Querying Shodan to obtain target information
Shodan is a search engine for Internet-connected devices. It is a useful source of information where we can find port and banner information of remote targets. One of the advantages is that we don't even need to send a single packet directly to the target to obtain juicy host information, including port number, protocol, and service banner.
In this recipe, you will learn how to use Shodan to obtain port and version information from a remote host with Nmap.
Getting ready
The NSE script shodan-api
needs an API key before it can be used. Shodan offers a free developer API that you can obtain from
Make sure that you have your Shodan API key at hand before continuing.
How to do it...
To obtain host information of a remote target from Shodan, use the following command:
$nmap -sn -Pn -n --script shodan-api --script-args shodan-api.apikey=<ShodanAPI KEY> <target>
The results will contain all the host information available...