- 09 Jul 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Shodan
- Updated on 09 Jul 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Shodan is a search engine for Internet-connected devices.
Based on specified subnet or list of subnets, data fetched from Shodan include: hostname, ports open to the world, vulnerabilities, address information (country, region, city), ISP and more.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Vulnerabilities
- SaaS Applications
Parameters
- Shodan Domain (optional, default: api.shodan.io) - Should be kept as 'api.shodan.io'.
- CIDR (optional, default: empty) - Specify a subnet to be used for fetching data from Shodan. If you want Shodan to scan multiple subnets, use the CIDR CSV File option to upload a CSV file with a list of subnets.
- API Key (required) - Specify the API key you have defined. For details, see Generating Shodan API Key.
- Upload a CSV file or specify a query search:
You have to either enter a CIDR CSV File, a CIDR list, or a Query Search in order to configure this adapter
Enter a CIDR CSV File
- CIDR CSV File Name (optional) - This field is mandatory if a CSV File is being uploaded. If you upload several CIDR CSV files (in different Shodan adapter servers), you can specify a logical name for that file. The name will be displayed in the Shodan adapter server list, enabling you to easily distinguish between different Shodan adapter servers.
Enter a CIDR CSV List
- CIDR CSV File - Upload a CSV file with a list of subnets to be used for fetching data from Shodan. Click Upload File to upload the file.
The structure of the CSV should be as follows:- "CIDR" column - Mandatory. Each row in the CSV should be populated with its subnet in the "X.Y.Z.N/P" format.
- DNSNAME column - optional. Each row in the CSV should be populated with the server name, if known.
* NOTE: While the DNSNAME column is optional, the CSV file must contain at least two columns (CIDR and one other).
Specify a query search
- Query Search - Specify a search query using Shodan's search query syntax. This field will tell the adapter to execute the query you have specified to find devices information.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
- HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Generating Shodan API Key
To generate a Shodan API key, do as follows:
* Register an account in Shodan
* Visit your registered email id and activate the account
* Login to your account and you will find the API keys under profile overview tab
* Copy the API key and specify it in the API Key field.