Getting Started with Shodan Eye - 5 min read

Shodan Eye collects and returns all information about every device that is directly connected to the internet and according to the keywords you entered.

What type of devices can be found with Shodan Eye

The types of devices that are indexed can vary enormously. It can be from small desktops to refrigerators or either nuclear power plants, webcams, water treatment facilities, coffee machines, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs and much more. Actually we can say everything you could possibly imagine that’s plugged into the internet.
Here you can find the latest post-upgrade about Shodan Eye


Connected devices

There are already over 10 billion connected devices active today, and that figure is expected to reach 64 billion by 2025. Shodan runs its scans 24/7, ensuring all its data is up to date. Shodan has picked up support for IPv6 addresses, but you won’t see those as often you can see IPv4.


Shodan Eye

Shodan Dorks

With Shodan Eye, you can find everything using “your own” specified keywords. Shodan queries examples can be found in the file attached in the Github repository named Shodan_Dorks_The_Internet_of_Sh*t.txt

The information obtained with Shodan Eye can be applied in many areas such as:

  • Network security, keep an eye on all devices in your company or at home that is connected to the internet
  • All sort off vulnerabilities

WHAT IS SHODAN?

It is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc …) currently connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the device sends back to the client.

Shodan the scariest search engine on the internet

Shodan terrifies non-technical people who don’t understand how the internet works. CNN called Shodan the “Scariest search engine on the internet” in 2013. This is definitely of no sense since attackers intent on causing harm don’t need Shodan to find targets.

Beware of the attacks on your own devices! 

A quick search for the term “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as their password. In many cases, it doesn’t even have a password, and you leave it blank. Until today, many connected systems require no credentials at all!


WHAT IS THE DIFFERENCE BETWEEN GOOGLE OR ANOTHER SEARCH ENGINE?

The most fundamental difference is that Shodan Eye analyzes the Internet, while Google analyzes the World Wide Web. Moreover, the devices connected to the World Wide Web are only a small part of what is really connected to the Internet.



SHODAN API KEY

For additional data gathering, you can enter a Shodan API key when prompted. A Shodan API key can be found here. Once your account has been confirmed you will receive your own API Key.


Shodan Eye api key

Pay attention 

Make sure that your Shodan API key you are entering is valid. I personally recommended to take out a paid subscription, but however a free account is sufficient to do a lot of things.


Shodan Eye collects and returns all information about every device that is directly connected to the internet and according to the keywords you entered.

The current version of Shodan Eye use Python 2.7 but another version using Python 3 is scheduled.


Shodan Eye collects and returns all information about every device that is directly connected to the internet and according to the keywords you entered.

Shodan Eye

Install Shodan Eye on Linux

git clone https://github.com/BullsEye0/shodan-eye.git
cd shodan-eye
pip install -r requirements.txt

Use Shodan Eye

python shodan-eye

After entering the above command you will be prompted to enter your Shodan API Key. That’s all, it’s now the time for you to enjoy. For more information please feel free to visit the Github repository.


Shodan Eye Video

Here is a brief summary of what Shodan Eye can do.



IMPORTANT THINGS TO REMEMBER

  • This article was written for educational purposes and pentest only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer


Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.

Written by

23   Posts

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ..." I ♥ open source"
View All Posts

2 thoughts on “Getting Started with Shodan Eye

  1. Do you like to save the output in a file? (Y/N) Y
    Traceback (most recent call last):
    File “shodan_eye.py”, line 98, in
    data = input(“\n[+] \033[34mDo you like to save the output in a file? \033[0m(Y/N) “).strip()
    File “”, line 1, in
    NameError: name ‘Y’ is not defined

    what should i do ? thanks a lot Jolanda de koff

Leave a Reply

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!