Skip to main content
← back to extensions

Shodan

@dougschaefer/shodanv2026.06.16.1· 1d agoMODELSWORKFLOWS
01README

Query the Shodan internet-wide scan database to find and profile internet-exposed devices. Single API key resolved from vault. Read the account plan and remaining credits, run searches that return trimmed device records (IP, org, product, location, open port, CVEs) with facet rollups, count results without spending query credits, pull the full banner history for one IP, do keyless InternetDB lookups (ports, CPEs, tags, CVEs), and request on-demand scans of IPs you own. Built for AV/IoT exposure recon.

02Release Notes

Initial release: Shodan OSINT model + shodan-av-recon workflow for AV/IoT exposure recon.

03Models1
@dougschaefer/shodanv2026.06.16.1shodan/shodan.ts
fn accountInfo()
Report the Shodan plan and remaining query/scan credits. Read-only; validates the API key.
fn search(query: string, city?: string, country?: string, facets?: string, page: number, limit: number)
Run a Shodan search and return trimmed device records plus optional facet rollups. Spends one query credit per page of 100 results.
ArgumentTypeDescription
querystringShodan search query, e.g. product:"Crestron" or "AMX NetLinx"
city?stringOptional city filter to append
country?stringOptional 2-letter country code filter to append
facets?stringComma-separated facets for rollups, e.g. country,org,product
pagenumberResult page (100 per page)
limitnumberCap the number of device records returned (1-100)
fn count(query: string, city?: string, country?: string, facets?: string)
Return the total number of results for a Shodan query plus facet rollups, WITHOUT spending query credits. Ideal for 'how many exposed worldwide' stats.
ArgumentTypeDescription
querystringShodan search query
city?stringOptional city filter to append
country?stringOptional 2-letter country code filter to append
facets?stringComma-separated facets for rollups, e.g. country,org,product,port
fn host(ip: string, history: boolean)
Pull the full Shodan profile for one IP address: open ports, services/banners, hostnames, and known CVEs. Read-only.
ArgumentTypeDescription
ipstringIP address to look up
historybooleanInclude historical banners
fn internetdb(ip: string)
Keyless InternetDB lookup for one IP: open ports, CPEs, hostnames, tags, and known CVEs. No API key or query credits used.
ArgumentTypeDescription
ipstringIP address to look up
fn requestScan(ips: string)
Ask Shodan to scan IP addresses ON DEMAND. ACTIVE: spends scan credits and only use against IPs you are authorized to scan. Pass a comma-separated list of IPs or CIDR ranges.
ArgumentTypeDescription
ipsstringComma-separated IPs or CIDR ranges to scan

Resources

account(1d)— Shodan plan and remaining query/scan credits
searchResult(7d)— Trimmed Shodan search results with optional facet rollups
countResult(7d)— Shodan result count + facets (does not spend query credits)
host(7d)— Full Shodan profile for a single IP address
internetdb(7d)— Keyless InternetDB summary for a single IP (ports, CPEs, CVEs, tags)
scanRequest(30d)— Result of requesting an on-demand Shodan scan (spends scan credits)
04Workflows1
@dougschaefer/shodan-av-reconb10917df-caba-4040-843c-7768616ec3b2

One-command Shodan reconnaissance run for internet-exposed AV/IoT gear. Confirms the account and remaining credits, counts how many matching devices are exposed worldwide (free, no query credits) with facet rollups, then pulls a trimmed page of the actual devices. Scope it with an optional city/country. Passive OSINT only: it reads Shodan's index and never touches the devices. Steps run sequentially because they share one model instance and would otherwise contend on the per-model lock.

reconConfirm credits, count exposure, then list exposed devices
1.account${{ inputs.instance }}.accountInfo— Confirm the account is reachable and show remaining credits
2.count${{ inputs.instance }}.count— Count matching exposed devices with facet rollups (no query credits)
3.search${{ inputs.instance }}.search— Pull a trimmed page of the actual exposed devices
05Stats
A
100 / 100
Downloads
0
Archive size
14.2 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/dougschaefer6/swamp-shodan
06Platforms
07Labels
#shodan#osint#attack-surface#exposure#reconnaissance#iot#av#security#rest#workflow