For a quick way to browse all the screenshots that Shodan collects check out Shodan Images. It is a user-friendly interface around the has_screenshot filter.
The search box at the top uses the same syntax as the main Shodan search engine. It is most useful to use the search box to filter by organization or netblock. However, it can also be used to filter the types of images that are shown.
Image data is gathered from 5 different sources:
- VNC
- Remote Desktop (RDP)
- RTSP
- Webcams
- X Windows
Each image source comes from a different port/ service and therefor has a different banner. This means that if you only want to see images from webcams you could search for:
HTTP
To search for VNC you can search using RFB and for RTSP you simply search with RTSP. Additionally, Shodan uses machine learning to add labels to the screenshots as well as extract the text from the image which is then added to the banner's data property. This means you can search the contents of the images. For example, it can be used to find remote desktop services that have been attacked by ransomware:
The images can also be found using the main Shodan website or Shodan Maps by using the search query has_screenshot:true.
Developer information
The following API method(s) are used:
https://api.shodan.io/shodan/host/search
Other references:
- REST API Documentation: https://developer.shodan.io/api