This SA includes a search command for the popular Shodan ( search engine. It also powers the Hurricane Labs App for Shodan.

Release Notes

Version 2.1.3
March 27, 2017

API key now stored in encrypted credential storage. This change requires the user running the shodan command to be able to decrypt passwords. If the user you'd like to use the app with does not have the "admin_all_objects" role, you will need to give them the "list_storage_passwords" capability.

What is it?

The Search Add-On for Shodan is a Splunk Search Add-On by Hurricane Labs for interacting with the Shodan REST API.


This app should be installed on a Splunk Search Head. There is a web-based setup screen where you should fill in your Shodan API key.


This command is a generating command, meaning it should be used at the start of your search, like so:

 | shodan

It supports the full Shodan query syntax.


Please see the file called LICENSE. In addition, this Add-On is bundled with the Requests Python Library, which is distributed under the terms of the license found in the file LICENSE.requests.


Feature requests, bug reports and support questions (provided on a best effort basis only) can be sent to

Close off Canvas Menu