssl.chain_count, ssl.cipher.bits, ssl.cipher.name, ssl.cipher.version, ssl.version
NTP: ntp.ip, ntp.ip_count, ntp.more, ntp.port
TELNET: telnet.do, telnet.dont, telnet.option, telnet.will, telnet.wont
SSH: ssh.hassh, ssh.type
Let’s do some example here:
0x037 host
This will return all the available information for an IP address including it’s vulnerability !!!
0x038 honeyscore
It will return one score number to see if this ip is an honeypot.
shodan honeyscore Put.Your.IP.Address
Not a honeypot
Score: 0.0
Shodan is very useful for security researchers or pentesters. They usually have their discount for their lifelong membership on black Friday. It usually costs you only 1 to 5 US dollars and you will be benefitted by much membership feature. Don’t forget to register one on black Friday this year !!!