Skip to content

Shodan API Key

Service Name: Shodan

Service Description: Shodan is a search engine that lets users find specific types of internet-connected devices and services using a variety of filters. It scans the entire internet and indexes information about devices, servers, and services that are connected to the internet, including their vulnerabilities.

Service Address: https://www.shodan.io/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to Shodan's API, allowing users to search for internet-connected devices, perform network reconnaissance, and access vulnerability data.

Secret Revokement URL: https://account.shodan.io/

Secret Example: 1a2B3c4D5e6F7g8H9i0JkLmNoPqRsTuV

Suspicious Activity Investigation Instructions:

  • Review Shodan API usage logs for unusual query patterns or excessive requests.
  • Check for unauthorized data exports or mass scanning activities.
  • Monitor for queries targeting your organization's infrastructure.
  • Verify if the API key has been used from unusual geographic locations.
  • Check for automated scripts or tools using the API key without authorization.

Mitigation Instructions:

  • Log in to your Shodan account at https://account.shodan.io/.
  • Navigate to the API Key section in your account settings.

  • Generate a new API key to replace the compromised one.

  • Update all legitimate applications and scripts with the new API key.
  • Implement proper secret management practices to prevent future exposure.
  • Consider implementing rate limiting for API usage if available.
  • Monitor the new API key usage for any suspicious activities.