Shodan Transforms – Maltego

Shodan Transforms – Maltego

Shodan is a search engine that gathers data from internet-connected devices. These connected devices are queried for various types of publicly available information. The types of devices that are indexed vary tremendously and range from small desktop computers to nuclear power plants, and everything in between. Shodan queries go far beyond what the traditional web search engines can provide as Shodan crawls the internet – whereas traditional search engines crawl the World Wide Web. The devices powering the World Wide Web only make up a tiny fraction of internet connections and Shodan aims to provide a complete picture.

How to run a basic scan

Step 1:

Search for Shodan under the Home tab, in the Transform Hub.

Click Install

Step 2:

Input API Key, if you don’t have one you can sign up at https://account.shodan.io/register for one.

Step 3:

Create a New Graph (CTRL + T)

Select IPv4 Address under Entity Palette, drag to the graph and input the address you want to scan.

For this scan we will use IP Address 74.207.243.85

Step 4:

Right click the Entity and beside Shodan click the Double Arrow to run All Transforms.

Input API Keys/Credentials if prompted.

Step 5:

Analyze the graph, and run more scans if needed

We can see lots of information here including a domain linode.com. Lets see if we can get more information about this website.

Step 6:

We can run The Transform Shodan >> IP Details to get the IP of linode.com

Then use Shodan >> All Details on the IP Address 74.14.191.202

Here we can see open ports 22, 80 and 443 on IP Address 74.14.191.202 and information about the tags, banner info, hashes..

If we want more information we can run All Transforms under Shodan on the selected IP address 74.14.191.202.

The scan returned some information about where the IP is located.