Guía de Shodan Development

Guide: Using Shodan with Python

03/03/21 5 min. read


  1. What will we learn in this article?
  2. Installation of Shodan CLI with Python
  5. GO, NODE.JS, RUBY, C++

What will we learn in this article?

Today we are going to learn how to perform searches in Shodan using its command line interface (CLI), we will also see how we can automate these searches using the Python API, and more interesting tidbits about Powershell and Rest Api.

Installation of Shodan CLI

As indicated in the web, and having Python 3.x installed in the system, we can install it. To do so, you just need to run:

  • pip install shodan

and we will see how the installation is launched.

This will not only install the Python libraries on your system, but also the ‘shodan CLI’ interface, which you can run from a DOS window:

The first thing to do is to initialise the Shodan CLI interface. This is done using the ‘init’ command and indicating the API KEY that we would have been assigned in our registration process on the shodan website.

It is important to keep this password safe and do not share it.

If you do not have the APKI key, you can obtain it by creating your own account:

Once the interface has been started, we can perform queries using, for example:

  • shodan search <search_string>

And in this way we can see what kind of services are registered in Shodan and under which systems, including their ip address, port, service ID banner, etc.

For example, we could look for systems under Ubuntu O.S., or with ‘remote desktop’ services active and perhaps for example SSH services listening on port 22.

And how could this be done using Python?

Well, first of all, inside our script we will need to import the ‘shodan’ library along with the rest of the libraries we may need:

Then we are going to build an application that can search, for example, by ip address (you know, to search for our own ip or to see if any of our devices is registered in Shodan), or by service:

To do so, we define a “main” module from which we will manage the passing of arguments (-i and -s) to filter queries by “ip” or “server”. And all this with the “try/except” option for error control:

And now, as an example and to go a little deeper, we will focus on searches by ip address.

The module we have defined for this (ipshodan_query) will be in charge of searching by ip address.

The first thing we have to define is the API KEY (we saw before how to request it) to make the connection. In this case we will create a variable to store this information and we will call it, for example: “ShodanKeyString”. Once we have it, we can establish the connection using the “Shodan” command:

Then, in order to be able to handle all the output information, we can choose the fields we are interested in by indicating the dictionary fields.

You can find more information about the Shodan API at the following link:

Then, if for example we focus on the “server” part, we can perform a similar search:

But in this case, we can use Shodan’s “facets” to obtain inventories by number of servers, or a ranking where the most used operating systems are shown, or in short, where the results meet certain criteria. All this is done by means of “Shodan.Shodan.Count()”.

As shown in the example we choose 2 elements to obtain statistics, and as an example, the output could look something like this:

In short, the possibilities are quite wide and it all depends on what you need. It is therefore important to read the official documentation and try it out.


Do you know what REST (Representational State Transfer) API is? Well, to simplify it a lot I will tell you that it is a web interface through which we can make queries, obtain information and in general, interact with the web.

You can take a look at this link to delve a little deeper into the subject that I assure you is interesting:


Do you feel more comfortable working with PowerShell, and what if we were to make such queries to Shodan via Powershell as well?

To do so, it would be as simple as accessing this GitHub repo and downloading a module that someone has already created.

But they ultimately build on the foundation we have already discussed about REST API-based methods, as they simplify the syntax.

And that by means of the “Invoke-RestMethod” method allows the queries to be sent to a RESTful web service:

In fact, these PowerShell methods are typically used to operate any service based on the REST architecture.

Go, Node.js, Ruby, C++

And as with Powershell, there are repositories on GitHub where different contributors have coded libraries for use in different languages on the client side:

And that’s all for today. I hope you found the article interesting.

Javier Gomez

Javier Gómez

Santander Global Tech

Systems engineer with more than 20 years of experience in different roles as a systems architect, managing Apps & VDIs virtualization solutions and providing end-to-end solutions, as well as managing systems and automating tasks using PowerShell.

I consider myself a restless person and a tireless explorer of the IT universe, who has known how to make his passion his work.


? My LinkedIn profile


Other posts