Shodan is a type of search engine that can be used to search for internet-connected devices and explicit site information, such as the type of software running on a system and local anonymous FTP servers. How to use Shodan is similar to Google, but the information is indexed based on the content of the banner (web banner), i.e. metadata info that the server sends back to the host client. For best results, Shodan searches should be run using a series of filters in a string format.
Step
Step 1. Go to the Shodan website at
Step 2. Click Register in the upper right corner of Shodan's main page
Step 3. Enter your username, email address and password, then click Submit
Shodan will send verification info to your email.
Step 4. Open the verification email then click on the given URL to activate Shodan account
The Shodan login screen will open in a new window in the browser.
Step 5. Log in to Shodan using your username and password
Step 6. Enter the search keyword using the format string into the search field at the top of the Shodan session
For example, if you want to find all internet-connected devices in the United States and use the default password, enter "default password country: US".
Step 7. Click search to run the search
The web page will update and display a list of all devices, or a web banner that matches the search keyword.
Step 8. Refine the search using a series of filters in the command string
Common search filters are:
- City: User can limit search results by city. For example, "city:jakarta".
- Country: Users can restrict search results by country, using the country's two-digit code. For example, "country:US".
- Hostname: Users can restrict search results by hostname. For example, "hostname: facebook.com".
- Operating system: Users can search for devices based on the operating system used. For example "microsoft os:windows".
Step 9. Click on any list to know more about a particular system
Most lists will display explicit information about the system including IP address, latitude and longitude, SSH and HTTP settings, and server name.
Tips
- Refine your search using additional filter add-ons that can be purchased from Shodan. Click Buy on the top right of Shodan to purchase and gain access to additional search filters.
- If you are in charge of the administration of your business or company, Shodan can be leveraged to ensure that your system is properly managed so that it is not easily hacked by malicious third parties. For example, search your system using a string term that includes "default password". This is to ensure that your system does not use default passwords that could compromise the security of your system.