Shodan
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Shodan

  • Print
  • Share
  • Dark
    Light

Shodan is a search engine for Internet-connected devices.

Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Shodan Domain (optional, default: api.shodan.io) - Should be kept as 'api.shodan.io'.
  2. CIDR (optional, default: empty) - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
  3. API Key (required) - Specify the API key you have defined. For details, see Generating Shodan API Key.
  4. Upload a CSV file or specify a query search:
    • Upload a CSV file
      • CIDR CSV File Name (optional) - This field is mandatory if a CSV File is being uploaded. If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.
      • CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan.
        • "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
        • DNSNAME column - optional. Each row in the CSV should be populated with the server name, if known.
          • NOTE: While the DNSNAME column is optional, the CSV file must contain at least two columns (CIDR and one other).
    • Specify a query search
      • Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
  5. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Shodan Domain.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Shodan Domain.
    • If not supplied, Axonius will connect directly to the value supplied in Shodan Domain.
  6. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Shodan Domain via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  7. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Shodan Domain via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  8. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Generating Shodan API Key

To generate a Shodan API key, do as follows:
* Register an account in Shodan
* Visit your registered email id and activate the account
* Login to your account and you will find the API keys under profile overview tab
* Copy the API key and specify it in the API Key field.

Was This Article Helpful?