Shodan

MOCs

• Overview
• Tips and Tricks
• Getting Started
• Basic Search Queries
• Filtering Search Results
• Understanding Search Results
• Using Shodan from the Command Line

Overview

Shodan is known as the “search engine for hackers,” providing the ability to locate devices such as routers, servers, IoT devices, and more, by indexing their information based on various criteria. It’s used for security research, vulnerability analysis, network monitoring, and competitive intelligence.

Documentation

Shodan.io Website

Shodan API

The Shodan API allows developers to access Shodan’s expansive database programmatically, enabling integration into custom applications or scripts.

• Clients:
  • Clients/Libraries

• API Documentation:
  • Rest API
  • Python Docs

Tips and Tricks

• Automate with the API: Use the Shodan API to automate searches and integrate Shodan data into your security tools or dashboards.
• Stay Informed on Vulnerabilities: Use Shodan to monitor known vulnerabilities across your network’s exposed devices.
• Explore with Filters: Utilize Shodan’s wide range of filters to refine your searches and pinpoint specific devices, vulnerabilities, or services.

Getting Started

• Creating an Account:
  Sign up at Shodan.io to start using Shodan. The free tier offers limited but powerful capabilities.
• Shodan Web Interface:
  The web interface allows you to perform searches, explore popular tags, and use filters directly from your browser.

Basic Search Queries

• Search by IP: 198.51.100.1 - Search for information about a specific IP address.
• Search by Port: port:22 - Find devices with a specific port open.
• Search by City: city:"New York" - Locate devices in a specific city.

Filtering Search Results

• By Country: country:US - Find devices located in the United States.
• By Operating System: os:"Windows 7" - Search for devices running Windows 7.
• By Device Type: product:"Apache HTTP Server" - Locate servers running Apache HTTP Server.

Understanding Search Results

Shodan search results can include a variety of information, such as IP addresses, device types, operating systems, open ports, banners, and sometimes even geolocation data.

Using Shodan from the Command Line

Shodan can be accessed via its Command Line Interface (CLI) for more advanced and automated interactions.

• Installation: Install the Shodan CLI using pip:

pip install shodan

• Initializing: Initialize Shodan CLI with your API key:

shodan init YOUR_API_KEY

• Performing a Search:

shodan search "apache"