Understanding the Shodan Search Query Syntax
In the early days of Shodan, we had a handful of search filters, the banners had a few properties and life was simple. Nowadays, Shodan banners can have hundreds of properties and the number of search filters has grown to accommodate the increase in data collection. However, we haven't done a great job of listing the available search filters, explaining how the search engine works and providing examples to help you get started. We're working on fixing all of those issues with our new beta website and help center.
Background
Shodan was designed for a technical audience and I wanted to avoid people using it to generate inflated numbers of exposed devices. As a result, the basic query terms will only search the data property of a banner and you need to use filters to search for values in specific properties. The goal is to encourage users to create accurate and precise search queries. For example, if you search for switzerland you're not actually searching for devices in Switzerland. Instead, you're searching for services where the data property contains the word switzerland. Here is an abridged banner to give you an idea of what a data property can look like:
{
"data": "Moxa Nport Device
Status: Authentication disabled
Name: NP5232I_4728
MAC: 00:90:e8:47:10:2d",
"ip_str": "46.252.132.235",
"port": 4800,
"org": "Starhub Mobile",
"location": {
"country_code": "SG"
}
}
Please check out our help center article on the search query syntax for further information about how it works. And if something isn't clear let me know!
New Resources
We've created a few new pages to help you get started with search filters. Most notably, we now have a page that lists all available filters and another with lots of examples. If you're feeling adventurous you can also explore the search queries that other Shodan users have shared via the website.
In addition, we're providing a programmatic way to get a list of available filters if you'd like to get notified when we add a new filter. The beta website is actually powered using our public Shodan API and uses the below method for creating the list of available filters so it will always the up-to-date with the latest information:
To summarize:
- Query syntax basics: https://help.shodan.io/the-basics/search-query-fundamentals
- Available search filters: https://beta.shodan.io/search/filters
- Examples: https://beta.shodan.io/search/examples
If you have any further questions, suggestions or there's anything we can help you with please reach out to support@shodan.io