Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

Using Shodan.IO to map an organisation’s external facing assets is a great way to see what devices and systems are publicly visible and accessible.

To get started, enter the organisation’s name or IP address into the search bar on Shodan.IO. Once the results are populated, you can explore the different devices and systems that are visible.


Use to passively map an organisation’s external facing assets.

Create a spreadsheet to record suspicious, dangerous or vulnerable assets identified. Your spreadsheet should include information such as:

  1. Identification Date
  2. Target Organisation
  3. Third Party Integration Organisation
  4. IP address
  5. Hostname
  6. Open Port
  7. Service Running on Open Port
  8. Additional Service Information
Open chat
Hello 👋.
Tell me, how can I help you?