Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- AlienVault OTX
- AlienVault USM
- Anodot
- Ansible
- Anvilogic
- Any Run
- Apex One
- ArcSight ESM
- Area 1
- Asana
- Asset Panda
- Atlassian User Management
- Atlassian User Provisioning
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Check Point Harmony
- Check Point Infinity Events
- Check Point XDR-XPR
- Check Point Management
- Checkmarx One
- Checkmarx SAST
- Chorus
- Chronicle
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cobalt
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Delighted
- Delinea
- Devo
- Discord
- Docusign
- Domo
- Drata
- Dropbox
- Dropbox Business
- Druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5 BIG IP
- Falcon LogScale
- Falcon Surface
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Looker
- Google Meet
- Google Sheets
- Google Workspace
- Grafana
- Grip Security
- GYTPOL
- Have I Been Pwned
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM Cloud
- IBM NS1 Connect
- IBM X Force
- Imperva
- incident.io
- Infoblox Cloud Services Portal
- Integrations
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ironscales
- Ivanti RiskSense
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- Linear
- Litmos
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto Cloud NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Postman
- Postman SCIM
- Power BI
- PowerShell
- Prisma Access
- Prisma Cloud CSPM
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint Threat Response Auto Pull
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Red Hat IdM
- Rippling
- runZero
- SafeBase
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- SemGrep
- SentinelOne
- ServiceNow
- SharePoint
- Shodan
- Shodan
- Actions
- Overview
- Crawl IP Or Netblock
- Crawl Port And Protocol
- Delete Alert
- Disable Trigger
- Enable Trigger
- Get Alert Details
- Get Created Scans
- Get Scan Status
- Host Information
- List Alerts
- List All Filters
- List All Search Facets
- List Available Protocols
- List Available Triggers
- List Crawled Ports
- Search Without Results
- Search
- Shodan Custom Action
- Triggers
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe-IT
- Snowflake
- Snyk
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tenable
- Tenable Security Center
- Terraform
- Terraform Cloud
- TheHive
- Thinkst Canary
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VirusTotal
- VMware Carbon Black
- VMware vSphere
- WeChat
- WhatsApp
- Whois
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
Search
Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.
Requirements
This method may use API query credits depending on usage. If any of the following criteria are met, your account will be deducted 1 query credit:
- The search query contains a filter.
- Accessing results past the 1st page using the “page”. For every 100 results past the 1st page 1 query credit is deducted.
Parameters
| Parameter | Description |
|---|---|
| Facets | A comma-separated list of properties to get summary information on. Property names can also be in the format of “property:count”, where “count” is the number of facets that will be returned for a property (i.e. “country:100” to get the top 100 countries for a search query). Visit the Shodan website’s Facet Analysis page for an up-to-date list of available facets: |
| Page | The page number to page through results 100 at a time (default: 1). |
| Query | Shodan search query. The provided string is used to search the database of banners in Shodan, with the additional option to provide filters inside the search query using a “filter:value” format. For example, the following search query would find Apache Web servers located in Germany: “apache country:DE”. |
Example Output
{ "facets": { "country": [ { "count": 7883733, "value": "US" }, { "count": 2964965, "value": "CN" }, { "count": 1945369, "value": "DE" }, { "count": 1717359, "value": "HK" }, { "count": 940900, "value": "FR" } ] }, "matches": [ { "_shodan": { "crawler": "c9b639b99e5410a46f656e1508a68f1e6e5d6f99", "id": "534cc127-e734-44bc-be88-2e219a56a099", "module": "auto", "options": {}, "ptr": true }, "asn": "AS7922", "cpe": [ "cpe:/a:igor_sysoev:nginx" ], "data": "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Mon, 25 Jan 2021 21:33:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 650\r\nConnection: close\r\n\r\n", "domains": [ "webapplify.net" ], "hash": -1609083510, "hostnames": [ "three.webapplify.net" ], "http": { "components": {}, "host": "96.93.212.27", "html": "\r\n400 The plain HTTP request was sent to HTTPS port\r\n\r\n400 Bad Request\r\nThe plain HTTP request was sent to HTTPS port\r\nnginx\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n", "html_hash": 199333125, "location": "/", "redirects": [], "robots": null, "robots_hash": null, "securitytxt": null, "securitytxt_hash": null, "server": "nginx", "sitemap": null, "sitemap_hash": null, "title": "400 The plain HTTP request was sent to HTTPS port" }, "ip": 1616761883, "ip_str": "96.93.212.27", "isp": "Comcast Business", "location": { "area_code": null, "city": "Denver", "country_code": "US", "country_code3": null, "country_name": "United States", "dma_code": 751, "latitude": 39.7301, "longitude": -104.9078, "postal_code": null, "region_code": "CO" }, "org": "Comcast Business", "os": null, "port": 443, "product": "nginx", "timestamp": "2021-01-25T21:33:49.154513", "transport": "tcp" }, { "_shodan": { "crawler": "c9b639b99e5410a46f656e1508a68f1e6e5d6f99", "id": "118b7360-01d0-4edb-8ee9-01e411c23e60", "module": "auto", "options": {}, "ptr": true }, "asn": "AS49189", "cpe": [ "cpe:/a:igor_sysoev:nginx:1.4.2" ], "data": "HTTP/1.1 410 Gone\r\nServer: nginx/1.4.2\r\nDate: Mon, 25 Jan 2021 21:33:50 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 295\r\nConnection: keep-alive\r\n\r\n", "domains": [ "kolobok.us" ], "hash": 1940048442, "hostnames": [ "kolobok.us" ], "http": { "components": {}, "host": "185.11.246.51", "html": "\n\n410 Gone\n\nGone\nThe requested resource/\nis no longer available on this server and there is no forwarding address.\nPlease remove all references to this resource.\n\n", "html_hash": 922034037, "location": "/", "redirects": [], "robots": null, "robots_hash": null, "securitytxt": null, "securitytxt_hash": null, "server": "nginx/1.4.2", "sitemap": null, "sitemap_hash": null, "title": "410 Gone" }, "ip": 3104568883, "ip_str": "185.11.246.51", "isp": "RuWeb", "location": { "area_code": null, "city": null, "country_code": "RU", "country_code3": null, "country_name": "Russia", "dma_code": null, "latitude": 55.7386, "longitude": 37.6068, "postal_code": null, "region_code": null }, "org": "RuWeb", "os": null, "port": 80, "product": "nginx", "timestamp": "2021-01-25T21:33:51.172037", "transport": "tcp", "version": "1.4.2" } ], "total": 23047224}
Workflow Library Example
Search with Shodan and Send Results Via Email
Preview this Workflow on desktop