Shodan API Key
Service Name: Shodan
Service Description: Shodan is a search engine that lets users find specific types of internet-connected devices and services using a variety of filters. It scans the entire internet and indexes information about devices, servers, and services that are connected to the internet, including their vulnerabilities.
Service Address: https://www.shodan.io/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants programmatic access to Shodan's API, allowing users to search for internet-connected devices, perform network reconnaissance, and access vulnerability data.
Secret Revokement URL: https://account.shodan.io/
Secret Example: 1a2B3c4D5e6F7g8H9i0JkLmNoPqRsTuV
Suspicious Activity Investigation Instructions:
- Review Shodan API usage logs for unusual query patterns or excessive requests.
- Check for unauthorized data exports or mass scanning activities.
- Monitor for queries targeting your organization's infrastructure.
- Verify if the API key has been used from unusual geographic locations.
- Check for automated scripts or tools using the API key without authorization.
Mitigation Instructions:
- Log in to your Shodan account at https://account.shodan.io/.
-
Navigate to the API Key section in your account settings.
-
Generate a new API key to replace the compromised one.
- Update all legitimate applications and scripts with the new API key.
- Implement proper secret management practices to prevent future exposure.
- Consider implementing rate limiting for API usage if available.
- Monitor the new API key usage for any suspicious activities.