onchainMay 7, 2026

A hands-on tutorial for using the Shodan API to query internet-connected devices, analyze network infrastructure, and understand security postures across global internet exposure data.

How to Track the Internet with Shodan API

Right now, there are thousands of devices connected to the internet with no authentication. Open ports, exposed dashboards, unpatched services, all visible to anyone who knows where to look. Most of their owners have no idea.

Shodan is the search engine that surfaces them. Where Google indexes web pages, Shodan crawls exposed infrastructure. If a device has an open port, it’s likely already in Shodan. This tutorial shows how to query that data programmatically through the Shodan API. It covers the same techniques used for network analysis, security research, and infrastructure mapping. For applying similar OSINT methods to smart contracts, see Google Dorks for Smart Contract Security.

Video Tutorial

Repository: shodan-api

Overview

Shodan provides APIs that allows developers and researchers to programmatically search for devices, services, and vulnerabilities across the internet. This tool demonstrates how to:

Architecture

The implementation consists of a single Python script that interfaces with the Shodan API. You need to signup on https://www.shodan.io to get the API key.

Configuration

The script uses environment variables for secure API key management:

import shodan
import sys
import os

# Configuration
API_KEY = os.environ["shodan_key"]

Facet Configuration

Facets allow you to get aggregated statistics about search results. The script configures facets for common analysis dimensions:

# The list of properties we want summary information on
FACETS = [
    "org",        # Organizations hosting devices
    "domain",     # Domains associated with devices
    "port",       # Open ports and services
    "asn",        # Autonomous System Numbers
    ("country", 3),  # Top 3 countries (limited to 3)
]

FACET_TITLES = {
    "org": "Top 5 Organizations",
    "domain": "Top 5 Domains",
    "port": "Top 5 Ports",
    "asn": "Top 5 Autonomous Systems",
    "country": "Top 3 Countries",
}

Facet types:

API Interaction

The core functionality uses Shodan’s count() method, which is available on the free tier:

try:
    api = shodan.Shodan(API_KEY)

    # Generate a query string out of the command-line arguments
    query = " ".join(sys.argv[1:])

    # Free plan allows count search
    result = api.count(query, facets=FACETS)

    print("Shodan Summary Information")
    print(f"Query: {query}")
    print(f"Total Results: {result['total']}\n")

    for facet in result["facets"]:
        print(FACET_TITLES[facet])
        for term in result["facets"][facet]:
            print(f"{term['value']}: {term['count']}")
        print("")

except Exception as e:
    print(f"Error: {e}")
    sys.exit(1)

Key features:

Usage Examples

Basic Queries

Search for specific services or technologies:

python shodan_search.py apache
python shodan_search.py nginx
python shodan_search.py "product:Apache"
python shodan_search.py "port:22"

Advanced Queries

Shodan supports powerful search filters:

# Search by country
python shodan_search.py "country:US apache"

# Search by organization
python shodan_search.py "org:Amazon port:443"

# Search by specific port
python shodan_search.py "port:3306 mysql"

# Combine multiple filters
python shodan_search.py "product:nginx country:DE port:80"

Common Use Cases

  1. Security Research: Identify exposed services and potential vulnerabilities
  2. Infrastructure Analysis: Understand technology distributions across organizations
  3. Geographic Mapping: Analyze device distributions by country
  4. Network Monitoring: Track changes in exposed services over time

Key Insights

Understanding Shodan Queries

Shodan uses a query syntax similar to search engines but optimized for device metadata:

Facet Analysis

Facets provide aggregated statistics without retrieving individual results, making them:

Limitations

Security and Ethics

When using Shodan for research:

Conclusion

The Shodan API provides powerful capabilities for internet-wide device discovery and analysis. This tool demonstrates how to leverage Shodan’s facet functionality to generate insights about internet infrastructure without requiring expensive API plans. Whether for security research, infrastructure analysis, or educational purposes, Shodan offers a unique window into the connected world.

Repository: shodan-api


Read more from Cryptogrammar