Shodan CLI 101

Jie Liau
3 min readMay 23, 2021

--

Shodan is one of the most powerful search engine for security researcher or pentester. You can find specific type of computer, like webcam, router, etc.. currently connecting on the internet and you can also find just “no password” system currently on line. CNN called Shodan the “Scariest search engine on the Internet” in 2013. So let’s start it !

0x01 Installation

Python and pip should be pre-installed on your system. And you can just quickly install shodan cli via pip.

pip3 install shodan

0x02 Get Your API key and Init Your Shodan CLI

Login to your Shodan website and click Account. You will find out your API key.

And then type the following command to init your shodan command. Replace YourShodanAPIKey to yours.

shodan init YourShodanAPIKey
Successfully initialized

0x03 Cheat Sheet

Your can easily type shodan -h to find all available commands for shodan. Here I will list some frequently used command for shodan.

0x031 myip

This will print your external ip address.

shodan myip
your.external.ip.address

0x032 alert

This will keep track of the devices that you have exposed to the Internet. Setup notification, launch scans and gain complete visibility into what you have connected.

0x033 count

It will return the number of the results for a search.

shodan count port:22
17587085

0x034 stats

It will return the stats of the search result.

0x035 domain

This will return all available information for the specific domain.

0x036 search

Here I will list all available keywords for shodan search.
General: all, asn, city, country, cpe, device, geo, has_ipv6, has_screenshot, screenshot.label, has_ssl, has_vuln, hash hostname, ip, isp, link, net, org, os, port, postal, product, region, scan, shodan.module, state, version

HTTP: http.component, http.component_category, http.favicon.hash, http.html, http.html_hash, http.robots_hash, http.securitytxt, http.status, http.title, http.waf

BITCOIN: bitcoin.ip, bitcoin.ip_count, bitcoin.port, bitcoin.version

SNMP: snmp.contact, snmp.location, snmp.name

SSL: ssl, ssl.alpn, ssl.cert.alg, ssl.cert.expired, ssl.cert.extension, ssl.cert.fingerprint, ssl.cert.issuer.cn, ssl.cert.pubkey.bits, ssl.cert.pubkey.type, ssl.cert.serial, ssl.cert.subject.cn, ssl.chain_count, ssl.cipher.bits, ssl.cipher.name, ssl.cipher.version, ssl.version

NTP: ntp.ip, ntp.ip_count, ntp.more, ntp.port

TELNET: telnet.do, telnet.dont, telnet.option, telnet.will, telnet.wont

SSH: ssh.hassh, ssh.type

Let’s do some example here:

0x037 host

This will return all the available information for an IP address including it’s vulnerability !!!

0x038 honeyscore

It will return one score number to see if this ip is an honeypot.

shodan honeyscore Put.Your.IP.Address
Not a honeypot
Score: 0.0

Shodan is very useful for security researchers or pentesters. They usually have their discount for their lifelong membership on black Friday. It usually costs you only 1 to 5 US dollars and you will be benefitted by much membership feature. Don’t forget to register one on black Friday this year !!!

--

--

No responses yet