What Is Shodan?
Shodan is a search engine for internet-connected devices. While Google indexes websites, Shodan indexes everything else: servers, webcams, databases, IoT devices.
Free vs Paid
| Feature | Free | Membership ($49) |
|---|---|---|
| Search queries | 100/month | Unlimited |
| Results per query | 100 | 10,000 |
| Scan credits | 100/month | 5,000/month |
Setup
pip install shodan
Get your API key at account.shodan.io.
Search for Exposed Services
import shodan
api = shodan.Shodan("YOUR_API_KEY")
results = api.search("mongodb port:27017")
print(f"Found {results[chr(39)+"total"+chr(39)]} results")
for r in results["matches"][:5]:
print(f"{r["ip_str"]}:{r["port"]}")
Audit Your Own IP
def audit_ip(ip):
host = api.host(ip)
print(f"Open ports: {host["ports"]}")
vulns = host.get("vulns", [])
if vulns:
print(f"VULNERABILITIES: {vulns[:5]}")
audit_ip("8.8.8.8")
Search Filters
city:"San Francisco"
country:"US"
org:"Google"
port:22
product:"nginx"
vuln:"CVE-2021-44228"
Shodan is for defensive security only.
More from me: 10 Dev Tools I Use Daily | 77 Scrapers on a Schedule | 150+ Free APIs
Top comments (0)