
Shodan Dojo – Learning Shodan through katas - geeklord
https://github.com/ninoseki/shodan-dojo
======
badrabbit
Shodan is very expensive to get do anything useful with. How do people manage?
Some searches are restricted to enterprise users, paying is not enough. There
is a chinese alternative I haven't tried much called zoomeye:
[https://www.zoomeye.org/](https://www.zoomeye.org/)

~~~
achillean
I'm obviously biased but I think it's extremely affordable. It's a one-time
payment of $49 (i.e. no subscription) to get access to most features,
including the ability to have network monitoring for up to 16 IPs
([https://monitor.shodan.io](https://monitor.shodan.io)). The data itself is
the same across all of our products. Enterprise customers can simply download
more of it and the only 2 filters that are restricted are "vuln" and "tag".
Note that you can still use those filters to get the number of results for a
query - you just can't download the actual list of IPs. I.e. you can do the
following for free:

# Number of services vulnerable to Heartbleed

$ shodan count vuln:CVE-2014-0160

This however requires at least a Corporate subscription if you wanted to
actually download all IPs on the Internet that are vulnerable:

$ shodan download --limit=0 vuln:CVE-2014-0160

For example, this entire dashboard is generated using a free API key:

[https://exposure.shodan.io](https://exposure.shodan.io)

I'm really surprised to hear you find our products expensive. Typically we
hear the opposite from our customers.

~~~
badrabbit
You have to understand, if I am using shodan for day to day purposes, the free
option is very limiting (censys has similar limitations). Now consider
something like VirusTotal, their limits are structured in a way that allows
everyday human usage for free except if you want their more useful features
you pay at minimum a $600/month. If I can make better use of it for free, I
can justify contacting your sales for a POC/consultation, but right now I can
do a handful ofql queries a day and something like 5 pages of results even
with an account. If I create a query that shows something I can't share it
with non-members, I have to use screen shots or dumb down the query.

From an individual perspective, download restrictions and payment option
flexibility are a pain for me.

Feature request: A lot of sites don't serve meaningful content if you don't
visit using the right hostname. If Shodan can discover hostnames based on TLS
cert SAN values or retroactively scan newly registered domains, that would
provide a lot of value to enterprise customes. For the vuln tag, it would be
nice if I didn't have to convince my compnay to buy the product before using
it,even testing it on a personal paid account, or a temp free trial?

I mentioned your product was expensive due to the "token" based payment
approach where downloading or exporting things for example requires payment
each time. If I had just enough free access to do something more than
occassional shodan safari or looking up suspicious IPs 5 times a day, perhaps
then I would pay for it and feel like your customers. For full access even a
$500/month is very cheap but there are limits and the token based approach
sounds costly if it is in additon to one time payment.

Last comment: Very gladly surprised to see someone actually working at shodan
respond, HN never ceases to surprise. Thank you for putting together this
great service to the internet.

~~~
achillean
A few things as it sounds like you've only had limited exposure to Shodan:

We scan 600+ million hostnames per month to be able to detect websites that
require a valid SNI. We've been curating our own DNS database for many years
for that reason. You can query that information if you're a member/ subscriber
(ex:
[https://beta.shodan.io/domain/ycombinator.com](https://beta.shodan.io/domain/ycombinator.com)).

Only downloading by website is based on single-use tokens. Downloading via the
API or command-line interface doesn't require a payment each time - that's why
we have subscriptions. And we generally recommend users to download using the
renewable query credits:

[https://help.shodan.io/guides/how-to-download-data-with-
api](https://help.shodan.io/guides/how-to-download-data-with-api)

Our Corporate API plan ($899/ month) has unlimited query credits per month. I
mean every system out there will be priced based on some factor - for us it's
the amount of data you want to download each month. Most companies have 1
functional Shodan account that's subscribed to the API and they then share the
API key internally.

And doing IP lookups doesn't count towards your search quota as a free user.
You can lookup more than 5 IPs per day if you do a direct IP lookup instead of
a search.

Here's a breakdown of the credit types on Shodan:

[https://help.shodan.io/the-basics/credit-types-
explained](https://help.shodan.io/the-basics/credit-types-explained)

Note that we're going to deprecate export credits because it's caused some
confusion. They were the first way that I tried to monetize the website (aside
from donations) because some security companies asked to download data but it
makes more sense to simply have query/ scan credits nowadays.

