Shodan Command line A Step-by-Step walkthrough - 13 min read
Shodan Command line in this article and video, I show you what you can do, and the benefit of using the Shodan command line in your terminal. Searching for Vulnerabilities to port scanning, there is an incredible amount possible with Shodan.
What is Shodan
Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc …) currently connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the device sends back to the client.
Shodan the scariest search engine on the internet
Shodan terrifies non-technical people who don’t understand how the internet works. CNN called Shodan the “Scariest search engine on the internet” in 2013. This is definitely of no sense since attackers intent on causing harm don’t need Shodan to find targets.
Beware of the attacks on your own devices!
A quick search for the term “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as their password. In many cases, it doesn’t even have a password, and you leave it blank. Until today, many connected systems require no credentials at all!
What is the difference between Google or another search engine?
The most fundamental difference is that Shodan Eye analyzes the Internet, while Google analyzes the World Wide Web. Moreover, the devices connected to the World Wide Web are only a small part of what is really connected to the Internet.
Hackers love the terminal
“You are a hacker. Your home is the terminal. You work on several projects at once, You know every keystroke is valuable. With just some commands, you can automate tasks, install your favorite software, view a whole network, find vulnerabilities on just about anything connected to the internet, compile a script, create additional user accounts, properly configure anonymity software, and optimize our interactions with terminals. When you search for something, it should be blazing fast. If something is less than 100% efficient, you will spend hours figuring out the right way to save yourself seconds.”
Shodan is already installed with the most penetration and security Linux distros, such as Kali Linux, Parrot OS, and BlackArch.
To show you a Shodan installation I have set up a Minimal Ubuntu Server 18.04
Shodan command line interface (CLI)
The shodan command-line interface (CLI) is packaged with the official Python library for Shodan, which means if you’re running the latest version of the library you already have access to the CLI. Also, the Shodan command line is more powerful than the website is.
Since I chose a Minimal Ubuntu Server to show the installation, I also have to install all other packages (eg python and pip) that are needed before you can install Shodan on your computer. It is good to try different Linux distros, you will learn a lot from that. And it is just fun..!
Python is not installed by default on CentOS. This also applies to a lot of other Linux distributions. I show you in the video how to install all of this.
Insall python and pip
To make it very easy, I put all the packages you need for python 2 and python 3 in one line.
To learn the command line well, I recommend that you don’t just copy everything, but type everything over, it’s a good way to learn
sudo apt install python python3 python-setuptools python3-setuptools python-pip python3-pip
After the Python and Pip install you have this result down below.
Shodan Install using Pip
Shodan is then easy to install using pip.
sudo pip install shodan
On the website of Shodan, they indicate installing Shodan using easy_install. (In this article I choose the pip install), see above.
sudo easy_install shodan
You don't need to have a paid account to use Shodan. You always can use the free version. But if you want to use Shodan very extensively, if it is for your security company, then I can recommend this. For myself, I have had a Shodan lifetime membership for years. This offers many advantages and much more is possible.
Shodan Membership In short: more access to the Shodan website and the API. On Black Friday “2019” shodan had an awesome deal “Shodan lifetime membership for $ 1 (instead of $ 49) I don’t know if you can still get a shodan account for that $ 50. Otherwise, waiting for another black Friday might be a good choice.
Get your shodan API key
Now that Shodan is installed you have to make a Shodan account. A Shodan API key can be found here. Once your account has been confirmed you will receive your own API Key.
Initialize your Shodan API Key
Once the tool is installed you have to initialize the environment with your API key using shodan init
sudo shodan init Your API Key
The Shodan command line
shodan -h / –help
┌─[bullseye@parrot]─[~] └──╼ $shodan -h Usage: shodan [OPTIONS] COMMAND [ARGS]... Options: -h, --help Show this message and exit. Commands: alert Manage the network alerts for your account convert Convert the given input data file into a... count Returns the number of results for a search data Bulk data access to Shodan domain View all available information for a domain download Download search results and save them in a... honeyscore Check whether the IP is a honeypot or not. host View all available information for an IP... info Shows general information about your account init Initialize the Shodan command-line myip Print your external IP address org Manage your organization's access to Shodan parse Extract information out of compressed JSON... radar Real-Time Map of some results as Shodan finds... scan Scan an IP/ netblock using Shodan. search Search the Shodan database stats Provide summary information about a search... stream Stream data in real-time.
Print your external IP address
Here is a list of all the commands to use for the Shodan alert. Keep track of the devices that you have exposed to the Internet. Setup notifications, launch scans and gain complete visibility into what you have connected. Here you can give it a try (It’s free)
┌─[bullseye@parrot]─[~] └──╼ $shodan alert Usage: shodan alert [OPTIONS] COMMAND [ARGS]... Manage the network alerts for your account Commands: clear Remove all alerts create Create a network alert to monitor an external... disable Disable a trigger for the alert enable Enable a trigger for the alert info Show information about a specific alert list List all the active alerts remove Remove the specified alert triggers List the available notification triggers
Shodan count returns the number of results for a search
shodan count port:22 shodan count port:22 country:US shodan count apache
Using Shodan stats
shodan stats --facets port net:198.20/16
View all available information for a domain.
shodan domain website.com
In the following lists you can see what keywords you can use for the Shodan Search
all, asn, city, country, cpe, device, geo, has_ipv6, has_screenshot, has_ssl, has_vuln, hash hostname, ip, isp, link, net, org, os, port, postal, product, region, scan, shodan.module, state, version
http.component, http.component_category, http.favicon.hash, http.html, http.html_hash, http.robots_hash, http.securitytxt, http.status, http.title, http.waf
bitcoin.ip, bitcoin.ip_count, bitcoin.port, bitcoin.version
snmp.contact, snmp.location, snmp.name
ssl, ssl.alpn, ssl.cert.alg, ssl.cert.expired, ssl.cert.extension, ssl.cert.fingerprint, ssl.cert.issuer.cn, ssl.cert.pubkey.bits, ssl.cert.pubkey.type, ssl.cert.serial, ssl.cert.subject.cn, ssl.chain_count, ssl.cipher.bits, ssl.cipher.name, ssl.cipher.version, ssl.version
ntp.ip, ntp.ip_count, ntp.more, ntp.port
telnet.do, telnet.dont, telnet.option, telnet.will, telnet.wont
The following filters are only available to users of higher API plans.
Filters Cheat Sheet Shodan
Shodan currently crawls nearly 1,500 ports across the Internet. Here are a few of the most commonly-used search filters to get started.
|city||Name of the city||Devices in San Diego|
|country||2-letter Country code||Open ports in the United States|
|http.title||Title of the website||“Hacked” Websites|
|net||Network range or IP in CIDR notation||Services in the range of 188.8.131.52 to 184.108.40.206|
|org||Name of the organization that owns the IP space||Devices at Google|
|port||Port number for the service that is running||SSH servers|
|product||Name of the software that is powering the service||Samsung Smart TVs|
|screenshot.label||Label that describes the content of the image||Screenshots of Industrial Control Systems|
|state||U.S. State||Devices in Texas|
Examples of a Shodan Search
shodan search port:9100 pjl shodan search --fields ip_str,port,org,hostnames microsoft iis 6.0 shodan search hacked by
shodan search hacked by
shodan host ip
View all available information for an IP. This also means that you often will find vulnerabilities, such as one of the photos you can see below. In the video, I will elaborate on this in more detail.
shodan host ipadress
Finding vulnerabilities with Shodan
With this host, I don’t have to explain very much. Because this all seems very clear. Prevention in this is everything. “Don’t get hacked”
A way to prevent this kind of thing happens
Do some upgrades! It’s that simple.
To see if an IP address is perhaps a honeypot, you can find out with this simple Shodan command line
shodan honeyscore IP Address
Video Shodan Command line
In this video I show you what options the Shodan Command line has and how you can use them. I’ll have setup a Ubunty 18.04 minimal server for this video to show you how to setup Shodan. I have choosen the Minimal Ubuntu server because i have to install python and pip on it as well. And this is just a CLI.
Conclusion “Shodan Command line”
I can speak from my own experience and I advise everyone to take a Shodan account. A free Shodan account is enough for many. You can do so much with Shodan. In this article, I only talked about Shodan Command-Line. Not about the website where you can do and lookup an incredible amount of things.
Also, this is not my first article and video that I make more or less about Shodan. (In many videos you see Shodan come back) Some time ago I made Shodan Eye. A tool with which you can find all devices that are connected to the internet. Here you can find more about Shodan Eye and also in this article The first version of Shodan Eye.
IMPORTANT THINGS TO REMEMBER
✓ This Video and Article are made for educational purposes and pentest only.
* You will not misuse the information to gain unauthorized access.
✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!
Read also the Disclaimer
All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel and on the website hackingpassion.com are meant for educational purposes only.
If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.
My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.
If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do so. Using the comment form.