Filters


Much like Google and other search engines, SHODAN also lets you use boolean operators ('+', '-' and '|') to include/ exclude certain terms. By default, every search term has a '+' operator assigned to it.

In addition to boolean operators, there are special filters to narrow down the search results.

General

All filters have the format 'filter:value' and can be added anywhere in the search query. Notice that there's no space before or after the ':'.

» city

Use the 'city' filter to find devices located in the given city. It's best combined with the 'country' filter to make sure you get the city in the country you want (city names are not always unique).

Examples:



» country

The 'country' filter is used to narrow results down by... country. It's useful for when you want to find computers running in a specific country.

Examples:



» geo

The 'geo' filter allows you to find devices that are within a certain radius of the given latitude and longitude. The filter accepts either 2 or 3 arguments. The optional third argument is the radius in kilometers within to search for computers (default: 5).

Examples:



» hostname

The 'hostname' filter lets you search for hosts that contain the value in their hostname.

Examples:



» net

The 'net' filter provides a mechanism for limiting the search results to a specific IP or subnet. It uses CIDR notation to designate the subnet range. Here are a few examples:

Examples:



» os

The 'os' filter is used to search for specific operating systems. Common possible values are: windows, linux and cisco.

Examples:



» port

The 'port' filter is used to narrow the search to specific services. Possible values are:

  • 21 (FTP)
  • 22 (SSH)
  • 23 (Telnet)
  • 25 (SMTP)
  • 53 (DNS)
  • 80 (HTTP)
  • 81 (HTTP)
  • 110 (POP3)
  • 119 (NNTP)
  • 137 (NetBIOS)
  • 143 (IMAP)
  • 161 (SNMP)
  • 443 (HTTPS)
  • 445 (SMB)
  • 465 (SMTP)
  • 623 (IPMI)
  • 993 (IMAP + SSL)
  • 995 (POP3 + SSL)
  • 1023 (Telnet)
  • 1434 (MS-SQL)
  • 1900 (UPnP)
  • 2323 (Telnet)
  • 3306 (MySQL)
  • 3389 (RDP)
  • 5000 (Synology)
  • 5001 (Synology)
  • 5432 (PostgreSQL)
  • 5560 (Oracle)
  • 5632 (PC Anywhere)
  • 5900 (VNC)
  • 6379 (Redis)
  • 7777 (Oracle)
  • 8000 (Qconn)
  • 8080 (HTTP)
  • 8129 (Snapstream)
  • 8443 (HTTPS)
  • 9200 (ElasticSearch)
  • 11211 (MemCache)
  • 27017 (MongoDB)
  • 28017 (MongoDB Web)

Examples:



» before/ after

The 'before' and 'after' filters let you search only for data that was collected before or after the given date. Acceptable date formats are:

day/month/year
day-month-year

Examples: