Learn how powerful and versatile a tool Shodan can be for the OSINT process.

Introduction to Shodan

Shodan is a web application search engine that indexes nearly every device directly connected to the internet. Therefore, it’s a no-brainer that it’s used also as an OSINT tool in the penetration of web application frameworks. Shodan works like other search engines, such as Google, that help in indexing information that’s searched by different users across the internet. However, Shodan scans for every available port on the internet instead of just scanning for websites. This means it looks for every available IP address trying to identify whether it’s open and available. It can be used to check for open webcams, vulnerable websites, insecure satellites, and much more.

Note: For extensive use of Shodan, both in the pentesting field and in practice, it’s always good to use a VPN and exercise caution. There are numerous honeypots waiting to trap beginners.

Get hands-on with 1200+ tech skills courses.