    What Shodan Does
    Just like Google crawls websites, Shodan crawls the entire internet, but instead of indexing web pages, it:

    Connects to devices (servers, routers, webcams, IoT sensors, etc.).

    Records their IP address, open ports, services, and configuration banners.

    Stores this data in a searchable database.

    What Makes It Different from Google
    Google	Shodan
    Searches web content	Searches device and network service data
    Uses keywords from HTML pages	Uses network-level metadata (IP, port, banners)
    Crawls HTTP/HTTPS (ports 80, 443)	Scans many protocols (FTP, SSH, Telnet, SMTP, etc.)
    Finds public websites	Finds public devices & services

    Types of Things You Can Find
    Web servers (Apache, Nginx, IIS)

    Databases (MySQL, MongoDB, Elasticsearch)

    Security cameras (with exposed control panels)

    Industrial control systems (SCADA, power plants, traffic lights)

    IoT devices (smart refrigerators, printers, thermostats)

    How Shodan Works (Simplified Flow)
    Shodan scanners send connection requests to millions of IP addresses.

    They record:

    IP address

    Port number

    Service banner (e.g., “Apache/2.4.41 (Ubuntu)”)

    Geo-location info

    Organization (ISP or hosting provider)

    The data goes into Shodan’s database.

    Users search it via:

    The Shodan website

    The Shodan API (like your Python code)

    Why Cybersecurity People Use It
    Vulnerability assessment – Find outdated or misconfigured services.

    Asset discovery – See what devices your organization has exposed to the internet.

    Penetration testing – Gather intel before testing.

    Research – Study trends in technology usage.

    Ethical Note
    Shodan doesn’t “hack” devices; it only reports what is already publicly visible on the internet.
    However, accessing or altering those devices without permission is illegal in most countries.

In [None]:
# Install Shodan library
!pip install shodan



Collecting shodan
  Downloading shodan-1.31.0.tar.gz (57 kB)
[?25l     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/57.9 kB[0m [31m?[0m eta [36m-:--:--[0m[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m57.9/57.9 kB[0m [31m4.1 MB/s[0m eta [36m0:00:00[0m
[?25h  Preparing metadata (setup.py) ... [?25l[?25hdone
Collecting click-plugins (from shodan)
  Downloading click_plugins-1.1.1.2-py2.py3-none-any.whl.metadata (6.5 kB)
Collecting colorama (from shodan)
  Downloading colorama-0.4.6-py2.py3-none-any.whl.metadata (17 kB)
Collecting XlsxWriter (from shodan)
  Downloading xlsxwriter-3.2.5-py3-none-any.whl.metadata (2.7 kB)
Collecting tldextract (from shodan)
  Downloading tldextract-5.3.0-py3-none-any.whl.metadata (11 kB)
Collecting requests-file>=1.4 (from tldextract->shodan)
  Downloading requests_file-2.1.0-py2.py3-none-any.whl.metadata (1.7 kB)
Downloading click_plugins-1.1.1.2-py2.py3-none-any.whl (11 kB)
Downloading colorama-0.4.6-py2.py3-n

In [None]:
    !pip install shodan
    pip → Python’s package manager. It’s used to download and install libraries (packages) from the Python Package Index (PyPI).

    install → The command telling pip to install a specific library.

    shodan → The name of the Python client library for Shodan’s API.

    import shodan
    This loads the Shodan Python library that you installed earlier with !pip install shodan.

    Once imported, you can access all the functions and classes in that library for interacting with Shodan’s API.

    SHODAN_API_KEY = "di2s42WwXqcLBdnkmMjrFKQKjWrf0iJq"
    This stores your Shodan API key in a variable named SHODAN_API_KEY.

    The API key is like a password that authenticates you to Shodan’s servers.

    Every Shodan account has a unique API key — yours allows you to make a certain number of queries per month.

    Important: Never share your real API key in public notebooks, GitHub, or screenshots — someone could misuse it and exhaust your query limit.

    api = shodan.Shodan(SHODAN_API_KEY)
    This creates an API client object called api.

    You pass your API key to shodan.Shodan() so it knows who you are and can authorize your requests.

    After this, you can do things like:

    api.search("apache") → Search for Apache servers.

    api.host("8.8.8.8") → Get details about a specific IP address.

    Essentially, api becomes your “connection” to Shodan’s database.

In [None]:
import shodan

# Input your Shodan API key
SHODAN_API_KEY = "di2s42WwXqcLBdnkmMjrFKQKjWrf0iJq"  # Replace with your key
api = shodan.Shodan(SHODAN_API_KEY)


In [None]:
try:
    query = 'apache country:US'
    results = api.search(query)

    print(f"Results found: {results['total']}\n")
    for match in results['matches'][:5]:  # Only show first 5 for brevity
        print(f"IP: {match['ip_str']}")
        print(f"Port: {match['port']}")
        print(f"Org: {match.get('org', 'n/a')}")
        print(f"Data: {match['data'][:100]}...\n")

except shodan.APIError as e:
    print(f"Error: {e}")


Results found: 4447745

IP: 50.6.168.217
Port: 80
Org: Newfold Digital, Inc.
Data: HTTP/1.1 200 OK
Date: Sun, 10 Aug 2025 10:45:09 GMT
Server: Apache
Upgrade: h2,h2c
Connection: U...

IP: 165.73.244.171
Port: 80
Org: Psychz-Networks-ZA-Cloud-Services
Data: HTTP/1.1 200 OK
Date: Sun, 10 Aug 2025 10:45:25 GMT
Server: Apache/2.4.62 (AlmaLinux) OpenSSL/3.2....

IP: 3.83.141.17
Port: 80
Org: Amazon Data Services NoVa
Data: HTTP/1.1 200 OK
Date: Sun, 10 Aug 2025 10:45:24 GMT
Server: Apache
Strict-Transport-Security: max...

IP: 129.252.90.111
Port: 80
Org: University of South Carolina
Data: HTTP/1.1 301 Moved Permanently
Date: Sun, 10 Aug 2025 10:45:20 GMT
Server: Apache/2.4.29 (Ubuntu)...

IP: 204.10.246.45
Port: 443
Org: Asante Health System
Data: HTTP/1.1 200 OK
Age:          1
Date: Sun, 10 Aug 2025 10:45:20 GMT
Cache-Control: no-cache,no-st...



    1. IP: 146.70.240.204
    Public IP address of the device.

    Could be a server, virtual machine, or hosted service.

    Port: 25002
    The open network port Shodan detected.

    Port 25002 is non-standard; Apache is not usually on this port, so it might be a custom service.

    Org: M247 Miami Infrastructure
    The ISP or organization hosting the server.

    This can be used to identify hosting providers or corporate networks.

    Data: HTTP/1.1 200 OK ...
    This is the banner — the first chunk of text the server sends when someone connects.

    200 OK → The server responded successfully.

    Server: Apache → Confirms the service is Apache-based.

    Last-Modified: → Gives a date of the last content update, which can sometimes hint at outdated content or software.



In [None]:
query = 'product:"OpenSSH" port:22'
results = api.search(query)

for match in results['matches'][:3]:
    print(f"IP: {match['ip_str']} ({match.get('org', 'n/a')})")
    vulns = match.get('vulns', [])
    if vulns:
        print("Vulnerabilities:")
        for vuln in vulns:
            print(f" - {vuln}")
    else:
        print("No vulnerability data available")
    print("---")


IP: 137.184.26.250 (DigitalOcean, LLC)
No vulnerability data available
---
IP: 139.224.2.188 (Aliyun Computing Co., LTD)
Vulnerabilities:
 - CVE-2008-3844
 - CVE-2019-6110
 - CVE-2016-20012
 - CVE-2018-15919
 - CVE-2018-15473
 - CVE-2021-36368
 - CVE-2025-26465
 - CVE-2017-15906
 - CVE-2018-20685
 - CVE-2020-14145
 - CVE-2023-51767
 - CVE-2020-15778
 - CVE-2023-48795
 - CVE-2023-38408
 - CVE-2007-2768
 - CVE-2025-32728
 - CVE-2019-6111
 - CVE-2023-51385
 - CVE-2021-41617
 - CVE-2019-6109
---
IP: 20.90.89.144 (Microsoft Corporation)
No vulnerability data available
---


| Sr. No. | IP Address      | Port | Service                   | Banner Snippet         | Notes                       |
| ------- | --------------- | ---- | ------------------------- | ---------------------- | --------------------------- |
| 1       | 121.241.73.170  | 443  | HTTPS (Apache)            | Apache/2.4.63 (Ubuntu) | Likely secure if patched    |
| 2       | 115.111.110.184 | 443  | HTTPS                     | 404 Not Found          | Endpoint exists but no page |
| 3       | 115.111.110.179 | 25   | SMTP                      | mx1.pun.unipune.ac.in  | Mail server                 |
| 4       | 121.241.73.162  | 123  | NTP                       | Protocol v3, stratum 4 | Time sync server            |
| 5       | 219.65.94.163   | 443  | HTTPS (Microsoft-HTTPAPI) | 404 Not Found          | Possibly API endpoint       |




1. Results found: 53
Shodan found 53 public-facing services matching your search filter.

These are already indexed by Shodan — no active scanning was done here.

2. Key Findings
a) Web Servers on Port 443 (HTTPS)
Multiple IPs (e.g., 121.241.73.170, 219.65.94.169, etc.) are listening on port 443.

Some respond with:

HTTP/1.1 200 OK — successful response, site loads normally.

HTTP/1.1 404 Not Found — server is up but requested page is missing.

Server types seen:

Apache/2.4.63 (Ubuntu) → Latest Apache release (secure if patched).

Microsoft-HTTPAPI/2.0 → Microsoft’s built-in web server (commonly used for API endpoints or services).

b) Email Server on Port 25 (SMTP)
115.111.110.179 is running an SMTP service.

Banner shows:

mx1.pun.unipune.ac.in → Mail exchange server for the university.

Supports PIPELINING and a maximum email size of ~36 MB.

This is normal for institutional mail servers, but the banner reveals exact server name and capabilities.

c) Time Server on Port 123 (NTP)
121.241.73.162 is running Network Time Protocol (NTP).

Banner shows:

Protocol version: 3

Stratum: 4 (indicates how far it is from a reference clock)

Delay/dispersion values

NTP services should be monitored — older configurations can be abused in reflection/amplification DDoS attacks if misconfigured.

In [None]:
ip_address = "8.8.8.8"  # Example target (Google DNS)
host_info = api.host(ip_address)

print(f"IP: {host_info['ip_str']}")
print(f"Organization: {host_info.get('org', 'n/a')}")
print(f"Operating System: {host_info.get('os', 'n/a')}")
print("Open Ports:", host_info['ports'])


IP: 8.8.8.8
Organization: Google LLC
Operating System: None
Open Ports: [443, 53]


In [None]:
import shodan

SHODAN_API_KEY = "di2s42WwXqcLBdnkmMjrFKQKjWrf0iJq"  # Replace with your own key
api = shodan.Shodan(SHODAN_API_KEY)

# Search for information about unipune.ac.in
try:
    results = api.search("hostname:unipune.ac.in")
    print(f"Results found: {results['total']}")

    for match in results['matches']:
        print(f"IP: {match['ip_str']}")
        print(f"Port: {match['port']}")
        print(f"Data: {match['data'][:100]}...\n")

except shodan.APIError as e:
    print("Error:", e)


Results found: 58
IP: 219.65.94.169
Port: 443
Data: HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Da...

IP: 219.65.94.168
Port: 443
Data: HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Da...

IP: 219.65.94.181
Port: 443
Data: HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Da...

IP: 121.241.73.174
Port: 443
Data: HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Da...

IP: 121.241.73.170
Port: 443
Data: HTTP/1.1 200 OK
Date: Sat, 09 Aug 2025 00:41:38 GMT
Server: Apache/2.4.63 (Ubuntu)
Cache-Control:...

IP: 121.241.73.162
Port: 123
Data: NTP
protocolversion: 3
stratum: 4
leap: 0
precision: -19
rootdelay: 0.378677368164
rootdisp: 0.02064...

IP: 121.241.73.168
Port: 443
Data: HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Da...

IP: 1

In [None]:
import shodan

# Your Shodan API Key
SHODAN_API_KEY = "di2s42WwXqcLBdnkmMjrFKQKjWrf0iJq"  # Replace with your key
api = shodan.Shodan(SHODAN_API_KEY)

try:
    # Search query for Apache servers in Pune, India
    query = 'apache country:IN city:Pune'
    results = api.search(query)

    print(f"Total results found: {results['total']}\n")

    # Show details of first 5 results
    for match in results['matches'][:5]:
        print(f"IP Address : {match['ip_str']}")
        print(f"Port       : {match['port']}")
        print(f"Org/ISP    : {match.get('org', 'n/a')}")
        print(f"Banner     : {match['data'][:100]}...\n")

except shodan.APIError as e:
    print(f"Error: {e}")


Total results found: 10840

IP Address : 98.70.34.220
Port       : 80
Org/ISP    : Microsoft Corporation
Banner     : HTTP/1.1 301 Moved Permanently
Date: Mon, 11 Aug 2025 03:25:10 GMT
Server: Apache/2.4.62 (Debian)...

IP Address : 4.213.140.104
Port       : 80
Org/ISP    : Microsoft Corporation
Banner     : HTTP/1.1 200 OK
Date: Mon, 11 Aug 2025 03:22:59 GMT
Server: Apache/2.4.58 (Ubuntu)
Last-Modified:...

IP Address : 98.70.75.14
Port       : 80
Org/ISP    : Microsoft Corporation
Banner     : HTTP/1.1 200 OK
Date: Mon, 11 Aug 2025 03:20:41 GMT
Server: Apache/2.4.61 (Ubuntu)
Last-Modified:...

IP Address : 4.240.43.237
Port       : 443
Org/ISP    : Microsoft Corporation
Banner     : HTTP/1.1 200 OK
Date: Mon, 11 Aug 2025 03:20:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Link: <https:/...

IP Address : 182.76.237.163
Port       : 80
Org/ISP    : OTTO BILZ(INDIA) PVT LTDP
Banner     : HTTP/1.1 200 OK
Date: Mon, 11 Aug 2025 03:22:57 GMT
Server: Apache
X-Powered-By: PHP/8.2.20