Provide systematic methodologies for leveraging Shodan as a reconnaissance tool during penetration testing engagements. This skill covers the Shodan web interface, command-line interface (CLI), REST API, search filters, on-demand scanning, and network monitoring capabilities for discovering exposed services, vulnerable systems, and IoT devices.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionshodan-reconnaissance-and-pentestingExecute the skills CLI command in your project's root directory to begin installation:
Fetches shodan-reconnaissance-and-pentesting from davila7/claude-code-templates and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate shodan-reconnaissance-and-pentesting. Access via /shodan-reconnaissance-and-pentesting in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
24.2K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
24.2K
stars
Provide systematic methodologies for leveraging Shodan as a reconnaissance tool during penetration testing engagements. This skill covers the Shodan web interface, command-line interface (CLI), REST API, search filters, on-demand scanning, and network monitoring capabilities for discovering exposed services, vulnerable systems, and IoT devices.
# Using pip
pip install shodan
# Or easy_install
easy_install shodan
# On BlackArch/Arch Linux
sudo pacman -S python-shodan
# Set your API key
shodan init YOUR_API_KEY
# Verify setup
shodan info
# Output: Query credits available: 100
# Scan credits available: 100
# View credits and plan info
shodan info
# Check your external IP
shodan myip
# Check CLI version
shodan version
# Get all information about an IP
shodan host 1.1.1.1
# Example output:
# 1.1.1.1
# Hostnames: one.one.one.one
# Country: Australia
# Organization: Mountain View Communications
# Number of open ports: 3
# Ports:
# 53/udp
# 80/tcp
# 443/tcp
# Get honeypot probability score
shodan honeyscore 192.168.1.100
# Output: Not a honeypot
# Score: 0.3
# Simple keyword search (no credits consumed)
shodan search apache
# Specify output fields
shodan search --fields ip_str,port,os smb
# Product-specific search
shodan search product:mongodb
# Search with multiple filters
shodan search product:nginx country:US city:"New York"
# Get result count without consuming credits
shodan count openssh
# Output: 23128
shodan count openssh 7
# Output: 219
# Download 1000 results (default)
shodan download results.json.gz "apache country:US"
# Download specific number of results
shodan download --limit 5000 results.json.gz "nginx"
# Download all available results
shodan download --limit -1 all_results.json.gz "query"
# Extract specific fields from downloaded data
shodan parse --fields ip_str,port,hostnames results.json.gz
# Filter by specific criteria
shodan parse --fields location.country_code3,ip_str -f port:22 results.json.gz
# Export to CSV format
shodan parse --fields ip_str,port,org --separator , results.json.gz > results.csv
ip:1.2.3.4 # Specific IP address
net:192.168.0.0/24 # Network range (CIDR)
hostname:example.com # Hostname contains
port:22 # Specific port
asn:AS15169 # Autonomous System Number
country:US # Two-letter country code
country:"United States" # Full country name
city:"San Francisco" # City name
state:CA # State/region
postal:94102 # Postal/ZIP code
geo:37.7,-122.4 # Lat/long coordinates
org:"Google" # Organization name
isp:"Comcast" # ISP name
product:nginx # Software product
version:1.14.0 # Software version
os:"Windows Server 2019" # Operating system
http.title:"Dashboard" # HTTP page title
http.html:"login" # HTML content
http.status:200 # HTTP status code
ssl.cert.subject.cn:*.example.com # SSL certificate
ssl:true # Has SSL enabled
vuln:CVE-2019-0708 # Specific CVE
has_vuln:true # Has any vulnerability
has_screenshot:true # Has screenshot available
screenshot.label:webcam # Screenshot type
# Scan single IP (1 credit per IP)
shodan scan submit 192.168.1.100
# Scan with verbose output (shows scan ID)
shodan scan submit --verbose 192.168.1.100
# Scan and save results
shodan scan submit --filename scan_results.json.gz 192.168.1.100
# List recent scans
shodan scan list
# Check specific scan status
shodan scan status SCAN_ID
# Download scan results later
shodan download --limit -1 results.json.gz scan:SCAN_ID
# List available protocols/modules
shodan scan protocols
# Default statistics (top 10 countries, orgs)
shodan stats nginx
# Custom facets
shodan stats --facets domain,port,asn --limit 5 nginx
# Save to CSV
shodan stats --facets country,org -O stats.csv apache
1. Navigate to Monitor Dashboard
2. Add IP, range, or domain to monitor
3. Configure notification service (email, Slack, webhook)
4. Select trigger events (new service, vulnerability, etc.)
5. View dashboard for exposed services
# Get API info
curl -s "https://api.shodan.io/api-info?key=YOUR_KEY" | jq
# Host lookup
curl -s "https://api.shodan.io/shodan/host/1.1.1.1?key=YOUR_KEY" | jq
# Search query
curl -s "https://api.shodan.io/shodan/host/search?key=YOUR_KEY&query=apache" | jq
import shodan
api = shodan.Shodan('YOUR_API_KEY')
# Search
results = api.search('apache')
print(f'Results found: {results["total"]}')
for result in results['matches']:
print(f'IP: {result["ip_str"]}')
# Host lookup
host = api.host('1.1.1.1')
print(f'IP: {host["ip_str"]}')
print(f'Organization: {host.get("org", "n/a")}')
for item in host['data']:
print(f'Port: {item["port"]}')
| Command | Description | Credits |
|---|---|---|
shodan init KEY |
Initialize API key | 0 |
shodan info |
Show account info | 0 |
shodan myip |
Show your IP | 0 |
shodan host IP |
Host details | 0 |
shodan count QUERY |
Result count | 0 |
shodan search QUERY |
Basic search | 0* |
shodan download FILE QUERY |
Save results | 1/100 results |
shodan parse FILE |
Extract data | 0 |
shodan stats QUERY |
Statistics | 1 |
shodan scan submit IP |
On-demand scan | 1/IP |
shodan honeyscore IP |
Honeypot check | 0 |
*Filters consume 1 credit per query
| Purpose | Query |
|---|---|
| Find webcams | webcam has_screenshot:true |
| MongoDB databases | product:mongodb |
| Redis servers | product:redis |
| Elasticsearch | product:elastic port:9200 |
| Default passwords | "default password" |
| Vulnerable RDP | port:3389 vuln:CVE-2019-0708 |
| Industrial systems | port:502 modbus |
| Cisco devices | product:cisco |
| Open VNC | port:5900 authentication disabled |
| Exposed FTP | port:21 anonymous |
| WordPress sites | http.component:wordpress |
| Printers | "HP-ChaiSOE" port:80 |
| Cameras (RTSP) | port:554 has_screenshot:true |
| Jenkins servers | X-Jenkins port:8080 |
| Docker APIs | port:2375 product:docker |
| Scenario | Query |
|---|---|
| Target org recon | org:"Company Name" |
| Domain enumeration | hostname:example.com |
| Network range scan | net:192.168.0.0/24 |
| SSL cert search | ssl.cert.subject.cn:*.target.com |
| Vulnerable servers | vuln:CVE-2021-44228 country:US |
| Exposed admin panels | http.title:"admin" port:443 |
| Database exposure | port:3306,5432,27017,6379 |
| Action | Credit Type | Cost |
|---|