Skip to content

Shodan Executor

Category: Network Reconnaissance Script: shodan2.py Integration: CLI (shodan command) Faraday Plugin: ShodanPlugin Website: https://www.shodan.io/

Description

Runs the Shodan CLI to download search results as a compressed JSON file, decompresses it, and parses the results into Faraday. Shodan provides information about internet-connected devices, open ports, services, and vulnerabilities.

Prerequisites

  • Shodan CLI installed (pip install shodan)
  • Shodan API key configured (shodan init <api-key>)
  • Verify: shodan info

Configuration

Environment Variables (Setup)

(none required — Shodan uses its own API key configuration)

Execution Arguments

Parameter Type Mandatory Description
SHODAN_QUERY string Yes Shodan search query (e.g., "org:\"My Company\"", "port:443 country:US")

YAML Configuration Example

executors:
  shodan_scan:
    repo_executor: shodan2.py
    max_size: 65536
    varenvs: {}
    params:
      SHODAN_QUERY:
        mandatory: true
        type: string
        base: string

How It Works

  1. Runs shodan download <output.json.gz> "<query>"
  2. Decompresses the gzipped JSON file
  3. Parses the JSON results through ShodanPlugin and outputs Faraday JSON

Notes

  • The Shodan API key must be configured separately via shodan init <api-key> before using this executor
  • Shodan query syntax supports filters like port:, country:, org:, hostname:, os:, etc.
  • Results depend on Shodan's existing scan data — this executor does not perform active scanning
  • API credit usage depends on the query scope; large queries may consume significant credits