Axonius Documentation
Start typing to search…

Shodan

Shodan is a search engine for Internet-connected devices.

Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Vulnerabilities
  • SaaS Applications

Parameters

  1. Shodan Domain (optional, default: api.shodan.io) - Should be kept as 'api.shodan.io'.
  2. CIDR (optional, default: empty) - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
  3. API Key (required) - Specify the API key you have defined. For details, see Generating Shodan API Key.
  4. Upload a CSV file or specify a query search:
📘

Note

You have to either enter a CIDR CSV File, a CIDR list, or a Query Search in order to configure this adapter

Enter a CIDR CSV File

  1. CIDR CSV File Name (optional) - This field is mandatory if a CSV File is being uploaded. If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.

Enter a CIDR CSV List

  1. CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan. Click Upload File to upload the file. The structure of the CSV should be as follows:
    • "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
    • DNSNAME column - optional. Each row in the CSV should be populated with the server name, if known.
    • NOTE: While the DNSNAME column is optional, the CSV file must contain at least two columns (CIDR and one other).

Specify a query search

  1. Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
  2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
  3. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  4. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

ShodanParameters

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Ignore "www" in hostname before shorting - Enable this to remove the www from the device's hostname. This way, the "short hostname" configuration will affect the domain and not the www part.
  2. Fetch Vulnerabilities - Select whether to fetch Vulnerabilities (default: True).
📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Generating Shodan API Key

To generate a Shodan API key, do as follows:

  • Register an account in Shodan
  • Visit your registered email id and activate the account
  • Login to your account and you will find the API keys under profile overview tab
  • Copy the API key and specify it in the API Key field.

Updated 3 days ago