Here are some of the free services that Shodan provides that don't require any payment, don't require a Shodan account and don't require an API key: 1. Vulnerability Information https://cvedb.shodan.io The CVEDB website lets you explore known vulnerabilities and provides a free API to quickly get vulnerability| Shodan Blog
Favicons are the small icons that you see in the browser tab next to the website title or in your bookmarks. For example, the Shodan logo on the left side of the browser tab is the favicon: They typically contain the logo of the company which gives them 2 functions:| Shodan Blog
A few notable usability improvements to the IP information page: Web Technologies Web technologies are now grouped by categories and we show version information (if available). The information was always grouped in the underlying JSON and we now also show it that way on the website. Learn more about the| Shodan Blog
As a quick recap, Shodan Trends is a website that lets you see how the Internet has changed over time. For example, you can use it to see how exposed industrial control systems have been over the years: Up until now, the only option to download the information was to| Shodan Blog
We've recently decided to stop accepting cryptocurrency payments (again) and I wanted to share some of the issues we encountered. Background Shodan is a website aimed at technical users and organizations. We have nearly 5 million registered users which makes Shodan one of the larger security-related websites. Around 8 years| Shodan Blog
Shodan is turning 13 years old later this year and throughout that time we've kept an archive of all information we've ever seen. The regular search engine only shows recent information but we provide various methods for accessing Shodan's historical data: IP information page Command-line interface API Shodan Trends The| Shodan Blog
You have a long list of IPs and you quickly want to get a basic idea of what they're running for the purpose of: Make sure they're not exposing any unexpected services Filter out VPN IPs from a list of IOCs Prioritize IPs that have possible vulnerabilities Introducing nrich, a| Shodan Blog
It's now possible for enterprise customers to subscribe to a data feed of search results. Instead of running a search query every day to ask for new results you can stay connected to a new API endpoint and Shodan will send you any banners that meet the search criteria. Read| Shodan Blog
For more than a decade, Shodan has been singularly focused on understanding network services and devices available to the Internet. To that end, we've developed a lot of custom protocol parsers and tooling to get insights about exposed services. You can get a sense for the type of information that's| Shodan Blog
The Internet looks different depending on where you live. The Chinese firewall is the classic example but there are lots of other instances as well. Many websites block traffic from countries in which they will never have customers. Data privacy concerns can require organizations to serve user requests from nearby| Shodan Blog
This year we rolled out the new main Shodan website and alongside it updated the look of all websites. There were a few specific goals that we had for the new look and feel: Reduce page sizes. The web is becoming increasingly bloated. Lets try to keep things lean. Remove| Shodan Blog
You want to learn more about Elastic clusters exposed to the Internet. You know that the Elastic service runs on port 9200 so you go ahead and search on Shodan for that port and you get nearly a million results. A quick glance shows that these results include: CDNs Honeypots| Shodan Blog
Shodan was originally designed as a tool to understand how technology use is changing on the Internet. The information collected from the Shodan crawlers would be able to provide users with a data-driven view of what the Internet looks like; i.e. not based on surveys or sampling of popular| Shodan Blog
Shodan has seen tremendous growth the past year both in terms of additional data collection as well as number of users. Due to that increased demand we started seeing cracks in the search engine performance. All of our websites are built on-top of the same public API that our customers| Shodan Blog
There are many ways to track command & control servers from bad guys but they often rely on looking for indicators in the service metadata (ex. certificate information). Around a decade ago we developed a novel technique to proactively find the infrastructure: Malware Hunter. Malware Hunter finds command & control| Shodan Blog