Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/shodan

Name: shodan
Author: aeondave

offensive-tools/recon/shodan/SKILL.md

npx skillsauth add aeondave/malskill shodan

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Shodan CLI

Passive reconnaissance via Shodan — internet-wide host/service discovery without touching targets.

Quick Start

# Initialize with API key
shodan init YOUR_API_KEY

# Search for a service/banner
shodan search "apache 2.4.49"

# Host lookup
shodan host 203.0.113.10

# Account info / credits
shodan info

Core Commands

| Command | Description | |---------|-------------| | shodan search <query> | Search Shodan index | | shodan host <ip> | Detailed host info (open ports, banners, vulns) | | shodan count <query> | Count results (no credits consumed) | | shodan download <file> <query> | Download results to compressed JSON | | shodan parse <file> | Parse downloaded results | | shodan domain <domain> | Domain intelligence | | shodan alert | Manage monitoring alerts | | shodan stats <query> | Statistics for a query | | shodan honeyscore <ip> | Honeypot score (0-1) | | shodan myip | Your public IP |

Search Filters

| Filter | Example | |--------|---------| | hostname: | hostname:example.com | | ip: | ip:1.2.3.0/24 | | org: | org:"Target Corp" | | port: | port:8080 | | product: | product:Apache | | version: | version:2.4.49 | | country: | country:IT | | os: | os:Windows | | vuln: | vuln:CVE-2021-44228 | | http.title: | http.title:"Login" | | html: | html:"admin panel" | | ssl: | ssl:"example.com" | | asn: | asn:AS12345 | | net: | net:192.168.0.0/16 |

Common Workflows

# Find infrastructure for an org
shodan search org:"Target Corp" --fields ip_str,port,product

# Download and parse org results
shodan download results.json.gz org:"Target Corp"
shodan parse --fields ip_str,port,product results.json.gz

# Find exposed login panels
shodan search http.title:"administration" org:"Target"

# CVE-based research
shodan search vuln:CVE-2021-44228

# SSL cert pivot — find all hosts sharing a cert
shodan search ssl:"example.com"

# Count without consuming query credits
shodan count org:"Target Corp"

# Reverse lookup / host details
shodan host 8.8.8.8

Favicon Hash Search

# Get favicon mmh3 hash via httpx
httpx -u https://target.com -favicon
# Outputs: [mmh3:<HASH>]

# Search Shodan for all hosts with same favicon (same product/brand)
shodan search "http.favicon.hash:<HASH>"

Monitor Target (Alerts)

# Create alert for new hosts in an org
shodan alert create "Target Corp Monitor" org:"Target Corp"

# List alerts
shodan alert list

# Download results when triggered
shodan alert download <alert_id>

Resources

| File | When to load | |------|--------------| | references/search-filters.md | Full filter reference, dork recipes, favicon hash lookup, API Python integration |

aeondave/shodan

offensive-tools/recon/shodan/SKILL.md

Auth/lab ref: Shodan CLI for passive internet-wide host and service discovery.

4 stars

tools

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill shodan

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 3:59 AM136.8s2 files scanned

SKILL.md

name:: shodan
description:: Auth/lab ref: Shodan CLI for passive internet-wide host and service discovery.
license:: MIT
compatibility:: Linux, Windows, macOS.
author:: AeonDave
version:: 1.1

Shodan CLI

Passive reconnaissance via Shodan — internet-wide host/service discovery without touching targets.

Quick Start

# Initialize with API key
shodan init YOUR_API_KEY

# Search for a service/banner
shodan search "apache 2.4.49"

# Host lookup
shodan host 203.0.113.10

# Account info / credits
shodan info

Core Commands

Search Filters

Common Workflows

# Find infrastructure for an org
shodan search org:"Target Corp" --fields ip_str,port,product

# Download and parse org results
shodan download results.json.gz org:"Target Corp"
shodan parse --fields ip_str,port,product results.json.gz

# Find exposed login panels
shodan search http.title:"administration" org:"Target"

# CVE-based research
shodan search vuln:CVE-2021-44228

# SSL cert pivot — find all hosts sharing a cert
shodan search ssl:"example.com"

# Count without consuming query credits
shodan count org:"Target Corp"

# Reverse lookup / host details
shodan host 8.8.8.8

Favicon Hash Search

# Get favicon mmh3 hash via httpx
httpx -u https://target.com -favicon
# Outputs: [mmh3:<HASH>]

# Search Shodan for all hosts with same favicon (same product/brand)
shodan search "http.favicon.hash:<HASH>"

Monitor Target (Alerts)

# Create alert for new hosts in an org
shodan alert create "Target Corp Monitor" org:"Target Corp"

# List alerts
shodan alert list

# Download results when triggered
shodan alert download <alert_id>

Resources

| File | When to load | |------|--------------| | references/search-filters.md | Full filter reference, dork recipes, favicon hash lookup, API Python integration |

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/recon/shodan ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT