This SA includes a search command for the popular Shodan (http://www.shodanhq.com) search engine. It also powers the Hurricane Labs App for Shodan.
March 27, 2017
API key now stored in encrypted credential storage. This change requires the user running the shodan command to be able to decrypt passwords. If the user you'd like to use the app with does not have the "admin_all_objects" role, you will need to give them the "list_storage_passwords" capability.
The Search Add-On for Shodan is a Splunk Search Add-On by Hurricane Labs for interacting with the Shodan REST API.
This app should be installed on a Splunk Search Head. There is a web-based setup screen where you should fill in your Shodan API key.
This command is a generating command, meaning it should be used at the start of your search, like so:
| shodan 127.0.0.1
It supports the full Shodan query syntax.
Please see the file called LICENSE. In addition, this Add-On is bundled with the Requests Python Library, which is distributed under the terms of the license found in the file LICENSE.requests.
Feature requests, bug reports and support questions (provided on a best effort basis only) can be sent to firstname.lastname@example.org
If you're looking for something different than the typical "one-size-fits-all" security mentality, you've come to the right place.