Kicking the Shodan API Up a Notch

Most people think of Shodan as a search engine of banners, and while that was true for a long time it’s slowly grown into collecting more information than just banners. Here are just a few of the things Shodan does nowadays:

  • Checks for heartbleed on all SSL services
  • Gets a list of peers from a Bitcoin server
  • Determines whether a DNS server allows recursive lookups
  • Gets a listing of all the MongoDB databases
  • Grabs the SSL certificate for all SSL services
  • Collects the robots.txt for HTTP services

And that’s just the tip of the iceberg, there is a lot of other protocol-specific data gathered for each service. But making all of that information available through the web interface can be a bit tricky and takes time to get right. Instead of sitting on that information though, I decided to make all of the data available through a new and improved Shodan API. Note that a new web interface is being developed to expose all the cool new data, but if you don’t want to wait you can get your hands on it right now with the API.

Along with access to more detailed data, the new Shodan REST API also provides greater flexibility so you can get a top listing of the stuff you care about. For example, the old API would always return the top 5 countries and cities for your search query. What if you didn’t want those? What if you’d prefer to get a breakdown of the top organizations? Or the uptime distribution? Or you don’t care about the actual results and only want the top 100 cities that match a search query? All of those things are now possible with the new API. And if all you want are the actual results, then searching the new API will be much faster than before.

For most people, the Developer API plan that costs a one-time fee of $9 is enough to run their scripts each month and get what is needed out of Shodan. In case you need more access though, there are 3 new API plans to help you out:

  • Freelancer: $19/ month
  • Small Business: $99/ month
  • Enterprise: $499/ month

Each of them provides increased levels of access, from 1 million results/ month for Freelancer up to completely unlimited access to the REST API at the Enterprise plan.

In addition to the changes to the REST API, I’m also introducing the Shodan Streaming API! It’s basically a real-time firehose of all the data that Shodan is collecting. You can either subscribe to all the data, ask the API to filter the banners based on a port (ex. stream only MySQL and PostgreSQL banners) or only get the geographic information for a banner (for geo visualizations). There are 2 caveats: you have to be on a subscription API plan and it currently only streams ~1% of the data. If you or your company would like 100% of the data please contact me for pricing information. Those notes aside, it still provides quite a bit of data in real-time and I’m hoping it’ll provide a useful way to do cool stuff with Shodan. Here is some basic example code to get you started using the Python library: https://gist.github.com/achillean/f953cb917a7eb2a9f81d

The Shodan API will be a major focus for the next year so watch the documentation for new filters and facets that will be released soon :)

 

About these ads

4 comments

  1. Katarína Ďurechová

    hello, nice job. how can I search for heartbleed in shodan ? I can’t find it in documentation.

    • achillean

      You can see the results of heartbleed tests in the banner data using the API for both the REST and Streaming APIs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s