Up until now, if you’ve wanted to answer questions like “which version of Apache is most popular?” or “what FTP software is most common?” you had to run several Shodan queries and compile them into a list yourself. It wasn’t hugely prohibitive, but I thought Shodan could make it easier since that’s a common problem people are looking at. Introducing Shodan’s new fingerprinting for product and version! In addition to grabbing the banner for a service, Shodan now also tries to determine what type of product/ software is running the service and extract the version information when available. And to provide a top-level view of this new data, I’m exposing 2 new categories that are shown on the left side of the search results page: Top Products and Top Versions.
Above you can see how it looks like on the website at the moment. In the example, I’ve searched for “port:22” on Shodan and as you can tell there’s now a breakdown of the most popular SSH daemons. Note that not the entire Shodan dataset has been analyzed for fingerprints yet, so the total number is on the lower bound. Once you click on a product (which triggers the use of the new product search filter) then you will see a version breakdown as follows:
The fingerprints aren’t available yet for all services, but more are being added constantly. I’m very excited about having these sorts of breakdowns available at a glance and I’ll be looking into adding more features to make analyzing the data easier.