IP Information
You can enter an IP address into the search bar to see all information that Shodan has for the IP. The IP information page has 3 tabs:
- Regular view
- Raw Data
- Timeline
Regular View
The regular view includes the high-level information about an IP address, including the open ports, vulnerabilities, web technologies and other IP-related information. There are a few conveniences available on the page:
Web Technologies
If the IP is running websites then Shodan automatically extracts the known web technologies that the website uses and shows them on the page:
You can click on any of the technologies to launch a search to find more services that run the technology.
Vulnerabilities
Vulnerability information is shown both on the left side of the page where it’s presented as a long list and it’s available on a per-port basis:
The IP information page lets you sort by CVSS or date and filter based on port.
Pivot by Hash
Click on the green i icon to get a breakdown of hashes that are available for the banner. These hashes can be used to find more services that are identical to the one you’re currently looking at.
Copy to Clipboard
Click on the IP or a port to copy it to the clipboard:
Raw Data View
The Raw Data tab shows the full banner data that the crawlers have collected for each port:
Protocol-specific properties are highlighted:
And any values that are underlined can be clicked on to search for more services that have that value.
Timeline View
The Timeline view shows the most recent 1,000 banners that have been collected within the past 90 days sorted by timestamp. It helps you see how services have changed recently and can sometimes also provide insights into the deployment of the service. For example, if Shodan crawled the same Nginx web server and the IP timeline shows different Nginx versions within the past 24 hours then there’s a high likelyhood that the service is getting load balanced across multiple Nginx servers, some of which are running different versions.
