Shodan is a search engine for Internet-connected devices and services it indexes banners, ports, and metadata from devices (routers, webcams, industrial devices, servers) so you can find exposed systems and known-vulnerable services.

What Shodan is / what it collects

Shodan continuously scans IP addresses and stores service banners and metadata such as:

• open ports and transport (TCP/UDP)
• service banners (software name/version)
• HTTP headers and HTML title (if present)
• SSL/TLS certificate details
• geolocation (approximate) and ISP/organization info
• product strings and sometimes firmware or error messages

Why it's useful

• Vulnerability reconnaissance (passive): find hosts potentially running vulnerable versions (e.g., specific CVEs).
• Asset discovery in assessments: discover forgotten services or internet-facing IoT/OT devices in your IP range.
• OSINT investigations: find infrastructure, related domains, or reused banners across targets.
• Incident response: check whether a compromised service is visible to the Internet.
• Monitoring & threat hunting: set alerts for newly exposed services or changes to existing assets.

Practical Shodan usage web UI & filters

Shodan search supports advanced filters. Some useful filters:

• port:22 — services on port 22 (SSH)
• country:"IN" — country (use ISO code)
• org:"Amazon" — organization / ISP
• net:"1.2.3.0/24" — CIDR/net block
• product:"Apache httpd" — product string
• os:"linux" — OS from banner
• hostname:"router" — hostname contains router
• title:"webcam" — HTTP title
• vuln:CVE-YYYY-NNNN — hosts indexed with a CVE match

Shodan is a powerful passive reconnaissance tool for discovering internet-exposed services and potential vulnerabilities great for quick asset discovery and OSINT, but always verify findings and act only with permissio