steampipe plugin install shodan

Table: shodan_service - Query Shodan Service using SQL

Shodan is a search engine for internet-connected devices. It provides information on devices connected to the internet, including their location, operating system, software, and vulnerabilities. Shodan's service banners provide a snapshot of a device's state at the time it was indexed, including details about the server software and available services.

Table Usage Guide

The shodan_service table provides insights into services indexed by Shodan. As a security analyst, explore service-specific details through this table, including service banners, server software, and available services. Utilize it to uncover information about potential vulnerabilities, the state of the device at the time it was indexed, and the location of internet-connected devices.

Examples

List the services

Analyze the settings to understand the arrangement of services based on their port numbers. This allows you to pinpoint the specific locations where services are operating, aiding in network management and security.

select
*
from
shodan_service
order by
port;
select
*
from
shodan_service
order by
port;

Find the service for a port

Identify the specific service operating on a given port number. This is useful for understanding what software is running on your network and can help with network management and security.

select
*
from
shodan_service
where
port = 5432;
select
*
from
shodan_service
where
port = 5432;

Get information about the Puppet service

Explore which services are associated with Puppet, a configuration management tool. This query is useful in identifying instances where Puppet is being used, which can aid in network management and security audits.

select
*
from
shodan_service
where
name ilike '%puppet%';
select
*
from
shodan_service
where
name like '%puppet%';

Schema for shodan_service

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
nametextName of the service (e.g. postgresql).
portbigintPort of the service (e.g. 5432).
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- shodan

You can pass the configuration to the command with the --config argument:

steampipe_export_shodan --config '<your_config>' shodan_service