Shodan Search Examples

Shodan is one of the world’s first search engine for Internet-Connected devices. With the help of Shodan, you can easily discover which of your devices are connected to internet, where they are located and who is using them. Shodan has several servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence.

Shodan also provides a public API that allows other tools to access all of Shodan’s data. Integrations are easily available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many more.

Like Google, Yahoo and Bing, Shodan Search Engine also uses Boolean operators. There are other filter options as well to make the search easy and more specific.

For Registered users, Shodan only shows 50 results and to find out more, you have to subscribe for the paid service. Shodan has several powerful yet easy to use filters which prove handy during vulnerability assessment and penetration testing exercises.

The usage of filters is usually of the form filter:value. Some of the most common basic filters that you can use in Shodan are as follows.

1. Find Apache servers in San Francisco:

apache city:”San Francisco”

Here you can see that, it lists out all the Apache Web Servers in San Francisco region.

2. Find Nginx servers in Australia:

nginx country:”AU”

This dork is one of the most commonly used which lists out the results based on Country, like in above screenshot, we listed out all the Nginx Servers of Australia Country.

3. Find GWS (Google Web Server) servers:

“Server: gws” hostname:”google”

4. Search with CVE ID


As you can see that 2014-0160 is the CVE of Heartbleed Vulnerability which created a havoc in year 2014 and from above screenshot, it seems that there are around 113,693 servers are still vulnerable to this Heartbleed vulnerability.

Also Read: Heartbleed Exploitation with Nmap and Metasploit Framework.

Here are some other basic filters which you can easily use with Shodan:

  • city: find devices in a particular city
  • country: find devices in a particular country
  • geo: you can pass it coordinates
  • hostname: find values that match the hostname
  • net: search based on an IP or /x CIDR
  • os: search based on operating system
  • port: find particular ports that are open
  • before/after: find results within a timeframe

Here are the most popular Filters used by Shodan:

For Webcams –

For Cams –

For Netcam –

For Default Passwords –

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.



Subscribe to Our Newsletter and Get Instant Delivered to Your Email Inbox.

We respect your privacy and take protecting it seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *

one + five =