Shodan Cheat Sheet

For educational and authorized security testing only. Only use on systems you own or have permission to test.

Basic Search Queries

webcam
ftp
ssh
port:80
port:443
port:22
service:http
service:ssh

Geographic & Filters

country:US
city:New York
org:"Google"
isp:"Verizon"
port:3306 product:MySQL

Security-Related

vuln:CVE-2021-44228
ssl:"self-signed"
"default password"
"admin:admin"

Shodan CLI

pip install shodan
shodan init YOUR_API_KEY
shodan search "apache"
shodan host 8.8.8.8

shodan.io