Real-time status check for Shodan. See if it's just you or everyone experiencing issues.
Shodan is the search engine for internet-connected devices, used by security researchers to find exposed servers, IoT devices, and industrial control systems.
Category: Recon | Website: www.shodan.io
ipconfig /flushdns or sudo systemd-resolve --flush-caches.Shodan is the search engine for internet-connected devices — continuously scans the public internet, indexes responses from every IP address and port, and provides searchable access to that data. Used by security researchers to find exposed services, by attackers for reconnaissance, by defenders for attack-surface monitoring, by journalists for stories about IoT exposure. Shodan's data and APIs are core infrastructure for offensive and defensive security.
When Shodan is down, the impact is felt across multiple workflows: web search interface (interactive queries via shodan.io), API endpoints (programmatic access from scripts and security platforms), monitoring services (Shodan Monitor for alerting on changes to your attack surface), scan-on-demand (paid feature to scan specific IPs immediately). Different components have separate failure modes — the API can be slow or rate-limited while the web UI works, or vice versa.
Shodan does not publish a comprehensive status page. Status verification typically depends on testing reachability directly (this checker), checking the @shodanhq Twitter account for announcements, or community reports on Twitter and Reddit. For Shodan-dependent workflows, the absence of a public status page makes building reliable monitoring harder.
Continuous monitoring of your IP space for unexpected exposures (open services, leaked credentials, expired certificates) — Shodan is one of the standard tools. Outages create monitoring gaps. Have multiple sources (Censys, internal scanning) to reduce single-source dependency.
Shodan is core recon tooling for external pentests — quickly identifies exposed services, technology stacks, geographic distribution. When Shodan is down, switch to alternative sources (Censys, ZoomEye) and direct scanning to maintain recon momentum.
Shodan queries help identify infrastructure matching attacker patterns (specific server signatures, typosquat domains hosting fake login pages, exposed C2 infrastructure). Outages affect hunting timelines but rarely critical-path; threat hunting is typically batch work.
Researchers studying internet-wide patterns (IoT exposure, ICS/SCADA visibility, exposed databases) rely on Shodan data. Outages delay research but rarely critical-path. Have alternative sources documented for reproducibility.
Bug bounty hunters use Shodan to find in-scope assets and identify potentially-vulnerable services. Outages slow enumeration. Backup sources (Censys, in-house scanning of in-scope ranges) maintain momentum during Shodan outages.
Shodan is one source among many. Defenders relying entirely on Shodan miss things Shodan does not see (recently-changed assets, services Shodan misclassifies, geographic regions where Shodan has limited coverage). Use Shodan plus Censys plus internal scanning.
Shodan data has age. The "last seen" timestamp matters — service may have been removed since the scan but Shodan still shows it. For current-state verification, scan the target directly with Nmap or similar.
Shodan's API logs queries to your account. Using your authenticated Shodan account for recon on sensitive targets creates an audit trail. For sensitive engagements, use unauthenticated queries (limited but no audit trail) or alternative sources.
Shodan API has query rate limits and credit-based pricing. Broad queries (port:80) consume quota quickly. Refine queries before running at scale; use search filters to narrow scope.
Shodan continuously scans but specific port/host combinations are not necessarily scanned daily. Time between Shodan scans varies — common ports updated more frequently, obscure ports less often. Understand the data freshness for your specific use case.
Shodan has no comprehensive status page. Twitter is the primary status communication channel. Check @shodanhq and community reports before reporting issues — usually widespread issues are already known.
port:3389 for RDP, product:nginx for nginx servers, country:US for US-located, org:"Company Name" for specific organisation. Combine with boolean operators. The Shodan documentation has full query reference and examples.