Most developers think Shodan is just for hackers. It's not.
Shodan is the Google of the internet — but instead of websites, it indexes every device connected to the internet: servers, webcams, routers, databases, industrial systems.
And it has a free API that lets you search all of it programmatically.
What You Can Do With Shodan's Free API
- Find exposed databases (MongoDB, Elasticsearch, Redis)
- Check if your servers have open ports
- Monitor your company's attack surface
- Research IoT device security
- Find servers running specific software versions
Quick Start (5 Minutes)
1. Get your free API key
Sign up at shodan.io → Account → API Key.
Free plan: 100 results per search, 1 scan/month.
2. Install the Python library
pip install shodan
3. Search for exposed MongoDB databases
import shodan
api = shodan.Shodan('YOUR_API_KEY')
# Find MongoDB instances with no authentication
results = api.search('mongodb port:27017 -authentication')
print(f'Found {results["total"]} exposed MongoDB instances')
for result in results['matches'][:5]:
print(f' IP: {result["ip_str"]}:{result["port"]}')
print(f' Org: result.get("org"')
print(f' Country: result.get("location"')
print()
Output:
Found 48,231 exposed MongoDB instances
IP: 203.x.x.x:27017
Org: Amazon Web Services
Country: United States
Yes, there are 48K+ MongoDB instances with no authentication. In 2026.
5 Useful Searches
Find servers running a specific technology
# Find all Nginx servers in Germany
results = api.search('nginx country:DE')
print(f'Nginx servers in Germany: {results["total"]}')
Check your own IP
# See what Shodan knows about your server
host = api.host('YOUR_SERVER_IP')
print(f'Open ports: {host["ports"]}')
print(f'Vulns: host.get("vulns"')
for service in host['data']:
print(f' Port {service["port"]}: service.get("product"')
Find exposed Elasticsearch clusters
results = api.search('elasticsearch port:9200')
for r in results['matches'][:3]:
print(f'{r["ip_str"]} — r.get("org" — indices: {r["data"][:100]}')
Monitor a domain
# Search for all devices associated with a domain
results = api.search('hostname:example.com')
for r in results['matches']:
print(f'{r["ip_str"]}:{r["port"]} — r.get("product"')
Search by vulnerability (CVE)
# Find servers with a specific vulnerability
results = api.search('vuln:CVE-2021-44228') # Log4Shell
print(f'Still vulnerable to Log4Shell: {results["total"]}')
Free vs Paid
| Feature | Free | Membership ($49/mo) |
|---|---|---|
| Search results | 100 | Unlimited |
| Scans | 1/month | Unlimited |
| Filters | Basic | All (vuln, port, ssl) |
| API calls | 100/month | Unlimited |
| Alerts | ❌ | ✅ |
Free tier is enough for learning and basic security checks.
Ethical Note
Shodan indexes publicly available data. But using it to access systems you don't own is illegal. Use it only for:
- Your own servers
- Research with permission
- Bug bounty programs
- Academic research
What other security APIs do you use?
I'm building a collection of free security tools. If you know a useful security API I should add, drop it in the comments.
More security tools: Free Security APIs Toolkit — VirusTotal, Shodan, WHOIS, HIBP in one place.
Full list of scraping tools: Awesome Web Scraping 2026
Top comments (0)