Shodan

this connector integrates shodan with swimlane turbine prerequisites to set up the asset, you need the following url api key capabilities this connector provides the following capabilities get network alert by id get network alerts get scan request status lookup ip address network alert create network alert delete by id network alert disable trigger network alert enable trigger network alert remove service from whitelist network alert whitelist service scan internet scan ip search search count search facets configurations api key authentication shodan api turbine connector configuration parameters parameter description type required url a url to the target host string optional key api key for authentication string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get network alert by id returns the information about a specific network alert endpoint url shodan/alert/{{id}}/info method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource created string output field created triggers object output field triggers has triggers boolean output field has triggers expires number output field expires expiration object output field expiration filters object output field filters ip array output field ip notifiers array output field notifiers file name string name of the resource file string output field file id string unique identifier size number output field size example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 09 42 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "name" "dns alert", "created" "2023 07 29t10 05 08 576000", "triggers" {}, "has triggers" false, "expires" 0, "expiration" null, "filters" {}, "notifiers" \[], "id" "6vorhmnxombeaqay", "size" 2 } } ] get network alerts returns a listing of all the network alerts that are currently active on the account endpoint url shodan/alert/info method get output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 14 13 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "5", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" \[ {} ] } ] get scan request status check the progress of a previously submitted scan request endpoint url shodan/scan/{{id}} method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase count number count value status string status value id string unique identifier created string output field created example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 42 33 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "3", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "last modified" "sat, 29 jul 2023 07 42 33 gmt", "cf cache status" "miss", "expires" "sat, 29 jul 2023 15 42 33 gmt" }, "reason" "ok", "json body" { "count" 1, "status" "done", "id" "mo8w7itcwumiy9ay", "created" "2021 01 26t08 17 43 794000" } } ] lookup ip address returns all services that have been found on the given host ip endpoint url shodan/host/{{ip}} method get input argument name type required description ip string required parameter for lookup ip address history boolean optional parameter for lookup ip address minify boolean optional parameter for lookup ip address output parameter type description status code number http status code of the response reason string response reason phrase city string output field city region code string output field region code os object output field os tags array output field tags file name string name of the resource file string output field file ip number output field ip isp string output field isp area code object output field area code longitude number output field longitude last update string date value ports array output field ports latitude number output field latitude hostnames array name of the resource country code string output field country code country name string name of the resource domains array output field domains org string output field org data array response data hash number output field hash opts object output field opts vulns array output field vulns file name string name of the resource example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 42 33 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "3", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "last modified" "sat, 29 jul 2023 07 42 33 gmt", "cf cache status" "miss", "expires" "sat, 29 jul 2023 15 42 33 gmt" }, "reason" "ok", "json body" { "city" "mountain view", "region code" "ca", "os" null, "tags" \[], "ip" 134744072, "isp" "google llc", "area code" null, "longitude" 122 0775, "last update" "2023 07 29t07 24 32 560478", "ports" \[], "latitude" 37 4056, "hostnames" \[], "country code" "us", "country name" "united states", "domains" \[] } } ] network alert create create an alert to monitor a network range endpoint url shodan/alert method post input argument name type required description name string required name of the resource filters object required parameter for network alert create ip array required parameter for network alert create expires number optional parameter for network alert create output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource created string output field created triggers object output field triggers has triggers boolean output field has triggers expires number output field expires expiration object output field expiration filters object output field filters ip array output field ip id string unique identifier size number output field size example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 05 08 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "5", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "name" "dns alert", "created" "2023 07 29t10 05 08 576636", "triggers" {}, "has triggers" false, "expires" 0, "expiration" null, "filters" {}, "id" "6vorhmnxombeaqay", "size" 2 } } ] network alert delete by id remove the specified network alert endpoint url shodan/alert/{{id}} method delete input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 24 10 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" {} } ] network alert disable trigger stop getting notifications for the specified trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}} method delete input argument name type required description id string required unique identifier trigger string required parameter for network alert disable trigger output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 24 10 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "success" true } } ] network alert enable trigger get notifications when the specified trigger is met endpoint url shodan/alert/{{id}}/trigger/{{trigger}} method put input argument name type required description id string required unique identifier trigger string required parameter for network alert enable trigger output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 24 10 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "success" true } } ] network alert remove service from whitelist start getting notifications again for the specified trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}}/ignore/{{service}} method delete input argument name type required description id string required unique identifier trigger string required parameter for network alert remove service from whitelist service string required parameter for network alert remove service from whitelist output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 24 10 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "success" true } } ] network alert whitelist service ignore the specified service when it is matched for the trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}}/ignore/{{service}} method put input argument name type required description id string required unique identifier trigger string required parameter for network alert whitelist service service string required parameter for network alert whitelist service output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 10 24 10 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "success" true } } ] scan internet use this method to request shodan to crawl the internet for a specific port endpoint url shodan/scan/internet method post input argument name type required description headers object optional http headers for the request content type string required type of the resource data body object required response data port number required parameter for scan internet protocol string required parameter for scan internet output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 59 01 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "id" "tcjcsmfpcw4o7o84" } } ] scan ip use this method to request shodan to crawl a network endpoint url shodan/scan method post input argument name type required description ips object required parameter for scan ip output parameter type description status code number http status code of the response reason string response reason phrase count number count value id string unique identifier credits left number output field credits left example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 59 01 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "cf cache status" "dynamic", "permissions policy" "interest cohort=()", "server" "cloudflare" }, "reason" "ok", "json body" { "count" 1, "id" "ehxfeszvc0ko86dl", "credits left" 97 } } ] search search shodan using the same query syntax as the website and use facets to get summary information for different properties endpoint url shodan/host/search method get input argument name type required description query string required parameter for search facets string optional parameter for search page number optional parameter for search minify boolean optional parameter for search output parameter type description status code string http status code of the response reason string response reason phrase matches string output field matches facets string output field facets total string output field total example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "matches" "string", "facets" "string", "total" "string" } } ] search count returns number of results that match only the specified query endpoint url shodan/host/count method get input argument name type required description query string required parameter for search count facets string optional parameter for search count output parameter type description status code number http status code of the response reason string response reason phrase matches array output field matches file name string name of the resource file string output field file facets object output field facets org array output field org count number count value value string value for the parameter os array output field os count number count value value string value for the parameter total number output field total example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 44 37 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "last modified" "sat, 29 jul 2023 07 44 37 gmt", "cf cache status" "miss", "expires" "sat, 29 jul 2023 15 44 37 gmt" }, "reason" "ok", "json body" { "matches" \[], "facets" {}, "total" 19693360 } } ] search facets this method returns a list of facets that can be used to get a breakdown of the top values for a property endpoint url shodan/host/search/facets method get output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "sat, 29 jul 2023 07 46 33 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "vary" "accept encoding", "access control allow origin" " ", "x cid" "6", "x frame options" "deny", "x content type options" "nosniff", "x xss protection" "1; mode=block", "strict transport security" "max age=63072000; includesubdomains", "content encoding" "gzip", "last modified" "fri, 28 jul 2023 19 08 20 gmt", "cf cache status" "expired", "expires" "thu, 03 aug 2023 07 46 33 gmt" }, "reason" "ok", "json body" \[ "asn", "bitcoin ip", "bitcoin ip count" ] } ] response headers header description example access control allow origin http response header access control allow origin alt svc http response header alt svc h3=" 443 "; ma=86400 cache control directives for caching mechanisms public, max age=432000 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 7ee3bfafadc66ed0 bom connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated sat, 29 jul 2023 10 09 42 gmt expires the date/time after which the response is considered stale sat, 29 jul 2023 15 42 33 gmt last modified the date and time at which the origin server believes the resource was last modified sat, 29 jul 2023 07 44 37 gmt permissions policy http response header permissions policy interest cohort=() server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=63072000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x cid http response header x cid 6 x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block notes api documentation https //developer shodan io/api https //developer shodan io/api