# Shodan

| **Shodan**       | **Quick Overview**                                                                                                                                           |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| URL              | <https://www.shodan.io/>                                                                                                                                     |
| What it does     | Scans the internet and indexes information about devices connected to it e.g. open ports, services running, banners, and location/organisation data.         |
| How to use it    | You can search using keywords, IP addresses, or filters (like country, port, or organisation) to find specific types of devices or systems.                  |
| Cost             | Partially free.                                                                                                                                              |
| Account required | No for basic use. Yes for more detailed results and features.                                                                                                |
| Cookies          | Uses cookies for login sessions, preferences, and analytics.                                                                                                 |
| Ownership        | Owned and founded by John Matherly.                                                                                                                          |
| Use in Reporting | Can be used to support findings about exposed systems, misconfigured servers, or potential security risks. Always ensure findings are responsibly disclosed. |

### **What does Shodan do?**

Instead of finding websites like Google Search, it lets you discover servers, webcams, routers, industrial systems, and other devices that are exposed online. It’s widely used in cybersecurity and OSINT investigations to understand what is publicly accessible on the internet.

**The lowdown:** Think of Shodan as a ‘Google for devices.’ The tool is even seeing TVs, cell phones, traffic lights, industrial controls, infrastructure plants and various home appliances pop-up in the search results.

### How to Use:

1. **Head to the** [**website**](https://www.shodan.io/) **and search for something specific.**

&#x20;Try simple searches like:

* IP address (e.g. 8.8.8.8)
* Service (e.g. “Apache”, “FTP”)

Filters (e.g. port:22 country:GB)

<figure><img src="https://2429831402-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3YeRsjw1gI6xxIP4cuOd%2Fuploads%2Fuy2nV8hvtbRUdVgYLhNt%2Funknown.png?alt=media&#x26;token=2e7cea6f-7929-44af-a9ec-8289b2e1c81d" alt=""><figcaption></figcaption></figure>

**2. Click on results to see details like open ports, software versions, location data and security issues.**

*NB: To view raw data, timeline and Whois, you’ll need to sign up for an account.*

### Cost:

* [ ] Paid
* [x] Partially Free
* [ ] Free

Free account with limited results. Paid plans for full access.

## Data Processing

### Account required:

* [x] Yes
* [x] No

No for basic use. Yes for more detailed results and features.

### Cookies:

When signed out, no cookies were recorded for our session.

### Use in Reporting

Shodan is useful for:

* Identifying exposed systems or services
* Supporting cybersecurity assessments
* Highlighting misconfigurations
* Providing evidence of publicly accessible infrastructure

As a real-world example, security researchers [used Shodan to find thousands of publicly accessible databases running MongoDB in 2017](https://arstechnica.com/information-technology/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/). Because these databases were not properly secured (no passwords or authentication), anyone could access them over the internet.

| **Capabilities**                                     | **Limitations**                                             |
| ---------------------------------------------------- | ----------------------------------------------------------- |
| Searches internet-connected devices globally.        | Data may be outdated (not real-time).                       |
| Filters by country,port, organisation, and more.     | Limited access without a paid account.                      |
| Reveals service banners and metadata.                | Requires technical knowledge to interpret results properly. |
| Helps identify vulnerabilities and exposed services. | Cannot access private/internal networks.                    |

### Summary

Shodan is a powerful OSINT tool that helps you see what devices and services are exposed on the internet. It’s especially useful for cybersecurity research, sitting in the middle of the OSINT workflow helping you discover and analyse exposed internet infrastructure. As such, it must be used responsibly and ethically.

### Ownership

Shodan is owned and founded by [John Matherly](https://www.linkedin.com/in/jmath/). Born in Switzerland and now in the USA since he was 17 years old, Matherly is also an Internet cartographer and speaker.

### Ethical Considerations:

* Only use for legitimate research or defensive purposes.
* Do not attempt to access or exploit systems you find.
* Respect privacy and legal boundaries.
* Follow responsible disclosure if vulnerabilities are discovered.

### Related Tools:

* [Censys](https://tools.osintnewsletter.com/osint-tools/censys)
* ZoomEye
* BinaryEdge

#### Sources:

<https://leanpub.com/u/shodan>&#x20;

<https://mastodon.shodan.io/@shodan>

<https://www.linkedin.com/in/jmath/>&#x20;

<https://arstechnica.com/information-technology/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/>