Table: shodan_domain - Query Shodan Domains using SQL
Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client. The Shodan Domain is a resource in Shodan that provides information about domain names and the servers they point to.
Table Usage Guide
The shodan_domain table provides insights into domain names and the servers they point to within Shodan. As a network administrator or security analyst, explore domain-specific details through this table, including server metadata, IP addresses, and associated hostnames. Utilize it to uncover information about servers, such as their geographical location, operating system, and open ports, to help in identifying potential security vulnerabilities or infrastructure improvements.
Important Notes
- You must specify the
domainin thewhereclause to query this table.
Examples
Reverse DNS lookup
Analyze the settings to understand the domain configuration for 'steampipe.io'. This can be useful in identifying potential security vulnerabilities or misconfigurations.
select *from shodan_domainwhere domain = 'steampipe.io';select *from shodan_domainwhere domain = 'steampipe.io';Find all A records for the domain and its subdomains
Explore all A records associated with a specific domain and its subdomains. This is useful for understanding the IP addresses linked to a domain, aiding in network mapping and security assessments.
select *from shodan_domainwhere domain = 'github.com' and type = 'A';select *from shodan_domainwhere domain = 'github.com' and type = 'A';Get all records for the domain, without subdomain enumeration
Explore the main records associated with a specific domain, without including any subdomains. This can be useful when you need an overview of the main domain's details, without the potential clutter of subdomain information.
select *from shodan_domainwhere domain = 'github.com' and subdomain is null;select *from shodan_domainwhere domain = 'github.com' and subdomain is null;Schema for shodan_domain
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| domain | text | = | Requested domain. |
| last_seen | timestamp with time zone | Timestamp when the subdomain was last seen. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subdomain | text | The subdomain, which is prepended to the domain name. | |
| type | text | Type of the subdomain (e.g. MX, CNAME, etc). | |
| value | text | Value set for this subdomain. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- shodanYou can pass the configuration to the command with the --config argument:
steampipe_export_shodan --config '<your_config>' shodan_domain