Shodan AIO Reference
This is a work in progress please feel free to add new search filters and interesting search querries using pull requests.
Search keywords should be enclosed within "" to avoid false positives. A + or - sign could be appended infront of the keywork to include or exclude results, very useful!
example: +"webcam" -"login"
This will give results which are related to webcam that do not have "login" in them.
Physical Location
| Filter | Description | Usage |
|---|---|---|
| [country] | Search by country code | country:”IN” |
| [city] | Search by city name | city:"Bengaluru" |
| [state] | Search by state code (US only) | state:"NY" |
| [region] | Same as state filter | region:"NY" |
| [postal] | Search by zip code | postal:"92127" |
| [geo] | Search by GPS cordinates | geo:”40.759487,-73.978356" |
| [geo] | Search by GPS cordinates within a specific radius | geo:”40.759487,-73.978356,2" |
| [org] | Search by Organization/Company | org:"Microsoft" |
IP Addresses & Subnets
| Filter | Description | Usage |
|---|---|---|
| [Untitled] | Search findings on a single ip | 52.179.197.205 |
| [hostname] | Search for string in any hostname | hostname:"microsoft.com" |
| [net] | Search across a specfic subnet range | net:"52.179.197.0/24" |
| [port] | Find instances where a specific port is open | port:"445" |
| [isp] | Search by ISP Name | isp:"BSNL" |
| [ASN] | Search by Autonomous System Number (ASN) | ASN:"AS8075" |
| [org] | Search by Organization/Company | org:"Microsoft" |
Products & Operating Systems
| Filter | Description | Usage |
|---|---|---|
| [os] | Search by operating system type | os:"Windows Server 2008" |
| [org] | Search by Organization/Company | org:"Xiaomi" |
| [product] | Search by known product name | product:"Cisco C3550 Router" |
| [version] | Can be used in conjunction with product to get specific versions | product:"nginx" version:"1.8.1" |
| [category] | Search by Shodan category | category:"ics" |
| [smb] | Search for specific SMB server | smb:"2" |
Web Applications
| Filter | Description | Usage |
|---|---|---|
| [title] | Search for text in page title | title:"Index of /ftp" |
| [html] | Search for a strings in webpage's body | html:"XML-RPC server accepts" |
| [http.component] | Search for a specfic web technology | http.component:”php” |
| [ssl.version] | Search for SSL/TLS versions supported | ssl.version:"tlsv1.1" |
| [ssl.cert.expired] | Search for expired HTTPS certs | ssl.cert.expired:”true” |
Misc
| Filter | Description | Usage |
|---|---|---|
| [after] | Search for findings that appeared after a specific date | after:"01/01/19" |
| [before] | Search for findings that appeared after a specific date | before:"01/01/19" |
| [has_screenshot] | Search for results which have a screenshot | has_screenshot:"true" |
| [vuln] | Search posible vulnerable devices by CVE ID | vuln:"CVE-2017-0143" |
| [tag] | search based on shodan tagged data | tag:"honeypot" |
Interesting Search Queries
- To be updated.
Reference: Shodan QuickStart v1.