A short introduction to Shodan

Usually, when people search for something on the internet, Google is their first choice, but if you want to find devices that have a specific software running, Shodan.io is the go-to search engine.

Shodan gets its data mainly through Banner grabbing. It is a technique used to gain information about a computer system on a network and the services running on its open ports.

The Shodan crawlers do not scan network areas, but act purely by chance. Therefore, a random IP and a random port are chosen, from which the banner is fetched. In addition to the banners, metadata such as hostname, operating system, geographic location, etc. are stored.

When you go to their website it is always best to log in to activate all of the features.

As you can see, in the upper left corner you have the search function, but if you are not familiar with Shodan then I would recommend starting out with the Explore function.

When you go on Explore you will be able to see all kinds of different categories, like Featured Categories or Top Voted. You can open some categories to see and get a feel for what Shodan can actually do.

If you want to use the search bar, the filters help to narrow down the search.

A few simple filters for example are:
country — find devices within a country
hostname — find devices with a specific hostname
geo — specification of coordinates
os — specification of the operating system
port — specify the port

Click here for the full list of filters.

For example, by typing in city:”Madrid” you would get all the results that are located in Madrid.

CLI

In order to be able to use the service to its fullest, you generally do not want to work on the web interface, but rather via the CLI.

The Python module easy_install makes it easy to install Shodan:
easy_install shodan

Afterwards Shodan must be initialized: shodan init <API Key>

You can see the API key in your account (https://account.shodan.io).

Now the functions can be conveniently used via the console.