Shodan V2
App Vendor: Shodan
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
Shodan V2 is a search engine that enables users search for various types of servers (webcams, routers, servers) that are connected to the internet using a variety of filters. The Shodan V2 app enables security teams to integrate with the Shodan V2 enterprise application to query IP addresses, domains, hostnames, ports, and services for efficient Attack Surface mapping.
The Shodan V2 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
IP Address Lookup | This action queries all the data related to an IP address. |
Query Result Count | This action retrieves the number of results for a query. |
Query Lookup | This action retrieves all results of a query. |
Query Filters | This action queries all filters that can be used with Shodan. |
Query Facets | This action queries all Facets that can be used with Shodan. |
Parse Tokens | This action determines the filters being used by the query string and the parameters provided to the filters. |
Query Ports | This action queries all ports being scanned by the Shodan engine. |
Query Honescore | This action evaluates the probability an IP address being a honeypot. |
Query API Status | This action checks the status of an API Key or account being used. |
Query Saved Queries | This action queries any user saved queries from their Shodan account. |
Query User Details | This action queries the user profile and status. |
Query DNS Information | This action queries and retrieves all subdomains and DNS data. |
Query Reverse DNS | This action looks up hostnames for the provided list of IP addresses. |
DNS Resolve | This action looks up the IP address for the provided list of hostnames. |
Query Exploits | This action searches the Shodan Exploit Database. |
Query Exploit Count | This action queries the number of exploits. |
Configuration Parameters
The following configuration parameters are required for the Shodan V2 app to communicate with the Shodan V2 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the Shodan API Key. | Text | Required |
Action: IP Address Lookup
This action queries all the data related to an IP address.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter IP address to query. Example: "1.1.1.1" | Text | Required |
Action: Query Result Count
This action retrieves the number of results for a query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to get result count. | Text | Required | |
Facets | Enter any Facets to use. | Text | Optional |
Action: Query Lookup
This action retrieves all results of a query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to get result count. | Text | Required | |
Facets | Enter any Facets to use. | Text | Optional |
Action: Query Filters
This action queries all filters that can be used with Shodan.
Action Input Parameters
This action does not require any input parameter.
Action: Query Facets
This action queries all Facets that can be used with Shodan.
Action Input Parameters
This action does not require any input parameter.
Action: Parse Tokens
This action determines the filters being used by the query string and the parameters provided to the filters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to analyze. | Text | Required |
Action: Query Ports
This action queries all ports being scanned by the Shodan engine.
Action Input Parameters
This action does not require any input parameter.
Action: Query Honescore
This action evaluates the probability an IP address being a honeypot.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to query. Example: "1.1.1.1" | Text | Required | Honescore value:
|
Action: Query API Status
This action checks the status of an API Key or account being used.
Action Input Parameters
This action does not require any input parameter.
Action: Query User Details
This action queries the user profile and status.
Action Input Parameters
This action does not require any input parameter.
Action: Query DNS Information
This action queries and retrieves all subdomains and DNS data.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter the Domain to query DNS data. Example: "cyware.com" | Text | Required |
Action: Query Reverse DNS
This action looks up hostnames for the provided list of IP addresses.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter single or multiple IP addresses to retrieve reverse DNS data. | Text | Required | For multiple IP addresses, each IP must be comma-separated without any spaces. |
Action: DNS Resolve
This action looks up the IP address for the provided list of hostnames.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hostnames | Enter the hostname to lookup IP addresses. Example: "google.com,bing.com" | Text | Required | For multiple hostnames, each hostname must be comma-separated without any spaces. |
Action: Query Exploits
This action searches the Shodan Exploit Database.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search Exploits across data sources. | Text | Required | Allowed values:
|
Action: Query Exploit Count
This action queries the number of exploits.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to search the database of known exploits and retrieve the result count. | Text | Required | Allowed values:
|