Skip to content
Shodan Book

Nmap

Introduction

This guide will help you use the Shodan API through Nmap to discover information about devices connected to the internet. Shodan is like a search engine for internet-connected devices, and this integration allows you to enhance your Nmap scans with Shodan's extensive database.

Prerequisites

  • Nmap installed on your computer
  • You'll need a Shodan API key. You can get one by signing up on the Shodan website. A free tier is available, but paid plans offer more credits and capabilities.

Usage

The shodan-api script for Nmap allows you to query Shodan's database about IP addresses you're scanning.

Running a Basic Scan

Here's how to run a basic scan:

Terminal window
nmap --script shodan-api --script-args shodan-api.apikey=YOUR_API_KEY_HERE TARGET_IP

Replace:

  • YOUR_API_KEY_HERE with your actual Shodan API key
  • TARGET_IP with the IP address you want to scan (e.g., 8.8.8.8)

Saving Results to a File

To save your scan results to a file:

Terminal window
nmap --script shodan-api --script-args shodan-api.apikey=YOUR_API_KEY_HERE,shodan-api.outfile=results.csv TARGET_IP

The shodan-api.outfile=results.csv part saves the output to a file named "results.csv".

Scanning Multiple IPs

You can scan multiple IP addresses:

Terminal window
nmap --script shodan-api --script-args shodan-api.apikey=YOUR_API_KEY_HERE 8.8.8.8 8.8.4.4

Or scan a range:

Terminal window
nmap --script shodan-api --script-args shodan-api.apikey=YOUR_API_KEY_HERE 192.168.1.1-10

Examples

1. Basic lookup of a single IP

Terminal window
nmap --script shodan-api --script-args shodan-api.apikey=ABC123DEF456GHI789JKL 8.8.8.8

Sample output:

Starting Nmap 7.80 ( https://nmap.org ) at 2025-05-03 10:03 PDT
Nmap scan report for 1.1.1.1
Host is up.


Host script results:
| shodan-api: Report for 1.1.1.1 (one.one.one.one)
| PORT  PROTO  PRODUCT     VERSION
| 53    tcp
| 53    udp
| 80    tcp    CloudFlare
| 161   udp    MikroTik
| 443   tcp    CloudFlare
| 2052  tcp
| 2082  tcp
| 2083  tcp
| 2086  tcp
| 2087  tcp
| 2095  tcp
| 8080  tcp    CloudFlare
| 8443  tcp    CloudFlare
|_8880  tcp    CloudFlare


Post-scan script results:
|_shodan-api: Shodan done: 1 hosts up.
Nmap done: 1 IP address (1 host up) scanned in 1.23 seconds

2. Scanning your own public IP

To find out what information Shodan has about your own IP address:

  1. First find your public IP by visiting Shodan MyIP

  2. Then run the scan on your IP:

    Terminal window
    nmap --script shodan-api --script-args shodan-api.apikey=YOUR_API_KEY_HERE YOUR_PUBLIC_IP