Relevant Commands for Shodan

Below are some of the most important filters for using Shodan effectively:

• after: Only show results after the given date (dd/mm/yyyy) – string

• asn: Autonomous system number – string

• before: Only show results before the given date (dd/mm/yyyy) – string

• category: Available categories: ics, malware – string

• city: Name of the city – string

• country: 2-letter country code – string

• geo: Accepts between 2 and 4 parameters.

  • If 2 parameters: latitude, longitude.

  • If 3 parameters: latitude, longitude, range.

  • If 4 parameters: top left latitude, top left longitude, bottom right latitude, bottom right longitude.

• hash: Hash of the data property – integer

• has_ipv6: Indicates if the result has IPv6 support (True/False) – boolean

• has_screenshot: Indicates if the result includes a screenshot (True/False) – boolean

• server: Devices or servers that contain a specific server header flag – string

• hostname: Full host name for the device – string

• ip: Alias for the net filter – string

• isp: ISP managing the netblock – string

• net: Network range in CIDR notation (e.g., 199.4.1.0/24) – string

• org: Organization assigned to the netblock – string

• os: Operating system – string

• port: Port number for the service – integer

• postal: Postal code (US-only) – string

• product: Name of the software/product providing the banner – string

• region: Name of the region/state – string

• state: Alias for the region filter – string

• version: Version of the product – string

• vuln: CVE ID for a vulnerability – string

These filters help refine searches and improve the precision of Shodan queries, making it a powerful tool for cybersecurity professionals and researchers.