What is Shodan? #
Shodan is a search engine that gathers information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet, Shodan can query it for various publicly-available information. The types of devices that Shodan indexes vary tremendously, ranging from small desktops up to nuclear power plants and everything in between.
Why Should You Use the Shodan Connector? #
The Shodan connector provides visibility into the assets and potential vulnerabilities in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Shodan REST API and ingests only meta-data about Shodan results. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
Field |
Description |
Example |
---|---|---|
API Key |
Shodan API key. The free Shodan API key has a low limit on the number of IP addresses you can scan per month, the number of results you can view, and the features you can use. To use the Shodan connector in Lucidum, purchase a “Small Business” or “Corporate” API key (depending on the number of IP addresses in your enterprise). For details, see https://account.shodan.io/billing |
5uj2QHX1gKTFrDPgF6ubpqRvmeCrb2bY |
Public IP Address |
Comma-separated list of IP addresses to scan. The default is “EXT_IP_Address”, which scans all public IP addresses in your environment. |
203.0.113.1, 203.0.113.2, 203.0.113.3, 203.0.113.4, 203.0.113.5 |
Source Documentation #
Creating an API Key #
To create an API Key:
-
Create a Shodan account (https://account.shodan.io/login).
-
The API Key is displayed in your Account page (https://account.shodan.io/).