Shodan Reconnaissance and Pentesting

Purpose

Provide systematic methodologies for leveraging Shodan as a reconnaissance tool during penetration testing engagements. This skill covers the Shodan web interface, command-line interface (CLI), REST API, search filters, on-demand scanning, and network monitoring capabilities for discovering exposed services, vulnerable systems, and IoT devices.

Inputs / Prerequisites

• Shodan Account: Free or paid account at shodan.io
• API Key: Obtained from Shodan account dashboard
• Target Information: IP addresses, domains, or network ranges to investigate
• Shodan CLI: Python-based command-line tool installed
• Authorization: Written permission for reconnaissance on target networks

Outputs / Deliverables

• Asset Inventory: List of discovered hosts, ports, and services
• Vulnerability Report: Identified CVEs and exposed vulnerable services
• Banner Data: Service banners revealing software versions
• Network Mapping: Geographic and organizational distribution of assets
• Screenshot Gallery: Visual reconnaissance of exposed interfaces
• Exported Data: JSON/CSV files for further analysis

Core Workflow

🧠 Knowledge Modules (Fractal Skills)

1. 1. Setup and Configuration

2. 2. Basic Host Reconnaissance

3. 3. Search Queries

4. 4. Search Filters Reference

5. 5. On-Demand Scanning

6. 6. Statistics and Analysis

7. 7. Network Monitoring

8. 8. REST API Usage

9. Essential CLI Commands

10. Common Search Queries

11. Useful Filter Combinations

12. Credit System

13. Operational Boundaries

14. Data Freshness

15. Legal Requirements

16. Example 1: Organization Reconnaissance

17. Example 2: Vulnerable Service Discovery

18. Example 3: IoT Device Discovery

19. Example 4: SSL/TLS Certificate Analysis

20. Example 5: Python Automation Script

21. Example 6: Network Range Assessment