alert Manage the network alerts for your account convert Convert the given input data file into a different format. count Returns the number of results for a search data Bulk data access to Shodan domain View all available information for a domain download Download search results and save them in a compressed JSON... honeyscore Check whether the IP is a honeypot or not. host View all available information for an IP address info Shows general information about your account init Initialize the Shodan command-line myip Print your external IP address org Manage your organization's access to Shodan parse Extract information out of compressed JSON files. radar Real-Time Map of some results as Shodan finds them. scan Scan an IP/ netblock using Shodan. search Search the Shodan database stats Provide summary information about a search query stream Stream data in real-time. version Print version of this tool.
Commands: clear Remove all alerts create Create a network alert to monitor an external... disable Disable a trigger for the alert domain Create a network alert based on a domain name enable Enable a trigger for the alert info Show information about a specific alert list List all the active alerts remove Remove the specified alert triggers List the available notification triggers
Commands: internet Scan the Internet for a specific port and protocol using the... list Show recently launched scans protocols List the protocols that you can scan with using Shodan. status Check the status of an on-demand scan. submit Scan an IP/ netblock using Shodan.
shodan scan submit IP
1 2 3 4 5 6
shodan scan list # 3 Scans Total - Showing 10 most recent scans: # Scan ID Status Size Timestamp L QUEUE 2 2021-04-22T08:28:33.434000 f QUEUE 1 2021-04-22T08:28:26.624000 H QUEUE 1 2021-04-22T08:28:19.008000
shodan scan status SCAN_ID
1 2 3 4 5 6 7 8 9 10 11 12 13
$ shodan scan internet -h Usage: shodan scan internet [OPTIONS] PORT PROTOCOL
Scan the Internet for a specific port and protocol using the Shodan infrastructure.
Options: --quiet Disable the printing of information to the screen. -h, --help Show this message and exit. ##example 扫描全网22端口 （我这api不是企业用户的，命令格式就差不多这个样子。。 $ shodan scan internet 22 ssh
$ shodan scan protocols afp AFP server information grabbing module ajp Check whether the Tomcat server running AJP protocol amqp Grab information from an AMQP service andromouse Checks whether the device is running the remote mouse AndroMouse service. apple-airport-admin Check whether the device is an Apple AirPort administrative interface. ard Query the Apple Remote Desktop service for information about the device auto Detect the type of service that runs on the port and send the appropriate request. automated-tank-gauge Get the tank inventory for a gasoline station. bacnet Gets various information from a BACnet device. beanstalk Get general information about the Beanstalk daemon bgp Checks whether the device is running BGP. bitcoin Grabs information about a Bitcoin daemon, including any devices connected to it. bittorrent-tracker Check whether there is a BitTorrent tracker running. blackshades Determine whether a server is running a Blackshades C&C cassandra Get cluster information for the Cassandra database software. checkpoint-hostname Get hostnames for the CheckPoint firewall and management station. cisco-smi Check whether the device supports the Cisco Smart Install feature. citrix-apps This module attempts to query Citrix Metaframe ICA server to obtain a published list of applications. clamav Determine whether a server is running ClamAV coap Check whether the server supports the CoAP protocol coap-dtls Check whether the server supports the CoAP protocol with DTLS codesys Grab a banner for Codesys daemons consul Determine wether consul is running & collect relevant info couchdb HTTP banner grabbing module crestron Checks for other servers with the same serial number on the local network. AAAAAA is a dummy value. dahua-dvr Grab the serial number from a Dahua DVR device. darktrack-rat Checks whether the device is a C2 for DarkTrack RAT. dhcp Send a DHCP INFORM request to learn about the lease information from the DHCP server. dht Gets a list of peers from a DHT node. dicom Checks whether the DICOM service is running. dictionary Connects to a dictionary server using the DICT protocol. dnp3 A dump of data from a DNP3 outstation dns-tcp Try to determine the version of a DNS server by grabbing version.bind dns-udp Try to determine the version of a DNS server by grabbing version.bind echo-udp Checks whether the device is running echo. epmd Get a list of Erlang services and the ports they are listening on etcd Etcd cluster information ethereum-rpc Grabs version information about the Ethereum node. ethernetip Grab information from a device supporting EtherNet/IP over TCP ethernetip-udp Grab information from a device supporting EtherNet/IP over UDP flux-led Grab the current state from a Flux LED light bulb. fox Grabs a banner for proprietary FOX protocol by Tridium ftp Grab the FTP banner gardasoft-vision Grabs the version for the Gardasoft controller. gearman Gather usage information from a Gearman queue general-electric-srtp Check whether the GE SRTP service is active on the device. ghost-rat Checks whether the device is a C2 for Gh0st RAT. git Check whether git is running. gtp-v1 Checks whether the device is running a GPRS Tunnel. hart-ip-udp Checks whether the IP is a HART-IP gateway. hbase Grab the status page for HBase database software. hbase-old Grab the status page for old, deprecated HBase database software. hddtemp View hard disk information from hddtemp service. hifly Checks whether the HiFly lighting control is running. http HTTP banner grabbing module http-simple-new HTTP banner grabber only (no robots, sitemap etc.) http-supermicro HTTP banner grabbing module for Supermicro servers https HTTPS banner grabbing module https-simple-new HTTPS banner grabber only (no robots, sitemap etc.) ibm-db2-das Grab basic information about the IBM DB2 Database Server. ibm-db2-drda Checks for support of the IBM DB2 DRDA protocol. ibm-nje Check whether the z/OS Network Job Entry service is running. identd Check whether the service is running identd idera Grab target system info through Idera uptime agent system idevice Connects to an iDevice and grabs the property list. iec-104 Banner grabber for the IEC-104 protocol. iec-61850 MMS protocol ike Checks wheter a device is running a VPN using IKE. ike-nat-t Checks wheter a device is running a VPN using IKE and NAT traversal. ikettle Check whether the device is a coffee machine/ kettle. imap Get the welcome message of the IMAP server imap-ssl Get the welcome message of the secure IMAP server insteon-plm Checks whether the device is Insteon PLM type iota-rpc Grabs version information about the IOTA node. ipmi Checks whether a device is running IPMI remote management software. iscsi Determine whether a server is an iSCSI target java-rmi Check whether the device is running Java RMI. kafka Get information about a Kafka cluster. kamstrup Kamstrup Smart Meters kerberos Checks whether a device is running the Kerberos authentication daemon. kilerrat Determine whether a server is running a KilerRAT C&C knx Grabs the description from a KNX service. language-server-protocol Checks whether the port is running a language server. lantronix-udp Attempts to grab the setup object from a Lantronix device. ldap-tcp LDAP banner grabbing module ldap-udp CLDAP banner grabbing module ldaps LDAPS banner grabbing module libreoffice-impress Check whether the LibreOffice Impress Remote Server is enabled lifx Check whether there is a BitTorrnt tracker running. line-printer-daemon Get a list of jobs in the print queue to verify the device is a printer. matrikon-opc Checks whether the device is running Matrikon OPC. mdns Perform a DNS-based service discovery over multicast DNS melsec-q-tcp Get the CPU information from a Mitsubishi Electric Q Series PLC. melsec-q-udp Get the CPU information from a Mitsubishi Electric Q Series PLC. memcache Get general information about the Memcache daemon memcache-udp Get general information about the Memcache daemon responding on UDP microhard Checks whether the device is running Microhard. mikrotik-routeros Check whether the device operates the Oracle Weblogic T3 protocol minecraft Gets the server status information from a Minecraft server modbus Grab the Modbus device information via functions 17 and 43. monero-rpc Collect information about the Monero daemon. mongodb Collects system information from the MongoDB daemon. moxa-nport Attempts to grab information from Moxna Nport devices. mqtt Grab a list of recent messages from an MQTT broker. ms-portmap-tcp Queries an MSRPC endpoint mapper for a list of mapped services and gathered information. ms-sql Check whether the MS-SQL database server is running ms-sql-monitor Pings an MS-SQL Monitor server mumble-server Grabs the version information for the Murmur service (Mumble server) munin Check whether a Munin node is active and list its plugins mysql Grabs the version of the running MySQL server nanocore-122-rat Checks whether the device is a C2 for NanoCore Version 18.104.22.168 Cracked nanocore-rat Checks whether the device is a C2 for NanoCore RAT. natpmp Checks whether NAT-PMP is exposed on the device. netbios Grab NetBIOS information including the MAC address. netmobility Checks whether the device is a NetMobility. newline-tcp Connect to a server with TCP and send a newline. newline-udp Connect to a server with UDP and send a newline. njrat Determine whether a server is running a njRAT C&C nntp Get the welcome message of a Network News server nodata-dtls Check whether the service supports DTLS and store whatever is returned nodata-tcp Connect to a server without sending any data and store whatever it returns. nodata-tcp-small Connect to a server without sending any data and store whatever it returns. nodata-tcp-ssl Connect to a server using SSL and without sending any data. ntp Get a list of IPs that NTP server recently saw and try to get version info. nuclear-rat Checks whether the device is a C2 for Nuclear RAT. omron-tcp Gets information about the Omron PLC. onvif Check whether the Onvif camera is operating. opc-ua Grab a list of nodes from an OPC UA service open-tcp Checks whether a port is open and nothing else. openvpn Checks whether the other server runs an OpenVPN that doesnt require TLS auth oracle-tns Check whether the Oracle TNS Listener is running. orcus-rat Checks whether the device is a C2 for Gh0st RAT. pcanywhere-status Asks the PC Anywhere status daemon for basic information. pcworx Gets information about PC Worx device. plc5 Checks whether the device is running Poison Ivy. poison-ivy-rat Checks whether the device is running Poison Ivy. pop3 Grab the POP3 welcome message pop3-ssl Grab the secure POP3 welcome message portmap-tcp Get a list of processes that are running and their ports. portmap-udp Get a list of processes that are running and their ports. postgresql Collects system information from the PostgreSQL daemon pptp Connect via PPTP printer-job-language Get the current output from the status display on a printer proconos Gets information about the PLC via the ProConOs protocol. qrat Determine whether a server is running a QRAT C&C quic Checks whether a service supports the QUIC HTTP protocol rdate Get the time from a remote rdate server rdp RDP banner grabbing module realport Get the banner for the Digi Realport device redis Redis banner grabbing module redlion-crimson3 A fingerprint for the Red Lion HMI devices running CrimsonV3 remcos-pro-rat Checks whether the device is a C2 for RemCos Pro 2.05 riak Sends a ServerInfo request to Riak rip Checks whether the device is running the Routing Information Protocol. ripple-rtxp Grabs the list of peers from an RTXP Ripple daemon. rsync Get a list of shares from the rsync daemon. rtsp-tcp Determine which options the RTSP server allows. s7 Communicate using the S7 protocol and grab the device identifications. sap-router Check whether the SAP Router is active scpi Check for the SCPI protocol used by lab equipment secure-fox Grabs a banner for proprietary FOX protocol by Tridium serialnumbered Checks for other servers with the same serial number on the local network. AAAAAA is a dummy value. sip Gets the options that the SIP device supports. smarter-coffee Checks the device status of smart coffee machines. smb Grab a list of shares exposed through the Server Message Block service smtp Get basic SMTP server response smtps Grab a banner and certificate for SMTPS servers snmp Performs an SNMP walk of the system OID ssh Get the SSH banner, its host key and fingerprint statsd-admin Gathers statistics from the StatsD service. steam-a2s Get a list of IPs that NTP server recently saw and try to get version info. steam-dedicated-server-rcon Checks whether an IP is running as a Steam dedicated game server with remote authentication enabled. steam-ihs Steam In-Home Streaming protocol tacacs Check whether the device supports TACACS+ AAA. tc-b Cursory check whether a device is running the TC-B protocol teamviewer Determine whether a server is running TeamViewer telnet Telnet banner grabbing module telnets Telnet wrapped in SSL banner grabbing module teradici-pcoip Check whether the device is running Teradici PCoIP Management Console. teradici-pcoip-old Check whether the device is running Teradici PCoIP Management Console. tibia Grab general information from Open Tibia servers tor-control Checks whether a device is running the Tor control service. tor-versions Checks whether the device is running the Tor OR protocol. toshiba-pos Grabs device information for the IBM/ Toshiba 4690. tuya Check whether a device supports the Tuya API ubiquiti-discover Grabs information about the Ubiquiti-powered device udpxy Udpxy banner grabbing module unitronics-pcom Collects device information for Unitronics PLCs via PCOM protocol. upnp Collects device information via UPnP. vault Determine wether vault is running & collect relevant info ventrilo Gets the detailed status information from a Ventrilo server. vertx-edge Checks whether the device is running the VertX/ Edge door controller. voldemort Pings the Voldemort database. wdbrpc Checks whehter the WDB agent (used for debugging) is enabled on a VxWorks device. weblogic-t3 Check whether the device operates the Oracle Weblogic T3 protocol wemo-http Connect to a Wemo Link and grab the setup.xml file whois Check whether the port is running WHOIS x11 Connect to X11 w/ no auth and grab the resulting banner. xiaongmai-backdoor Detect backdoor in xiaongmai devices. xmpp Sends a hello request to the XMPP daemon yahoo-smarttv Checks whether the device is running the Yahoo Smart TV device communication service. zookeeper Grab statistical information from a Zookeeper node