Shodan
  • 09 Jul 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Shodan

  • Dark
    Light
  • PDF

Article summary

Shodan is a search engine for Internet-connected devices.

Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Vulnerabilities
  • SaaS Applications

Parameters

  1. Shodan Domain (optional, default: api.shodan.io) - Should be kept as 'api.shodan.io'.
  2. CIDR (optional, default: empty) - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
  3. API Key (required) - Specify the API key you have defined. For details, see Generating Shodan API Key.
  4. Upload a CSV file or specify a query search:
Note:

You have to either enter a CIDR CSV File, a CIDR list, or a Query Search in order to configure this adapter

Enter a CIDR CSV File

  1. CIDR CSV File Name (optional) - This field is mandatory if a CSV File is being uploaded. If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.

Enter a CIDR CSV List

  1. CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan. Click Upload File to upload the file.
    The structure of the CSV should be as follows:
    • "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
    • DNSNAME column - optional. Each row in the CSV should be populated with the server name, if known.
      * NOTE: While the DNSNAME column is optional, the CSV file must contain at least two columns (CIDR and one other).

Specify a query search

  1. Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
  2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
  3. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  4. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Generating Shodan API Key

To generate a Shodan API key, do as follows:
* Register an account in Shodan
* Visit your registered email id and activate the account
* Login to your account and you will find the API keys under profile overview tab
* Copy the API key and specify it in the API Key field.


Was this article helpful?