Introduction
Shodan is often referred to as the “search engine for hackers,” but its applications extend far beyond malicious use. It is a powerful tool for discovering internet-connected devices, such as webcams, routers, servers, and even industrial control systems. Unlike traditional search engines that index websites, Shodan indexes devices and the services they expose to the internet. This unique capability makes it an invaluable resource for security researchers, penetration testers, and IT professionals who aim to secure their networks. The Shodan API enhances this functionality by allowing developers to automate searches, monitor devices in real-time, and integrate Shodan’s capabilities into custom tools or workflows. By leveraging Python, a widely-used programming language for automation and data analysis, you can streamline the process of identifying vulnerabilities in exposed systems. Whether you are performing a basic search or setting up real-time alerts for specific device types, the Shodan API provides the flexibility and power needed to address a variety of use cases.
This article will guide you through the process of using the Shodan API with Python. From basic queries to advanced filtering and real-time monitoring, you’ll learn how to harness the capabilities of Shodan to detect vulnerabilities in internet-connected devices. By the end of this guide, you’ll be equipped with practical knowledge to enhance your cybersecurity efforts and better understand the risks posed by exposed systems.
Learning Objectives
After reading this article, you will:
- Learn how to use the Shodan API with Python.
- Understand how to scan internet-connected devices to detect security vulnerabilities.
- Discover methods for filtering devices and creating alerts using the Shodan API.
Detecting Vulnerable Devices with Python Shodan
Shodan is a powerful tool for cybersecurity professionals, allowing them to scan internet-connected devices and identify potential vulnerabilities. It aggregates data from publicly accessible devices, including open ports, running services, and specific vulnerabilities. By using the Shodan API with Python, users can automate these scans and streamline the process of identifying exposed systems. The API provides detailed information about devices, such as IP addresses, locations, organizations, and operating systems. Python’s flexibility allows developers to customize queries based on specific criteria—like targeting devices in a particular country or searching for systems running outdated software—and process the results programmatically.
For example, researchers can use Shodan to detect insecure IoT devices or identify critical vulnerabilities in industrial control systems. Python scripts enhance these capabilities by automating searches, filtering results, and generating actionable insights. Additionally, Shodan’s API supports real-time alerts for newly discovered vulnerabilities, allowing organizations to proactively monitor their networks and respond to emerging threats faster. By combining Shodan with Python, security professionals can efficiently automate threat intelligence gathering, reduce manual effort, and ensure consistency in results. This powerful combination is ideal for both broad IoT security assessments and targeted vulnerability detection in enterprise systems.
Mastering Python for Ethical Hacking: A Comprehensive Guide to Building 50 Hacking Tools
Let’s embark on this journey together, where you will learn to use Python not just as a programming language, but as a powerful weapon in the fight against cyber threats
-5% $25 on buymeacoffeeExample Shodan usage with Python
Below are examples demonstrating different search operations using the Shodan API:
1. Basic Shodan Search
Search for devices with specific keywords.
import shodan
# Replace with your Shodan API key
API_KEY = "YOUR_API_KEY"
api = shodan.Shodan(API_KEY)
def basic_search():
try:
# Search for devices with "webcamxp" and "default password"
query = 'webcamxp "default password"'
results = api.search(query)
# Display results
print(f"Total Results: {results['total']}")
for result in results['matches']:
print(f"\nIP: {result['ip_str']}")
print(f"Port: {result['port']}")
print(f"Organization: {result.get('org', 'Unknown')}")
print(f"Data:\n{result['data']}")
except shodan.APIError as e:
print(f"API Error: {e}")
except Exception as e:
print(f"Unexpected Error: {e}")
if __name__ == "__main__":
basic_search()

2. Retrieve Details for a Specific IP
Get detailed information about a specific IP address.
import shodan
API_KEY = "YOUR_API_KEY"
api = shodan.Shodan(API_KEY)
def get_host_details(ip="8.8.8.8"):
try:
host = api.host(ip)
# Basic information
print(f"IP: {host['ip_str']}")
print(f"Country: {host.get('country_name', 'Unknown')}")
print(f"Organization: {host.get('org', 'Unknown')}")
print(f"Open Ports: {host['ports']}\n")
# Detailed port/service information
for service in host['data']:
print(f"Port: {service['port']}")
print(f"Protocol: {service['transport']}")
print(f"Service: {service.get('product', 'Unknown')}")
print(f"Version: {service.get('version', 'Unknown')}\n")
except shodan.APIError as e:
print(f"API Error: {e}")
except Exception as e:
print(f"General Error: {e}")
if __name__ == "__main__":
get_host_details("8.8.8.8") # Example IP (Google DNS)

3. Detect Devices Using Filters
Search for devices based on specific filters (e.g., country, port).
import shodan
API_KEY = "YOUR_API_KEY"
api = shodan.Shodan(API_KEY)
def filter_devices():
try:
# Search for open SSH ports in Turkey
query = "port:22 country:TR"
results = api.search(query)
print(f"Found {len(results['matches'])} open SSH services:")
for device in results['matches']:
print(f"\nIP: {device['ip_str']}")
print(f"Location: {device.get('location', 'Unknown')}")
print(f"Organization: {device.get('org', 'Unknown')}")
except shodan.APIError as e:
print(f"API Error: {e}")
except Exception as e:
print(f"General Error: {e}")
if __name__ == "__main__":
filter_devices()

4. Detect RDP (Remote Desktop Protocol) Systems
Identify systems using Remote Desktop Protocol (RDP)
import shodan
API_KEY = "YOUR_API_KEY"
api = shodan.Shodan(API_KEY)
def find_rdp():
try:
# Search for RDP on port 3389
query = '"remote desktop" port:3389'
results = api.search(query)
print(f"Found {len(results['matches'])} RDP systems:")
for result in results['matches']:
print(f"\nIP: {result['ip_str']}")
print(f"Port: {result['port']}")
print(f"Operating System: {result.get('os', 'Unknown')}")
except shodan.APIError as e:
print(f"API Error: {e}")
except Exception as e:
print(f"General Error: {e}")
if __name__ == "__main__":
find_rdp()

5. Real-Time Alerts (Premium Feature)
Create alerts for specific conditions (e.g., exposed MySQL databases).
import shodan
API_KEY = "YOUR_API_KEY"
api = shodan.Shodan(API_KEY)
def create_mysql_alert():
try:
# Create an alert for exposed MySQL databases
alert = api.create_alert(
name="Exposed MySQL Databases",
ip="198.20.0.0/16",
expires=0
)
print(f"Alert ID: {alert['id']}")
except shodan.APIError as e:
print(f"API Error: {e}")
except Exception as e:
print(f"General Error: {e}")
if __name__ == "__main__":
create_mysql_alert()
Mastering Scapy: A Comprehensive Guide to Network Analysis
Mastering Network Analysis with Scapy” is not just about learning a tool; it’s about unlocking a deeper understanding of the digital world that surrounds us
-5% $20 on buymeacoffeeConclusion
Using the Shodan API with Python provides a powerful and efficient way to explore, monitor, and secure internet-connected devices. By automating searches and vulnerability assessments, you can save time, ensure consistency, and gain valuable insights into exposed systems. This guide has demonstrated practical methods for leveraging Shodan’s capabilities, such as filtering devices based on specific criteria, retrieving detailed information about targets, and even setting up real-time alerts for emerging threats. Shodan’s vast database of internet-connected devices makes it an indispensable tool for security researchers and developers. With Python’s flexibility and ease of use, integrating Shodan into your workflows becomes straightforward. Whether you’re conducting large-scale IoT security assessments or focusing on specific vulnerabilities in enterprise networks, the combination of Shodan and Python allows you to enhance your threat intelligence and vulnerability detection processes. By adopting these techniques, organizations and individuals can proactively identify risks, strengthen their defenses, and respond to potential threats more effectively. As cybersecurity challenges continue to evolve, tools like Shodan empower professionals to stay ahead in protecting critical systems. Start exploring the possibilities with Shodan today and take your security research to the next level.
Are there any restrictions on using the shodan api?
Yes, unfortunately there are restrictions for non-premium users on Shodan.