Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.

Requirements

This method may use API query credits depending on usage. If any of the following criteria are met, your account will be deducted 1 query credit:
  1. The search query contains a filter.
  2. Accessing results past the 1st page using the “page”. For every 100 results past the 1st page 1 query credit is deducted.

Parameters

ParameterDescription
FacetsA comma-separated list of properties to get summary information on. Property names can also be in the format of “property:count”, where “count” is the number of facets that will be returned for a property (i.e. “country:100” to get the top 100 countries for a search query). Visit the Shodan website’s Facet Analysis page for an up-to-date list of available facets:
PageThe page number to page through results 100 at a time (default: 1).
QueryShodan search query. The provided string is used to search the database of banners in Shodan, with the additional option to provide filters inside the search query using a “filter:value” format. For example, the following search query would find Apache Web servers located in Germany: “apache country:DE”.

Example Output

{
	"facets": {
		"country": [
			{
				"count": 7883733,
				"value": "US"
			},
			{
				"count": 2964965,
				"value": "CN"
			},
			{
				"count": 1945369,
				"value": "DE"
			},
			{
				"count": 1717359,
				"value": "HK"
			},
			{
				"count": 940900,
				"value": "FR"
			}
		]
	},
	"matches": [
		{
			"_shodan": {
				"crawler": "c9b639b99e5410a46f656e1508a68f1e6e5d6f99",
				"id": "534cc127-e734-44bc-be88-2e219a56a099",
				"module": "auto",
				"options": {},
				"ptr": true
			},
			"asn": "AS7922",
			"cpe": [
				"cpe:/a:igor_sysoev:nginx"
			],
			"data": "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Mon, 25 Jan 2021 21:33:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 650\r\nConnection: close\r\n\r\n",
			"domains": [
				"webapplify.net"
			],
			"hash": -1609083510,
			"hostnames": [
				"three.webapplify.net"
			],
			"http": {
				"components": {},
				"host": "96.93.212.27",
				"html": "\r\n400 The plain HTTP request was sent to HTTPS port\r\n\r\n400 Bad Request\r\nThe plain HTTP request was sent to HTTPS port\r\nnginx\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n",
				"html_hash": 199333125,
				"location": "/",
				"redirects": [],
				"robots": null,
				"robots_hash": null,
				"securitytxt": null,
				"securitytxt_hash": null,
				"server": "nginx",
				"sitemap": null,
				"sitemap_hash": null,
				"title": "400 The plain HTTP request was sent to HTTPS port"
			},
			"ip": 1616761883,
			"ip_str": "96.93.212.27",
			"isp": "Comcast Business",
			"location": {
				"area_code": null,
				"city": "Denver",
				"country_code": "US",
				"country_code3": null,
				"country_name": "United States",
				"dma_code": 751,
				"latitude": 39.7301,
				"longitude": -104.9078,
				"postal_code": null,
				"region_code": "CO"
			},
			"org": "Comcast Business",
			"os": null,
			"port": 443,
			"product": "nginx",
			"timestamp": "2021-01-25T21:33:49.154513",
			"transport": "tcp"
		},
		{
			"_shodan": {
				"crawler": "c9b639b99e5410a46f656e1508a68f1e6e5d6f99",
				"id": "118b7360-01d0-4edb-8ee9-01e411c23e60",
				"module": "auto",
				"options": {},
				"ptr": true
			},
			"asn": "AS49189",
			"cpe": [
				"cpe:/a:igor_sysoev:nginx:1.4.2"
			],
			"data": "HTTP/1.1 410 Gone\r\nServer: nginx/1.4.2\r\nDate: Mon, 25 Jan 2021 21:33:50 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 295\r\nConnection: keep-alive\r\n\r\n",
			"domains": [
				"kolobok.us"
			],
			"hash": 1940048442,
			"hostnames": [
				"kolobok.us"
			],
			"http": {
				"components": {},
				"host": "185.11.246.51",
				"html": "\n\n410 Gone\n\nGone\nThe requested resource/\nis no longer available on this server and there is no forwarding address.\nPlease remove all references to this resource.\n\n",
				"html_hash": 922034037,
				"location": "/",
				"redirects": [],
				"robots": null,
				"robots_hash": null,
				"securitytxt": null,
				"securitytxt_hash": null,
				"server": "nginx/1.4.2",
				"sitemap": null,
				"sitemap_hash": null,
				"title": "410 Gone"
			},
			"ip": 3104568883,
			"ip_str": "185.11.246.51",
			"isp": "RuWeb",
			"location": {
				"area_code": null,
				"city": null,
				"country_code": "RU",
				"country_code3": null,
				"country_name": "Russia",
				"dma_code": null,
				"latitude": 55.7386,
				"longitude": 37.6068,
				"postal_code": null,
				"region_code": null
			},
			"org": "RuWeb",
			"os": null,
			"port": 80,
			"product": "nginx",
			"timestamp": "2021-01-25T21:33:51.172037",
			"transport": "tcp",
			"version": "1.4.2"
		}
	],
	"total": 23047224
}

Workflow Library Example

Search with Shodan and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop