Banner
The basic unit of data that Shodan gathers is the banner. The banner is metadata that describes a network service on a device. For example, a web server banner would include the HTTP headers, the robots.txt, sitemap.xml and a list of web technologies that the website uses.
The content of the banner varies greatly depending on the type of service. For example, here is the data property in a typical HTTP banner:
HTTP/1.1 200 OKServer: nginx/1.1.19Date: Sat, 03 Oct 2015 06:09:24 GMTContent-Type: text/html; charset=utf-8Content-Length: 6466Connection: keep-aliveThe above banner shows that the device is running the nginx web server software with a version of 1.1.19. To show how different the banners can look like, here is a banner for the Siemens S7 industrial control system protocol:
Copyright: Original Siemens EquipmentPLC name: S7_TurbineModule type: CPU 313CUnknown (129): Boot Loader AModule: 6ES7 313-5BG04-0AB0 v.0.3Basic Firmware: v.3.3.8Module name: CPU 313CSerial number of module: S Q-D9U083642013Plant identification:Basic Hardware: 6ES7 313-5BG04-0AB0 v.0.3The Siemens S7 protocol returns a completely different banner, this time providing information about the firmware, its serial number and a lot of detailed data to describe the device.
You have to decide what type of service you're interested in when searching in Shodan because the banners vary greatly. For a full breakdown of what a banner can contain please visit the Datapedia:
DNS
In addition to banners, Shodan also has a DNS database (DNSDB) containing forward DNS records (A, AAAA, MX, NS, TXT etc.) for hundreds of millions of domains and constantly refreshes the data. The DNS data is made available via the website, API, CLI and is used internally for the monthly hostname-based scan of the Internet. The DNSDB information is separate from the banner and doesn't include the reverse DNS/ PTR lookups of IPs; the PTR data is stored in the hostnames property on the banner.