# Number of services vulnerable to Heartbleed
$ shodan count vuln:CVE-2014-0160
This however requires at least a Corporate subscription if you wanted to actually download all IPs on the Internet that are vulnerable:
$ shodan download --limit=0 vuln:CVE-2014-0160
For example, this entire dashboard is generated using a free API key:
I'm really surprised to hear you find our products expensive. Typically we hear the opposite from our customers.
From an individual perspective, download restrictions and payment option flexibility are a pain for me.
Feature request: A lot of sites don't serve meaningful content if you don't visit using the right hostname. If Shodan can discover hostnames based on TLS cert SAN values or retroactively scan newly registered domains, that would provide a lot of value to enterprise customes. For the vuln tag, it would be nice if I didn't have to convince my compnay to buy the product before using it,even testing it on a personal paid account, or a temp free trial?
I mentioned your product was expensive due to the "token" based payment approach where downloading or exporting things for example requires payment each time. If I had just enough free access to do something more than occassional shodan safari or looking up suspicious IPs 5 times a day, perhaps then I would pay for it and feel like your customers. For full access even a $500/month is very cheap but there are limits and the token based approach sounds costly if it is in additon to one time payment.
Last comment: Very gladly surprised to see someone actually working at shodan respond, HN never ceases to surprise. Thank you for putting together this great service to the internet.
We scan 600+ million hostnames per month to be able to detect websites that require a valid SNI. We've been curating our own DNS database for many years for that reason. You can query that information if you're a member/ subscriber (ex: https://beta.shodan.io/domain/ycombinator.com).
Only downloading by website is based on single-use tokens. Downloading via the API or command-line interface doesn't require a payment each time - that's why we have subscriptions. And we generally recommend users to download using the renewable query credits:
Our Corporate API plan ($899/ month) has unlimited query credits per month. I mean every system out there will be priced based on some factor - for us it's the amount of data you want to download each month. Most companies have 1 functional Shodan account that's subscribed to the API and they then share the API key internally.
And doing IP lookups doesn't count towards your search quota as a free user. You can lookup more than 5 IPs per day if you do a direct IP lookup instead of a search.
Here's a breakdown of the credit types on Shodan:
Note that we're going to deprecate export credits because it's caused some confusion. They were the first way that I tried to monetize the website (aside from donations) because some security companies asked to download data but it makes more sense to simply have query/ scan credits nowadays.