Shodan
  • 14 Nov 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Shodan

  • Dark
    Light
  • PDF

Article summary

Shodan is a search engine for Internet-connected devices.

Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Shodan Domain (optional, default: api.shodan.io) - Should be kept as 'api.shodan.io'.
  2. CIDR (optional, default: empty) - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
  3. API Key (required) - Specify the API key you have defined. For details, see Generating Shodan API Key.
  4. Upload a CSV file or specify a query search:
Note:

You have to either enter a CIDR CSV File, a CIDR list, or a Query Search in order to configure this adapter

* Upload a CSV file
* CIDR CSV File Name (optional) - This field is mandatory if a CSV File is being uploaded. If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.
* CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan.
* "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
* DNSNAME column - optional. Each row in the CSV should be populated with the server name, if known.
* NOTE: While the DNSNAME column is optional, the CSV file must contain at least two columns (CIDR and one other).
* Specify a query search
* Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
6. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Shodan Domain.
* If supplied, Axonius will utilize the proxy when connecting to the value supplied in Shodan Domain.
* If not supplied, Axonius will connect directly to the value supplied in Shodan Domain.
7. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Shodan Domain via the value supplied in HTTPS Proxy.
* If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
* If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
8. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Shodan Domain via the value supplied in HTTPS Proxy.
* If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
* If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
9. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Generating Shodan API Key

To generate a Shodan API key, do as follows:
* Register an account in Shodan
* Visit your registered email id and activate the account
* Login to your account and you will find the API keys under profile overview tab
* Copy the API key and specify it in the API Key field.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.