shodan command line

Shodan Command line A Step-by-Step walkthrough - 13 min read

Shodan Command line in this article and video, I show you what you can do, and the benefit of using the Shodan command line in your terminal. Searching for Vulnerabilities to port scanning, there is an incredible amount possible with Shodan.


What is Shodan

Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc …) currently connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the device sends back to the client.


Shodan the scariest search engine on the internet

Shodan terrifies non-technical people who don’t understand how the internet works. CNN called Shodan the “Scariest search engine on the internet” in 2013. This is definitely of no sense since attackers intent on causing harm don’t need Shodan to find targets.


shodan
Shodan Eye is a tool I made.

Beware of the attacks on your own devices! 

A quick search for the term “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as their password. In many cases, it doesn’t even have a password, and you leave it blank. Until today, many connected systems require no credentials at all!

Some nice articles to read are the “Hacking printers” and “Hacking Security webcams” In these articles, I show you how to use Shodan for that.


What is the difference between Google or another search engine?

The most fundamental difference is that Shodan Eye analyzes the Internet, while Google analyzes the World Wide Web. Moreover, the devices connected to the World Wide Web are only a small part of what is really connected to the Internet.


Hackers love the terminal

“You are a hacker. Your home is the terminal. You work on several projects at once, You know every keystroke is valuable. With just some commands, you can automate tasks, install your favorite software, view a whole network, find vulnerabilities on just about anything connected to the internet, compile a script, create additional user accounts, properly configure anonymity software, and optimize our interactions with terminals. When you search for something, it should be blazing fast. If something is less than 100% efficient, you will spend hours figuring out the right way to save yourself seconds.”


Install Shodan

Shodan is already installed with the most penetration and security Linux distros, such as Kali Linux, Parrot OS, and BlackArch.
To show you a Shodan installation I have set up a Minimal Ubuntu Server 18.04


Shodan command line interface (CLI)

The shodan command-line interface (CLI) is packaged with the official Python library for Shodan, which means if you’re running the latest version of the library you already have access to the CLI. Also, the Shodan command line is more powerful than the website is.

Since I chose a Minimal Ubuntu Server to show the installation, I also have to install all other packages (eg python and pip) that are needed before you can install Shodan on your computer. It is good to try different Linux distros, you will learn a lot from that. And it is just fun..!

Python is not installed by default on CentOS. This also applies to a lot of other Linux distributions. I show you in the video how to install all of this.


Insall python and pip

To make it very easy, I put all the packages you need for python 2 and python 3 in one line.

To learn the command line well, I recommend that you don’t just copy everything, but type everything over, it’s a good way to learn


sudo apt install python python3 python-setuptools python3-setuptools python-pip python3-pip

Insall python and pip

After the Python and Pip install you have this result down below.


Shodan Install using Pip

Shodan is then easy to install using pip.

sudo pip install shodan

pip install shodan

On the website of Shodan, they indicate installing Shodan using easy_install. (In this article I choose the pip install), see above.

sudo easy_install shodan

Shodan command line interface (CLI)

Shodan account

You don't need to have a paid account to use Shodan. You always can use the free version. But if you want to use Shodan very extensively, if it is for your security company, then I can recommend this. For myself, I have had a Shodan lifetime membership for years. This offers many advantages and much more is possible.

Shodan Membership In short: more access to the Shodan website and the API. On Black Friday “2019” shodan had an awesome deal “Shodan lifetime membership for $ 1 (instead of $ 49) I don’t know if you can still get a shodan account for that $ 50. Otherwise, waiting for another black Friday might be a good choice.


Get your shodan API key

Now that Shodan is installed you have to make a Shodan account. A Shodan API key can be found here. Once your account has been confirmed you will receive your own API Key.


Get your shodan API key

Initialize your Shodan API Key

Once the tool is installed you have to initialize the environment with your API key using shodan init

sudo shodan init Your API Key

shodan api Key

The Shodan command line

shodan -h / –help


┌─[bullseye@parrot]─[~]
└──╼ $shodan -h
Usage: shodan [OPTIONS] COMMAND [ARGS]...

Options:
  -h, --help  Show this message and exit.

Commands:
  alert       Manage the network alerts for your account
  convert     Convert the given input data file into a...
  count       Returns the number of results for a search
  data        Bulk data access to Shodan
  domain      View all available information for a domain
  download    Download search results and save them in a...
  honeyscore  Check whether the IP is a honeypot or not.
  host        View all available information for an IP...
  info        Shows general information about your account
  init        Initialize the Shodan command-line
  myip        Print your external IP address
  org         Manage your organization's access to Shodan
  parse       Extract information out of compressed JSON...
  radar       Real-Time Map of some results as Shodan finds...
  scan        Scan an IP/ netblock using Shodan.
  search      Search the Shodan database
  stats       Provide summary information about a search...
  stream      Stream data in real-time.

myip

Print your external IP address

shodan myip

Shodan myip

Shodan alert

Here is a list of all the commands to use for the Shodan alert. Keep track of the devices that you have exposed to the Internet. Setup notifications, launch scans and gain complete visibility into what you have connected. Here you can give it a try (It’s free)


┌─[bullseye@parrot]─[~]
└──╼ $shodan alert
Usage: shodan alert [OPTIONS] COMMAND [ARGS]...

  Manage the network alerts for your account

Commands:
  clear     Remove all alerts
  create    Create a network alert to monitor an external...
  disable   Disable a trigger for the alert
  enable    Enable a trigger for the alert
  info      Show information about a specific alert
  list      List all the active alerts
  remove    Remove the specified alert
  triggers  List the available notification triggers

Shodan alert

Shodan count

Shodan count returns the number of results for a search

shodan count port:22
shodan count port:22 country:US

shodan count apache

Shodan count

Using Shodan stats

shodan stats --facets port net:198.20/16

Shodan stats

Domain Shodan

View all available information for a domain.

shodan domain website.com

shodan domain search

Shodan search

In the following lists you can see what keywords you can use for the Shodan Search


General

all, asn, city, country, cpe, device, geo, has_ipv6, has_screenshot, has_ssl, has_vuln, hash hostname, ip, isp, link, net, org, os, port, postal, product, region, scan, shodan.module, state, version


Screenshots

screenshot.label


HTTP

http.component, http.component_category, http.favicon.hash, http.html, http.html_hash, http.robots_hash, http.securitytxt, http.status, http.title, http.waf


Bitcoin

bitcoin.ip, bitcoin.ip_count, bitcoin.port, bitcoin.version


SNMP

snmp.contact, snmp.location, snmp.name


SSL

ssl, ssl.alpn, ssl.cert.alg, ssl.cert.expired, ssl.cert.extension, ssl.cert.fingerprint, ssl.cert.issuer.cn, ssl.cert.pubkey.bits, ssl.cert.pubkey.type, ssl.cert.serial, ssl.cert.subject.cn, ssl.chain_count, ssl.cipher.bits, ssl.cipher.name, ssl.cipher.version, ssl.version


NTP

ntp.ip, ntp.ip_count, ntp.more, ntp.port


Telnet

telnet.do, telnet.dont, telnet.option, telnet.will, telnet.wont


SSH

ssh.hassh, ssh.type


Restricted

The following filters are only available to users of higher API plans.
tag, vuln


Filters Cheat Sheet Shodan

Shodan currently crawls nearly 1,500 ports across the Internet. Here are a few of the most commonly-used search filters to get started.


Filter NameDescriptionExample
cityName of the cityDevices in San Diego
country2-letter Country codeOpen ports in the United States
http.titleTitle of the website“Hacked” Websites
netNetwork range or IP in CIDR notationServices in the range of 8.8.0.0 to 8.8.255.255
orgName of the organization that owns the IP spaceDevices at Google
portPort number for the service that is runningSSH servers
productName of the software that is powering the serviceSamsung Smart TVs
screenshot.labelLabel that describes the content of the imageScreenshots of Industrial Control Systems
stateU.S. StateDevices in Texas

Examples of a Shodan Search

shodan search port:9100 pjl

shodan search --fields ip_str,port,org,hostnames microsoft iis 6.0

shodan search hacked by

shodan search

shodan search hacked by

Shodan search

shodan host ip

View all available information for an IP. This also means that you often will find vulnerabilities, such as one of the photos you can see below. In the video, I will elaborate on this in more detail.

shodan host ipadress
shodan host

Finding vulnerabilities with Shodan

With this host, I don’t have to explain very much. Because this all seems very clear. Prevention in this is everything. “Don’t get hacked”


A way to prevent this kind of thing happens
Do some upgrades! It’s that simple.


shodan vulnerabilities

Honeyscore

To see if an IP address is perhaps a honeypot, you can find out with this simple Shodan command line

shodan honeyscore IP Address

honeyscore

Video Shodan Command line

In this video I show you what options the Shodan Command line has and how you can use them. I’ll have setup a Ubunty 18.04 minimal server for this video to show you how to setup Shodan. I have choosen the Minimal Ubuntu server because i have to install python and pip on it as well. And this is just a CLI.


Conclusion “Shodan Command line”

I can speak from my own experience and I advise everyone to take a Shodan account. A free Shodan account is enough for many. You can do so much with Shodan. In this article, I only talked about Shodan Command-Line. Not about the website where you can do and lookup an incredible amount of things.

Also, this is not my first article and video that I make more or less about Shodan. (In many videos you see Shodan come back) Some time ago I made Shodan Eye. A tool with which you can find all devices that are connected to the internet. Here you can find more about Shodan Eye and also in this article The first version of Shodan Eye.


IMPORTANT THINGS TO REMEMBER

✓ This Video and Article are made for educational purposes and pentest only.

* You will not misuse the information to gain unauthorized access.

✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!


Read also the Disclaimer

All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel and on the website hackingpassion.com are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.


Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do so. Using the comment form.


Written by

23   Posts

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ..." I ♥ open source"
View All Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!