This SA includes a search command for the popular Shodan (http://www.shodanhq.com) search engine. It also powers the Hurricane Labs App for Shodan.



Release Notes

Version 2.1.3
March 27, 2017

API key now stored in encrypted credential storage. This change requires the user running the shodan command to be able to decrypt passwords. If the user you'd like to use the app with does not have the "admin_all_objects" role, you will need to give them the "list_storage_passwords" capability.

What is it?

The Search Add-On for Shodan is a Splunk Search Add-On by Hurricane Labs for interacting with the Shodan REST API.

Installation

This app should be installed on a Splunk Search Head. There is a web-based setup screen where you should fill in your Shodan API key.

Usage

This command is a generating command, meaning it should be used at the start of your search, like so:

 | shodan 127.0.0.1

It supports the full Shodan query syntax.

Licensing

Please see the file called LICENSE. In addition, this Add-On is bundled with the Requests Python Library, which is distributed under the terms of the license found in the file LICENSE.requests.

Contacts

Feature requests, bug reports and support questions (provided on a best effort basis only) can be sent to splunk@hurricanelabs.com



Close off Canvas Menu