Shodan

this connector integrates shodan with swimlane turbine prerequisites to set up the asset, you need the following url api key capabilities this connector provides the following capabilities get network alert by id get network alerts get scan request status lookup ip address network alert create network alert delete by id network alert disable trigger network alert enable trigger network alert remove service from whitelist network alert whitelist service scan internet scan ip search search count search facets notes api documentation https //developer shodan io/api configurations api key authentication shodan api turbine connector configuration parameters parameter description type required url a url to the target host string optional key api key for authentication string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get network alert by id returns the information about a specific network alert endpoint url shodan/alert/{{id}}/info method get input argument name type required description path parameters id string required parameters for the get network alert by id action input example {"path parameters" {"id" "6vorhmnxombeaqay"}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource created string output field created triggers object output field triggers has triggers boolean output field has triggers expires number output field expires expiration object output field expiration filters object output field filters filters ip array output field filters ip notifiers array output field notifiers notifiers file name string name of the resource notifiers file string output field notifiers file id string unique identifier size number output field size output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 09 42 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest get network alerts returns a listing of all the network alerts that are currently active on the account endpoint url shodan/alert/info method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 14 13 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "5","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest get scan request status check the progress of a previously submitted scan request endpoint url shodan/scan/{{id}} method get input argument name type required description path parameters id string required parameters for the get scan request status action input example {"path parameters" {"id" "mo8w7itcwumiy9ay"}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value status string status value id string unique identifier created string output field created output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 42 33 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "3","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","last modified" "sat, 29 jul 2023 07 42 33 gmt","cf cache s lookup ip address returns all services that have been found on the given host ip endpoint url shodan/host/{{ip}} method get input argument name type required description path parameters ip string required parameters for the lookup ip address action parameters history boolean optional parameters for the lookup ip address action parameters minify boolean optional parameters for the lookup ip address action input example {"parameters" {"history"\ false,"minify"\ false},"path parameters" {"ip" "8 8 8 8"}} output parameter type description status code number http status code of the response reason string response reason phrase city string output field city region code string output field region code os object output field os tags array output field tags tags file name string name of the resource tags file string output field tags file ip number output field ip isp string output field isp area code object output field area code longitude number output field longitude last update string date value ports array output field ports latitude number output field latitude hostnames array name of the resource country code string output field country code country name string name of the resource domains array output field domains org string output field org data array response data data hash number response data data opts object response data data opts vulns array response data data opts vulns file name string response data output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 42 33 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "3","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","last modified" "sat, 29 jul 2023 07 42 33 gmt","cf cache s network alert create create an alert to monitor a network range endpoint url shodan/alert method post input argument name type required description name string optional name of the resource filters object optional parameter for network alert create filters ip array required parameter for network alert create expires number optional parameter for network alert create input example {"json body" {"name" "dns alert","filters" {"ip" \["8 8 8 8","1 1 1 1"]},"expires" 0}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource created string output field created triggers object output field triggers has triggers boolean output field has triggers expires number output field expires expiration object output field expiration filters object output field filters filters ip array output field filters ip id string unique identifier size number output field size output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 05 08 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "5","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest network alert delete by id remove the specified network alert endpoint url shodan/alert/{{id}} method delete input argument name type required description path parameters id string required parameters for the network alert delete by id action input example {"path parameters" {"id" "6vorhmnxombeaqay"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 24 10 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest network alert disable trigger stop getting notifications for the specified trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}} method delete input argument name type required description path parameters id string required parameters for the network alert disable trigger action path parameters trigger string required parameters for the network alert disable trigger action input example {"path parameters" {"id" "oyprb8ir9z35azpr","trigger" "new service,vulnerable"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 24 10 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest network alert enable trigger get notifications when the specified trigger is met endpoint url shodan/alert/{{id}}/trigger/{{trigger}} method put input argument name type required description path parameters id string required parameters for the network alert enable trigger action path parameters trigger string required parameters for the network alert enable trigger action input example {"path parameters" {"id" "oyprb8ir9z35azpr","trigger" "new service,vulnerable"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 24 10 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest network alert remove service from whitelist start getting notifications again for the specified trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}}/ignore/{{service}} method delete input argument name type required description path parameters id string required parameters for the network alert remove service from whitelist action path parameters trigger string required parameters for the network alert remove service from whitelist action path parameters service string required parameters for the network alert remove service from whitelist action input example {"path parameters" {"id" "oyprb8ir9z35azpr","trigger" "new service","service" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 24 10 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest network alert whitelist service ignore the specified service when it is matched for the trigger endpoint url shodan/alert/{{id}}/trigger/{{trigger}}/ignore/{{service}} method put input argument name type required description path parameters id string required parameters for the network alert whitelist service action path parameters trigger string required parameters for the network alert whitelist service action path parameters service string required parameters for the network alert whitelist service action input example {"path parameters" {"id" "oyprb8ir9z35azpr","trigger" "new service","service" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 10 24 10 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest scan internet use this method to request shodan to crawl the internet for a specific port endpoint url shodan/scan/internet method post input argument name type required description headers object optional http headers for the request headers content type string required http headers for the request data body object required response data data body port number required response data data body protocol string required response data input example {"headers" {"content type" "application/x www form urlencoded"},"data body" {"port" 443,"protocol" "https"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 59 01 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest scan ip use this method to request shodan to crawl a network endpoint url shodan/scan method post input argument name type required description ips object optional parameter for scan ip input example {"json body" {"ips" {}}} output parameter type description status code number http status code of the response reason string response reason phrase count number count value id string unique identifier credits left number output field credits left output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 59 01 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","cf cache status" "dynamic","permissions policy" "interest search search shodan using the same query syntax as the website and use facets to get summary information for different properties endpoint url shodan/host/search method get input argument name type required description parameters query string required parameters for the search action parameters facets string optional parameters for the search action parameters page number optional parameters for the search action parameters minify boolean optional parameters for the search action input example {"parameters" {"query" "product\ nginx","facets" "country","page" 10,"minify"\ false}} output parameter type description status code string http status code of the response reason string response reason phrase matches string output field matches facets string output field facets total string output field total output example {"matches" "string","facets" "string","total" "string"} search count returns number of results that match only the specified query endpoint url shodan/host/count method get input argument name type required description parameters query string required parameters for the search count action parameters facets string optional parameters for the search count action input example {"parameters" {"query" "port 22","facets" "org,os"}} output parameter type description status code number http status code of the response reason string response reason phrase matches array output field matches matches file name string name of the resource matches file string output field matches file facets object output field facets facets org array output field facets org facets org count number count value facets org value string value for the parameter facets os array output field facets os facets os count number count value facets os value string value for the parameter total number output field total output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 44 37 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","last modified" "sat, 29 jul 2023 07 44 37 gmt","cf cache s search facets this method returns a list of facets that can be used to get a breakdown of the top values for a property endpoint url shodan/host/search/facets method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "sat, 29 jul 2023 07 46 33 gmt","content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","vary" "accept encoding","access control allow origin" " ","x cid" "6","x frame options" "deny","x content type options" "nosniff","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains","content encoding" "gzip","last modified" "fri, 28 jul 2023 19 08 20 gmt","cf cache s response headers header description example access control allow origin http response header access control allow origin alt svc http response header alt svc h3=" 443 "; ma=86400 cache control directives for caching mechanisms public, max age=432000 cf cache status http response header cf cache status miss cf ray http response header cf ray 7ee4a68dfd9f2e11 bom connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json date the date and time at which the message was originated sat, 29 jul 2023 07 42 33 gmt expires the date/time after which the response is considered stale thu, 03 aug 2023 07 46 33 gmt last modified the date and time at which the origin server believes the resource was last modified sat, 29 jul 2023 07 42 33 gmt permissions policy http response header permissions policy interest cohort=() server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=63072000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x cid http response header x cid 3 x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block