Monitor your public assets via Shodan

Monitor your assets in Shodan

Shodan is a powerful tool for doing passive reconnaissance. It’s also a great source of information that you can put to good use to monitor your publicly available assets. Shodan acts as a search engine (also see: : What is, whatever that is connected to the internet will get indexed by their crawlers.

I wrote a script that takes one parameter (ideally a string) and

  • Fetches the information that is available at Shodan for your query string;
  • Stores the results in a sqlite database;
  • Whenever something news pops up (this can be either a new host or a new port on an existing host) it will alert you by e-mail;
  • Note that ports that are no longer available are not covered and the script does not monitor service banner changes.

It’s available for download at Github via

Configure Shodan Monitor

The configuration is in the script with these settings

  • SHODAN_API_KEY : your Shodan API key
  • MAIL_SUBJECT : the subject of the alert email (the asset change gets added to the subject)
  • MAIL_FROM : the email sender
  • MAIL_RCPT : the email receiver
  • MAIL_SMTP : the mail server
  • SQL_LITE_DB : the name of the sqlite db (defaults to shodan-asset-monitor.db)
  • PRINT_PROGRESS : print status to screen when run (disable for cron-jobs)

Cron job

Ideally you run the script from a cron job, for example every day. Set the configuration option PRINT_PROGRESS to False when running from cron.

If you run the script from cron you might have to change SQL_LITE_DB to an absolute path instead of a relative path. This depends on your cron settings.


Shodan python library

You need the Shodan python library

sudo pip install shodan

Create sqlite database

Before you can run it you need to create the sqlite database.

sqlite3 shodan-asset-monitor.db < shodan-asset-monitor.sql

First run

Obviously, when run from the first time it will generate a lot of alerts (all hosts and ports are new). You can disable mail notifications on the first run by adding a second parameter (‘any’ parameter will do, no specific value). You can make that change permanent by setting NOTIFY_MAIL to False. This will not notify you by e-mail of changes found in Shodan.

Then run the script


The output will indicate if a new asset was found or if an existing host has changed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.