- 1 minute to read
Shodan is a search engine for Internet-connected devices.
Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.
The Shodan adapter connection requires the following values:
- Shodan Domain – Should be kept as 'api.shodan.io'.
- CIDR - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
- API Key – Specify the API key you have defined. For details, see 'Generating Shodan API Key' section below
- HTTPS Proxy (optional) - You can configure a proxy specifically to the adapter instead of directly approaching the domain.
- Upload a CSV file or specify a query search:
- Upload a CSV file
- CIDR CSV File Name (optional) - If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.
- CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan.
CSV file structure:
- "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
- DNSNAME column - optional. Each row in the CSV should be poulated with the server name, if known.
- Specify a query search
- Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
- Upload a CSV file
- Choose Instance - If you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes
Generating Shodan API Key
To generate a Shodan API key, do as follows:
1. Register an account in Shodan
2. Visit your registered email id and activate the account
3. Login to your account and you will find the API keys under profile overview tab
4. Copy the API key and this is the value for shodan_api field in the config.py file