Shodan
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

Shodan

  • Print
  • Share
  • Dark
    Light

Shodan is a search engine for Internet-connected devices.

Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.

The Shodan adapter connection requires the following values:

  1. Shodan Domain – Should be kept as 'api.shodan.io'.
  2. CIDR - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
  3. API Key – Specify the API key you have defined. For details, see 'Generating Shodan API Key' section below
  4. HTTPS Proxy (optional) - You can configure a proxy specifically to the adapter instead of directly approaching the domain.
  5. CIDR CSV File Name (optional) - If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.
  6. CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan. If you want Shodan to scan a single subnet, you can specify it in the CIDR field
  7. Choose Instance - if you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes

image.png

Generating Shodan API Key

To generate a Shodan API key, do as follows:
1. Register an account in Shodan
2. Visit your registered email id and activate the account
3. Login to your account and you will find the API keys under profile overview tab
4. Copy the API key and this is the value for shodan_api field in the config.py file

Was this article helpful?