The latest articles on DEV Community by Billy (@devyjones). https://dev.to/devyjones https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3986902%2Fb8e99535-4b22-4d59-bcec-ffd433c964fc.png https://dev.to/devyjones en Billy Tue, 16 Jun 2026 08:05:30 +0000 https://dev.to/devyjones/on-demand-internet-scanning-in-python-scan-any-ip-cidr-or-country-with-scansearch-2n40 https://dev.to/devyjones/on-demand-internet-scanning-in-python-scan-any-ip-cidr-or-country-with-scansearch-2n40 <p>Search engines like Shodan and Censys are great, but they show you an <em>index</em> — data collected on their schedule, which can be hours, days, or weeks old. Sometimes you don't want the last snapshot. You want to know what's open <strong>right now</strong>.</p> <p>That's the gap <a href="https://scansearch.net" rel="noopener noreferrer">ScanSearch</a> fills: instead of querying a pre-built index, you trigger a real SYN + service-detection scan of a target through a REST API and get current results back in seconds. Here's how to drive it from Python.</p> <h2> Install </h2> <p>The SDK is open source (MIT). Until the PyPI release it installs straight from GitHub:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>git+https://github.com/ScanSearch/scansearch-python.git </code></pre> </div> <p>Grab an API key from your dashboard at <code>https://scansearch.net/dashboard/api-keys/</code> and export it — the client picks it up automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">SCANSEARCH_API_KEY</span><span class="o">=</span><span class="s2">"your-key"</span> </code></pre> </div> <p>The free tier scans at 2 kpps, which is plenty to follow along.</p> <h2> Scan a CIDR and wait for the result </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">scansearch</span> <span class="kn">import</span> <span class="n">Client</span> <span class="n">api</span> <span class="o">=</span> <span class="nc">Client</span><span class="p">()</span> <span class="c1"># reads SCANSEARCH_API_KEY from the environment </span> <span class="n">job</span> <span class="o">=</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span> <span class="n">targets</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">192.0.2.0/24</span><span class="sh">"</span><span class="p">],</span> <span class="n">ports</span><span class="o">=</span><span class="sh">"</span><span class="s">80,443,8080,8443</span><span class="sh">"</span><span class="p">,</span> <span class="n">modules</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">services</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan_wait</span><span class="p">(</span><span class="n">job</span><span class="p">[</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">])</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">open ports: </span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">open_ports_found</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">services: </span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">services_found</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><code>modules=["ports", "services"]</code> means you get open ports <em>plus</em> service identification — banners, product/version, TLS certificate details, and JARM/JA3S fingerprints — per host/port.</p> <h2> Fire-and-forget for big targets </h2> <p>A <code>/24</code> finishes fast. A whole country does not, so don't block on it — kick it off, store the <code>task_id</code>, and poll when you're ready:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">job</span> <span class="o">=</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span><span class="n">targets</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">country:DE</span><span class="sh">"</span><span class="p">],</span> <span class="n">ports</span><span class="o">=</span><span class="sh">"</span><span class="s">9200</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">task_id:</span><span class="sh">"</span><span class="p">,</span> <span class="n">job</span><span class="p">[</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># ...later, from anywhere </span><span class="nf">print</span><span class="p">(</span><span class="n">api</span><span class="p">.</span><span class="nf">scan_status</span><span class="p">(</span><span class="n">job</span><span class="p">[</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">]))</span> </code></pre> </div> <p>Targets can be a single IP, a CIDR, a list of CIDRs, a domain list, or a <code>country:&lt;CC&gt;</code> code.</p> <h2> Turn up the speed </h2> <p>Scan rate is set per call (capped by your plan). Higher speed = the same job finishes sooner:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">job</span> <span class="o">=</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span> <span class="n">targets</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">10.0.0.0/16</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">192.168.0.0/16</span><span class="sh">"</span><span class="p">],</span> <span class="n">ports</span><span class="o">=</span><span class="sh">"</span><span class="s">1-1024</span><span class="sh">"</span><span class="p">,</span> <span class="n">modules</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">ports</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">services</span><span class="sh">"</span><span class="p">],</span> <span class="n">speed</span><span class="o">=</span><span class="mi">1000</span><span class="p">,</span> <span class="c1"># kpps </span><span class="p">)</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan_wait</span><span class="p">(</span><span class="n">job</span><span class="p">[</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">],</span> <span class="n">poll_interval</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="c1"># changed your mind? </span><span class="n">api</span><span class="p">.</span><span class="nf">scan_stop</span><span class="p">(</span><span class="n">job</span><span class="p">[</span><span class="sh">"</span><span class="s">task_id</span><span class="sh">"</span><span class="p">])</span> </code></pre> </div> <h2> Handle the errors you'll actually hit </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">scansearch</span> <span class="kn">import</span> <span class="n">Client</span><span class="p">,</span> <span class="n">AuthError</span><span class="p">,</span> <span class="n">RateLimitError</span><span class="p">,</span> <span class="n">NotFoundError</span><span class="p">,</span> <span class="n">APIError</span> <span class="k">try</span><span class="p">:</span> <span class="n">api</span><span class="p">.</span><span class="nf">scan_status</span><span class="p">(</span><span class="mi">99999</span><span class="p">)</span> <span class="k">except</span> <span class="n">NotFoundError</span><span class="p">:</span> <span class="p">...</span> <span class="c1"># no such task </span><span class="k">except</span> <span class="n">RateLimitError</span><span class="p">:</span> <span class="p">...</span> <span class="c1"># daily quota or per-minute limit </span><span class="k">except</span> <span class="n">AuthError</span><span class="p">:</span> <span class="p">...</span> <span class="c1"># bad / revoked key </span><span class="k">except</span> <span class="n">APIError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">status</span><span class="p">,</span> <span class="n">e</span><span class="p">.</span><span class="n">body</span><span class="p">)</span> </code></pre> </div> <h2> Prefer the shell? </h2> <p>Everything above has a CLI equivalent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>scansearch scan 192.0.2.0/24 <span class="nt">--ports</span> 80,443,8080 <span class="nt">--modules</span> ports,services <span class="nt">--wait</span> scansearch scan country:DE <span class="nt">--ports</span> 9200 <span class="nt">--speed</span> 1000 <span class="nt">--wait</span> scansearch status 1234 scansearch stop 1234 </code></pre> </div> <h2> Where on-demand scanning beats an index </h2> <ul> <li> <strong>Bug-bounty recon</strong> — scan your in-scope CIDRs fresh and grab current open ports + banners, not last month's.</li> <li> <strong>Asset discovery / shadow IT</strong> — point it at your own AS or netblocks and find what's exposed that shouldn't be.</li> <li> <strong>Continuous monitoring</strong> — scan your ranges daily, diff the results, alert on new open ports.</li> <li> <strong>Vulnerability triage</strong> — combine <code>services</code> enrichment with CVE matching to find newly exposed <code>ssh</code>, <code>rdp</code>, <code>elasticsearch</code>, etc.</li> </ul> <h2> Links </h2> <ul> <li>Source (Python SDK + CLI): <a href="https://github.com/ScanSearch/scansearch-python" rel="noopener noreferrer">https://github.com/ScanSearch/scansearch-python</a> </li> <li>API docs: <a href="https://scansearch.net/resources/api-docs/" rel="noopener noreferrer">https://scansearch.net/resources/api-docs/</a> </li> <li>Free recon tools (port scanner, SSL checker, subdomain finder, CVE lookup): <a href="https://scansearch.net/tools/" rel="noopener noreferrer">https://scansearch.net/tools/</a> </li> </ul> <p>If you build something with it, I'd love to hear what you scanned and why.</p> security python osint networking