Streaming API Documentation

Banners

This stream provides ALL of the data that Shodan collects. Use this stream if you need access to everything and/ or want to store your own Shodan database locally. If you only care about specific ports, please use the Ports stream.

Request URL

https://stream.shodan.io/shodan/banners?key={YOUR_API_KEY}

Sample Response

{"product": "Apache httpd", "timestamp": "2014-01-16T06:12:57.188835", "hostnames": ["67-8-76-154.res.bhn.net"], "org": "Time Warner Cable", "guid": "1124617370:3e3fcade-7e75-11e3-8080-808080808080", "data": "HTTP/1.0 200 OK\r\nDate: Thu, 16 Jan 2014 06:14:06 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 24 May 2011 21:19:29 GMT\r\nETag: \"11ead-e1-4a40c24b13a40\"\r\nAccept-Ranges: bytes\r\nContent-Length: 225\r\nX-Orion-Version: 1.3.1\r\nContent-Type: text/html\r\nContent-Language: en\r\n\r\n", "port": 80, "isp": "Time Warner Cable", "cpe": "a:apache:http_server", "asn": "AS33363", "html": "\n		  \n		 \n				 \n		\n", "location": {"country_code3": "USA", "city": null, "postal_code": null, "longitude": -97.0, "country_code": "US", "latitude": 38.0, "country_name": "United States", "area_code": null, "dma_code": null, "region_code": null}, "ip": 1124617370, "domains": ["bhn.net"], "ip_str": "67.8.76.154", "os": null, "opts": {"whatweb": []}}
{"timestamp": "2014-01-16T06:12:57.192360", "hostnames": ["dslb-146-060-098-226.pools.arcor-ip.net"], "org": "Vodafone DSL", "guid": "2453431010:3e405490-7e75-11e3-8080-808080808080", "data": "SIP/2.0 404 Not Found\r\nVia: SIP/2.0/UDP nm;branch=foo;rport=49692;received=xxx.xxx.xxx.xxx\r\nFrom: ;tag=root\r\nTo: ;tag=C9F9855F4231CE04\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nUser-Agent: AVM FRITZ!Box 7330 SL (UI) 116.05.51 (Sep 16 2013)\r\nContent-Length: 0\r\n\r\n", "port": 5060, "info": "SIP end point; Status: 404 Not Found", "isp": "Vodafone DSL", "asn": "AS3209", "location": {"country_code3": "DEU", "city": null, "postal_code": null, "longitude": 9.0, "country_code": "DE", "latitude": 51.0, "country_name": "Germany", "area_code": null, "dma_code": null, "region_code": null}, "ip": 2453431010, "domains": ["arcor-ip.net"], "ip_str": "146.60.98.226", "os": null, "opts": {}}

Filtered by ASN

This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain ASNs.

Parameters

• asn: [String] Comma-separated list of ASNs; example "3303,32475"

Request URL

https://stream.shodan.io/shodan/asn/3303,32475?key={YOUR_API_KEY}

Sample Response

{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:04.093341", "hostnames": ["cm-188.126.200.80.customer.telag.net"], "org": "TEL-AG CMTS Grimstad", "guid": "3162425424:e4327222-7e78-11e3-8080-808080808080", "data": "\u0005\ufffd\u0000ServerName;WIN-NVAAFR9N703;InstanceName;SQLEXPRESS;IsClustered;No;Version;10.0.1600.22;tcp;49166;np;\\\\WIN-NVAAFR9N703\\pipe\\MSSQL$SQLEXPRESS\\sql\\query;via;WIN-NVAAFR9N703,0:1433;;", "port": 1434, "info": "ServerName: WIN-NVAAFR9N703; TCPPort: 49166", "isp": "TEL-AG AS", "cpe": "o:microsoft:windows", "asn": "AS51135", "version": "10.0.1600.22", "location": {"country_code3": "NOR", "city": "Grimstad", "postal_code": null, "longitude": 8.588600000000014, "country_code": "NO", "latitude": 58.340599999999995, "country_name": "Norway", "area_code": null, "dma_code": null, "region_code": null}, "ip": 3162425424, "domains": ["telag.net"], "ip_str": "188.126.200.80", "os": null, "opts": {}}
{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:11.536314", "hostnames": ["mahendras.securehostdns.com"], "org": "Limestone Networks", "guid": "1066345474:e8a22744-7e78-11e3-8080-808080808080", "data": "\u0005P\u0001ServerName;MAHENDRAS;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;;ServerName;MAHENDRAS;InstanceName;MSSQLSERVER;IsClustered;No;Version;10.50.1600.1;tcp;1533;np;\\\\MAHENDRAS\\pipe\\sql\\query;;ServerName;MAHENDRAS;InstanceName;PROJECT;IsClustered;No;Version;10.0.1600.22;tcp;1433;np;\\\\MAHENDRAS\\pipe\\MSSQL$PROJECT\\sql\\query;;", "port": 1434, "info": "ServerName: MAHENDRAS", "isp": "Limestone Networks", "cpe": "o:microsoft:windows", "asn": "AS46475", "version": "9.00.3042.00", "location": {"country_code3": "USA", "city": "Dallas", "postal_code": "75202", "longitude": -96.8028, "country_code": "US", "latitude": 32.7791, "country_name": "United States", "area_code": 214, "dma_code": 623, "region_code": null}, "ip": 1066345474, "domains": ["securehostdns.com"], "ip_str": "63.143.36.2", "os": null, "opts": {}}

Filtered by Country

This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain countries.

Parameters

• countries: [String] Comma-separated list of countries indicated by their 2 letter code; example "DE,US"

Request URL

https://stream.shodan.io/shodan/countries/DE,US?key={YOUR_API_KEY}

Sample Response

{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:04.093341", "hostnames": ["cm-188.126.200.80.customer.telag.net"], "org": "TEL-AG CMTS Grimstad", "guid": "3162425424:e4327222-7e78-11e3-8080-808080808080", "data": "\u0005\ufffd\u0000ServerName;WIN-NVAAFR9N703;InstanceName;SQLEXPRESS;IsClustered;No;Version;10.0.1600.22;tcp;49166;np;\\\\WIN-NVAAFR9N703\\pipe\\MSSQL$SQLEXPRESS\\sql\\query;via;WIN-NVAAFR9N703,0:1433;;", "port": 1434, "info": "ServerName: WIN-NVAAFR9N703; TCPPort: 49166", "isp": "TEL-AG AS", "cpe": "o:microsoft:windows", "asn": "AS51135", "version": "10.0.1600.22", "location": {"country_code3": "NOR", "city": "Grimstad", "postal_code": null, "longitude": 8.588600000000014, "country_code": "NO", "latitude": 58.340599999999995, "country_name": "Norway", "area_code": null, "dma_code": null, "region_code": null}, "ip": 3162425424, "domains": ["telag.net"], "ip_str": "188.126.200.80", "os": null, "opts": {}}
{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:11.536314", "hostnames": ["mahendras.securehostdns.com"], "org": "Limestone Networks", "guid": "1066345474:e8a22744-7e78-11e3-8080-808080808080", "data": "\u0005P\u0001ServerName;MAHENDRAS;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;;ServerName;MAHENDRAS;InstanceName;MSSQLSERVER;IsClustered;No;Version;10.50.1600.1;tcp;1533;np;\\\\MAHENDRAS\\pipe\\sql\\query;;ServerName;MAHENDRAS;InstanceName;PROJECT;IsClustered;No;Version;10.0.1600.22;tcp;1433;np;\\\\MAHENDRAS\\pipe\\MSSQL$PROJECT\\sql\\query;;", "port": 1434, "info": "ServerName: MAHENDRAS", "isp": "Limestone Networks", "cpe": "o:microsoft:windows", "asn": "AS46475", "version": "9.00.3042.00", "location": {"country_code3": "USA", "city": "Dallas", "postal_code": "75202", "longitude": -96.8028, "country_code": "US", "latitude": 32.7791, "country_name": "United States", "area_code": 214, "dma_code": 623, "region_code": null}, "ip": 1066345474, "domains": ["securehostdns.com"], "ip_str": "63.143.36.2", "os": null, "opts": {}}

Filtered by Ports

Only returns banner data for the list of specified ports. This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in a specific list of ports.

Parameters

• ports: [String] Comma-separated list of ports; example "1434,27017,6379"

Request URL

https://stream.shodan.io/shodan/ports/1434,27017,6379?key={YOUR_API_KEY}

Sample Response

{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:04.093341", "hostnames": ["cm-188.126.200.80.customer.telag.net"], "org": "TEL-AG CMTS Grimstad", "guid": "3162425424:e4327222-7e78-11e3-8080-808080808080", "data": "\u0005\ufffd\u0000ServerName;WIN-NVAAFR9N703;InstanceName;SQLEXPRESS;IsClustered;No;Version;10.0.1600.22;tcp;49166;np;\\\\WIN-NVAAFR9N703\\pipe\\MSSQL$SQLEXPRESS\\sql\\query;via;WIN-NVAAFR9N703,0:1433;;", "port": 1434, "info": "ServerName: WIN-NVAAFR9N703; TCPPort: 49166", "isp": "TEL-AG AS", "cpe": "o:microsoft:windows", "asn": "AS51135", "version": "10.0.1600.22", "location": {"country_code3": "NOR", "city": "Grimstad", "postal_code": null, "longitude": 8.588600000000014, "country_code": "NO", "latitude": 58.340599999999995, "country_name": "Norway", "area_code": null, "dma_code": null, "region_code": null}, "ip": 3162425424, "domains": ["telag.net"], "ip_str": "188.126.200.80", "os": null, "opts": {}}
{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:11.536314", "hostnames": ["mahendras.securehostdns.com"], "org": "Limestone Networks", "guid": "1066345474:e8a22744-7e78-11e3-8080-808080808080", "data": "\u0005P\u0001ServerName;MAHENDRAS;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;;ServerName;MAHENDRAS;InstanceName;MSSQLSERVER;IsClustered;No;Version;10.50.1600.1;tcp;1533;np;\\\\MAHENDRAS\\pipe\\sql\\query;;ServerName;MAHENDRAS;InstanceName;PROJECT;IsClustered;No;Version;10.0.1600.22;tcp;1433;np;\\\\MAHENDRAS\\pipe\\MSSQL$PROJECT\\sql\\query;;", "port": 1434, "info": "ServerName: MAHENDRAS", "isp": "Limestone Networks", "cpe": "o:microsoft:windows", "asn": "AS46475", "version": "9.00.3042.00", "location": {"country_code3": "USA", "city": "Dallas", "postal_code": "75202", "longitude": -96.8028, "country_code": "US", "latitude": 32.7791, "country_name": "United States", "area_code": 214, "dma_code": 623, "region_code": null}, "ip": 1066345474, "domains": ["securehostdns.com"], "ip_str": "63.143.36.2", "os": null, "opts": {}}

All Network Alerts

Subscribe to banners discovered on all IP ranges described in the network alerts.

Request URL

https://stream.shodan.io/shodan/alert?key={YOUR_API_KEY}

Sample Response

{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:04.093341", "hostnames": ["cm-188.126.200.80.customer.telag.net"], "org": "TEL-AG CMTS Grimstad", "guid": "3162425424:e4327222-7e78-11e3-8080-808080808080", "data": "\u0005\ufffd\u0000ServerName;WIN-NVAAFR9N703;InstanceName;SQLEXPRESS;IsClustered;No;Version;10.0.1600.22;tcp;49166;np;\\\\WIN-NVAAFR9N703\\pipe\\MSSQL$SQLEXPRESS\\sql\\query;via;WIN-NVAAFR9N703,0:1433;;", "port": 1434, "info": "ServerName: WIN-NVAAFR9N703; TCPPort: 49166", "isp": "TEL-AG AS", "cpe": "o:microsoft:windows", "asn": "AS51135", "version": "10.0.1600.22", "location": {"country_code3": "NOR", "city": "Grimstad", "postal_code": null, "longitude": 8.588600000000014, "country_code": "NO", "latitude": 58.340599999999995, "country_name": "Norway", "area_code": null, "dma_code": null, "region_code": null}, "ip": 3162425424, "domains": ["telag.net"], "ip_str": "188.126.200.80", "os": null, "opts": {}}
{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:11.536314", "hostnames": ["mahendras.securehostdns.com"], "org": "Limestone Networks", "guid": "1066345474:e8a22744-7e78-11e3-8080-808080808080", "data": "\u0005P\u0001ServerName;MAHENDRAS;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;;ServerName;MAHENDRAS;InstanceName;MSSQLSERVER;IsClustered;No;Version;10.50.1600.1;tcp;1533;np;\\\\MAHENDRAS\\pipe\\sql\\query;;ServerName;MAHENDRAS;InstanceName;PROJECT;IsClustered;No;Version;10.0.1600.22;tcp;1433;np;\\\\MAHENDRAS\\pipe\\MSSQL$PROJECT\\sql\\query;;", "port": 1434, "info": "ServerName: MAHENDRAS", "isp": "Limestone Networks", "cpe": "o:microsoft:windows", "asn": "AS46475", "version": "9.00.3042.00", "location": {"country_code3": "USA", "city": "Dallas", "postal_code": "75202", "longitude": -96.8028, "country_code": "US", "latitude": 32.7791, "country_name": "United States", "area_code": 214, "dma_code": 623, "region_code": null}, "ip": 1066345474, "domains": ["securehostdns.com"], "ip_str": "63.143.36.2", "os": null, "opts": {}}

Filtered by Alert ID

Subscribe to banners discovered on the IP range defined in a specific network alert.

Parameters

• id: [String] The unique ID of the network alert; example "HKVGAIRWD79Z7W2T"

Request URL

https://stream.shodan.io/shodan/alert/HKVGAIRWD79Z7W2T?key={YOUR_API_KEY}

Sample Response

{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:04.093341", "hostnames": ["cm-188.126.200.80.customer.telag.net"], "org": "TEL-AG CMTS Grimstad", "guid": "3162425424:e4327222-7e78-11e3-8080-808080808080", "data": "\u0005\ufffd\u0000ServerName;WIN-NVAAFR9N703;InstanceName;SQLEXPRESS;IsClustered;No;Version;10.0.1600.22;tcp;49166;np;\\\\WIN-NVAAFR9N703\\pipe\\MSSQL$SQLEXPRESS\\sql\\query;via;WIN-NVAAFR9N703,0:1433;;", "port": 1434, "info": "ServerName: WIN-NVAAFR9N703; TCPPort: 49166", "isp": "TEL-AG AS", "cpe": "o:microsoft:windows", "asn": "AS51135", "version": "10.0.1600.22", "location": {"country_code3": "NOR", "city": "Grimstad", "postal_code": null, "longitude": 8.588600000000014, "country_code": "NO", "latitude": 58.340599999999995, "country_name": "Norway", "area_code": null, "dma_code": null, "region_code": null}, "ip": 3162425424, "domains": ["telag.net"], "ip_str": "188.126.200.80", "os": null, "opts": {}}
{"product": "Microsoft SQL Server", "timestamp": "2014-01-16T06:39:11.536314", "hostnames": ["mahendras.securehostdns.com"], "org": "Limestone Networks", "guid": "1066345474:e8a22744-7e78-11e3-8080-808080808080", "data": "\u0005P\u0001ServerName;MAHENDRAS;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;;ServerName;MAHENDRAS;InstanceName;MSSQLSERVER;IsClustered;No;Version;10.50.1600.1;tcp;1533;np;\\\\MAHENDRAS\\pipe\\sql\\query;;ServerName;MAHENDRAS;InstanceName;PROJECT;IsClustered;No;Version;10.0.1600.22;tcp;1433;np;\\\\MAHENDRAS\\pipe\\MSSQL$PROJECT\\sql\\query;;", "port": 1434, "info": "ServerName: MAHENDRAS", "isp": "Limestone Networks", "cpe": "o:microsoft:windows", "asn": "AS46475", "version": "9.00.3042.00", "location": {"country_code3": "USA", "city": "Dallas", "postal_code": "75202", "longitude": -96.8028, "country_code": "US", "latitude": 32.7791, "country_name": "United States", "area_code": 214, "dma_code": 623, "region_code": null}, "ip": 1066345474, "domains": ["securehostdns.com"], "ip_str": "63.143.36.2", "os": null, "opts": {}}