aid: shodan name: Shodan description: >- Shodan is the world's first search engine for Internet-connected devices. It continuously crawls the public Internet to build a searchable database of servers, IoT devices, industrial control systems, routers, webcams, databases, and any other host that exposes a service. Shodan provides REST, Streaming, and Trends APIs along with on-demand scanning, network alerts, notifiers, DNS lookups, the InternetDB API, and the CVEDB vulnerability database. It is widely used for attack-surface management, security research, threat intelligence, vulnerability discovery, market research, and academic study of the Internet itself. url: https://developer.shodan.io/ specificationVersion: '0.20' created: '2026-05-28' modified: '2026-05-30' x-source: public-apis/public-apis x-category: Security x-tier: 1 x-tier-reason: full-pipeline-profiled tags: - Security - Search - Internet - Devices - IoT - Vulnerabilities - CVE - Attack Surface - Threat Intelligence - Reconnaissance - Network - DNS - Scanning - Public APIs apis: - name: Shodan REST API description: >- The primary Shodan REST API exposes search methods, host lookups, on-demand scanning, network alerts, notifiers, the saved-query directory, DNS lookups, utility methods, account information, bulk data, and organization management. Auth is via the `key` query parameter. humanURL: https://developer.shodan.io/api baseURL: https://api.shodan.io tags: - REST - Search - Host - Scanning - Alerts - Notifiers - DNS properties: - type: Documentation url: https://developer.shodan.io/api - type: APIReference url: https://developer.shodan.io/api - type: Authentication url: https://developer.shodan.io/api/requirements - type: OpenAPI url: openapi/shodan-rest-openapi.yml - type: JSONSchema url: json-schema/shodan-rest-host-schema.json - type: JSONSchema url: json-schema/shodan-rest-search-result-schema.json - type: JSONSchema url: json-schema/shodan-rest-alert-schema.json - type: JSONSchema url: json-schema/shodan-rest-notifier-schema.json - type: JSONSchema url: json-schema/shodan-rest-scan-schema.json - type: JSONStructure url: json-structure/shodan-rest-host-structure.json - type: JSONStructure url: json-structure/shodan-rest-alert-structure.json - type: JSON-LD url: json-ld/shodan-context.jsonld - type: Example url: examples/shodan-rest-host-lookup-example.json - type: Example url: examples/shodan-rest-search-example.json - type: Example url: examples/shodan-rest-scan-create-example.json - type: Example url: examples/shodan-rest-alert-create-example.json - name: Shodan Streaming API description: >- The Shodan Streaming API provides a real-time firehose of banner data as Shodan collects it. Filtered streams are available by ASN, country, port, and CVE. Output is either newline-separated JSON or Server-Sent Events. humanURL: https://developer.shodan.io/api/stream baseURL: https://stream.shodan.io tags: - Streaming - Real-Time - Firehose - SSE properties: - type: Documentation url: https://developer.shodan.io/api/stream - type: APIReference url: https://developer.shodan.io/api/stream - type: AsyncAPI url: asyncapi/shodan-stream-asyncapi.yml - type: OpenAPI url: openapi/shodan-stream-openapi.yml - type: JSONSchema url: json-schema/shodan-stream-banner-schema.json - type: JSONStructure url: json-structure/shodan-stream-banner-structure.json - type: Example url: examples/shodan-stream-banner-example.json - name: Shodan Trends API description: >- Trends is the historical analytics API for Shodan, exposing breakdowns of historical scan results aggregated by facet (product, port, country, organization, etc.) by month. Access is Enterprise-only. humanURL: https://developer.shodan.io/api/trends baseURL: https://trends.shodan.io tags: - Trends - Analytics - Historical - Enterprise properties: - type: Documentation url: https://developer.shodan.io/api/trends - type: APIReference url: https://developer.shodan.io/api/trends - type: OpenAPI url: openapi/shodan-trends-openapi.yml - type: JSONSchema url: json-schema/shodan-trends-result-schema.json - type: Example url: examples/shodan-trends-search-example.json - name: InternetDB API description: >- The InternetDB API is a free, unauthenticated lookup service that returns the open ports, CPEs, hostnames, tags, and known CVEs for any IPv4 address. The dataset is refreshed once per week. Free for non-commercial use; commercial use requires an enterprise license. humanURL: https://internetdb.shodan.io/ baseURL: https://internetdb.shodan.io tags: - InternetDB - Free - IP Lookup - Public properties: - type: Documentation url: https://internetdb.shodan.io/ - type: OpenAPI url: openapi/shodan-internetdb-openapi.yml - type: JSONSchema url: json-schema/shodan-internetdb-host-schema.json - type: Example url: examples/shodan-internetdb-host-example.json - name: CVEDB API description: >- CVEDB is Shodan's open vulnerability database API. It provides CVE lookups, CPE-keyed vulnerability search, KEV filtering, EPSS ordering, and date-range queries. No API key required; updated daily. Free for non-commercial use. humanURL: https://cvedb.shodan.io/ baseURL: https://cvedb.shodan.io tags: - CVE - Vulnerabilities - CPE - KEV - EPSS - Free properties: - type: Documentation url: https://cvedb.shodan.io/ - type: OpenAPI url: openapi/shodan-cvedb-openapi.yml - type: JSONSchema url: json-schema/shodan-cvedb-cve-schema.json - type: JSONSchema url: json-schema/shodan-cvedb-cpe-schema.json - type: Example url: examples/shodan-cvedb-cve-lookup-example.json common: - type: Website url: https://www.shodan.io/ - type: DeveloperPortal url: https://developer.shodan.io/ - type: Documentation url: https://developer.shodan.io/ - type: APIReference url: https://developer.shodan.io/api - type: Pricing url: https://account.shodan.io/billing - type: Plans url: plans/shodan-plans-pricing.yml - type: RateLimits url: rate-limits/shodan-rate-limits.yml - type: SignUp url: https://account.shodan.io/register - type: Login url: https://account.shodan.io/login - type: Console url: https://www.shodan.io/dashboard - type: Authentication url: https://developer.shodan.io/api/requirements - type: GettingStarted url: https://help.shodan.io/the-basics/what-is-shodan - type: Quickstart url: https://help.shodan.io/the-basics/search-query-fundamentals - type: Tutorials url: https://help.shodan.io/ - type: KnowledgeCenter url: https://help.shodan.io/ - type: Glossary url: https://datapedia.shodan.io/ - type: Support url: mailto:support@shodan.io - type: Blog url: https://blog.shodan.io/ - type: StatusPage url: https://status.shodan.io/ - type: TermsOfService url: https://www.shodan.io/legal/tos - type: PrivacyPolicy url: https://www.shodan.io/legal/privacy - type: Legal url: https://www.shodan.io/legal - type: X url: https://x.com/shodanhq - type: LinkedIn url: https://www.linkedin.com/company/shodan - type: YouTube url: https://www.youtube.com/@shodanhq - type: GitHubOrganization url: https://github.com/achillean - type: GitHubRepository url: https://github.com/achillean/shodan-python - type: GitHubRepository url: https://github.com/achillean/shodan-developer-docs - type: GitHubRepository url: https://github.com/achillean/shodan-ruby - type: GitHubRepository url: https://github.com/achillean/shodan-perl - type: GitHubRepository url: https://github.com/achillean/Shodan.NET - type: GitHubRepository url: https://github.com/achillean/steampipe-plugin-shodan - type: CLI url: https://help.shodan.io/command-line-interface/0-installation - type: SDK name: Python url: https://github.com/achillean/shodan-python - type: SDK name: Ruby url: https://github.com/picatz/shodanz - type: SDK name: PHP url: https://github.com/ScadaExposure/Shodan-PHP-REST-API - type: SDK name: C++ url: https://github.com/prophetl33t/ShodanCPP - type: SDK name: C# url: https://www.nuget.org/packages/Shodan/ - type: SDK name: C# (alt) url: https://github.com/tparnell8/Shodan.Net - type: SDK name: Go url: https://github.com/shadowscatcher/shodan - type: SDK name: Go (ns3777k) url: https://github.com/ns3777k/go-shodan - type: SDK name: Haskell url: https://github.com/iomonad/shodan - type: SDK name: Java url: https://github.com/fooock/jshodan - type: SDK name: Node.js url: https://github.com/jesusprubio/shodan-client.js - type: SDK name: Perl url: https://github.com/Dudley5000/WWW-Shodan-API - type: SDK name: PowerShell url: https://github.com/darkoperator/Posh-Shodan - type: SDK name: Rust url: https://github.com/femiagbabiaka/shodan-rust - type: SDK name: Crystal url: https://github.com/PercussiveElbow/Shodan - type: Tools name: Steampipe Plugin url: https://github.com/achillean/steampipe-plugin-shodan - type: Tools name: Shodan Monitor url: https://monitor.shodan.io - type: Tools name: Shodan Maps url: https://maps.shodan.io - type: Tools name: Shodan Images url: https://images.shodan.io - type: Tools name: Shodan Bulk Data url: https://enterprise.shodan.io - type: Tools name: Shodan Snippets url: https://snippets.shodan.io - type: Tools name: MCP Server (BurtTheCoder) url: https://github.com/BurtTheCoder/mcp-shodan - type: Tools name: MCP Server (ADEOSec) url: https://github.com/ADEOSec/mcp-shodan - type: Tools name: MCP Server (Cyreslab-AI) url: https://github.com/Cyreslab-AI/shodan-mcp-server - type: Tools name: MCP Server (Vorota-ai) url: https://github.com/Vorota-ai/shodan-mcp - type: Tools name: MCP Server (mohdhaji87) url: https://github.com/mohdhaji87/Shodan-MCP - type: SpectralRules url: rules/shodan-rules.yml - type: Vocabulary url: vocabulary/shodan-vocabulary.yml - type: NaftikoCapability url: capabilities/shared/shodan-rest.yaml - type: NaftikoCapability url: capabilities/shared/shodan-stream.yaml - type: NaftikoCapability url: capabilities/shared/shodan-internetdb.yaml - type: NaftikoCapability url: capabilities/shared/shodan-cvedb.yaml - type: NaftikoCapability url: capabilities/attack-surface-monitoring.yaml - type: NaftikoCapability url: capabilities/vulnerability-intelligence.yaml - type: NaftikoCapability url: capabilities/internet-asset-discovery.yaml - type: FinOps url: finops/shodan-finops.yml - type: Features data: - name: Internet-Wide Device Search description: >- Search billions of indexed banners from servers, routers, webcams, industrial control systems, and IoT devices using a powerful query language with facets and filters. - name: Host Information Lookup description: >- Retrieve all known information for an IP including open ports, service banners, geolocation, ASN/ISP, hostnames, vulnerabilities, SSL/TLS certificates, and detected technologies. - name: On-Demand Scanning description: >- Submit IPs, CIDR ranges, or netblocks for an on-demand crawl using scan credits. Enterprise plans can request Internet-wide scans for a specific port or protocol. - name: Network Alerts and Notifiers description: >- Create alerts on monitored IP ranges that fire when new services, changes, vulnerabilities, or expirations are detected, with delivery via Slack, email, webhook, and other notifier providers. - name: DNS Lookup Suite description: >- Forward, reverse, and full-domain DNS lookups including subdomain enumeration backed by Shodan's passive DNS database. - name: Streaming Firehose description: >- Subscribe to real-time banner data filtered by ASN, country, port, or CVE for SIEMs, data lakes, and bespoke analytics pipelines. - name: Trends Analytics description: >- Run faceted queries against the full historical scan database to analyze product adoption, regional exposure, and changes over time. - name: InternetDB Free Lookup description: >- Open, key-free lookup that returns the open ports, CPEs, tags, and CVEs for any IPv4 address; refreshed weekly. - name: CVEDB Vulnerability Database description: >- Open vulnerability lookup with CPE search, KEV filter, EPSS sorting, and date-range queries. - name: Bulk Data Exports description: >- Enterprise-tier daily and on-demand bulk exports of Shodan's underlying datasets for offline analysis and warehousing. - name: Organization Management description: >- Enterprise organization support for sharing credits and managing members through the API. - name: Saved Query Directory description: >- Browse, search, and tag community-contributed Shodan queries covering common technologies, exposures, and devices. - name: Notifier Providers description: >- Built-in notification provider integrations for Slack, email, Discord, Telegram, webhook, and more. - type: UseCases data: - name: Attack Surface Management description: >- Continuously monitor an organization's external attack surface for new services, configuration drift, and vulnerable software. - name: Vulnerability Intelligence description: >- Quantify exposure to specific CVEs across the Internet or a defined customer footprint using CVEDB and the search/trends APIs. - name: Threat Hunting and OSINT description: >- Pivot from IPs, certificates, banners, and ASNs to map adversary infrastructure and discover related hosts. - name: Security Research description: >- Study the distribution of misconfigured services, exposed databases, and emerging IoT ecosystems across the public Internet. - name: Competitive and Market Research description: >- Track adoption of products, web servers, cloud providers, and frameworks across regions and industries using Trends. - name: Regulatory and Compliance Reporting description: >- Demonstrate visibility into externally exposed assets for frameworks that require attack-surface inventories. - name: Insurance Underwriting description: >- Inform cyber-insurance scoring with externally observable evidence of exposed services, vulnerabilities, and hygiene. - name: Incident Response description: >- Triage IPs observed in alerts against Shodan history to determine who they are and what services they expose. - type: Integrations data: - name: Splunk description: >- Shodan data is widely ingested into Splunk for security analytics via the streaming API and the Splunk add-on ecosystem. - name: Maltego description: >- Shodan transforms for Maltego enable graph-based pivoting on banners, certificates, and IPs. - name: Slack description: >- Notifier integration delivers alert events to Slack channels. - name: Email description: >- Notifier integration delivers alert events to mailboxes. - name: Webhook description: >- Notifier integration posts alert events to arbitrary HTTPS endpoints. - name: Discord description: >- Notifier integration delivers alert events to Discord servers. - name: Telegram description: >- Notifier integration delivers alert events to Telegram chats. - name: Steampipe description: >- Official Steampipe plugin lets you query Shodan host, DNS, and exploit data using standard SQL. - name: Model Context Protocol description: >- Multiple community MCP servers expose Shodan tools to AI assistants including Claude, Cursor, and VS Code. - name: Nmap description: >- Shodan's CLI ships helpers to enrich Nmap scan output with Shodan-derived banner context. - type: Solutions data: - name: Shodan Monitor description: >- Hosted attack-surface monitoring product built on the network alerts and notifiers APIs. - name: Enterprise Data Feed description: >- Real-time firehose and daily bulk data exports for SOCs, threat intelligence platforms, and academic researchers. - name: InternetDB description: >- Free, unauthenticated host lookup designed for embedding into security tools and dashboards. - name: CVEDB description: >- Free vulnerability database with KEV and EPSS metadata for prioritization workflows. - name: Internet-Wide Scanning description: >- Enterprise-only capability to request a scan of the entire Internet for a specific port or protocol. maintainers: - FN: Kin Lane email: kin@apievangelist.com