steampipe plugin install shodansteampipe plugin install shodan

Shodan + Steampipe

Shodan provides host, DNS and exploit information from scanning the Internet.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

For example:

select
  ip,
  port,
  timestamp,
  dns
from
  shodan_host_service
where
  ip = '8.8.8.8'

+---------+------+---------------------+--------------------------------------------------------------------------------+
| ip      | port | timestamp           | dns                                                                            |
+---------+------+---------------------+--------------------------------------------------------------------------------+
| 8.8.8.8 | 53   | 2021-08-06 07:12:16 | {"recursive":true,"resolver_hostname":null,"resolver_id":null,"software":null} |
+---------+------+---------------------+--------------------------------------------------------------------------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest Shodan plugin:

steampipe plugin install shodan

Credentials

Shodan requires an API token for all requests, but offers a free tier. Sign up on the Shodan website to get your free token. It looks like ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U.

Configuration

Connection configurations are defined using HCL in one or more Steampipe config files. Steampipe will load ALL configuration files from ~/.steampipe/config that have a .spc extension. A config file may contain multiple connections.

Installing the latest shodan plugin will create a default connection named shodan in the ~/.steampipe/config/shodan.spc file. You must edit this connection to include your API token:

connection "shodan" {
  plugin  = "shodan"
  api_key = "ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U"
}

Get involved

Open source
Community: Slack Channel

turbot/shodan