Shodan

Connect Sola and Shodan to monitor your attack surface and enrich security investigations

Overview

The Shodan connector brings internet exposure intelligence into Sola AI, enabling security teams to identify vulnerable or misconfigured assets, monitor their attack surface, and track adversary infrastructure. Use it to enrich investigations by looking up IPs, searching for exposed devices, querying CVE details, and performing DNS lookups directly from Sola.

With the Shodan integration, you can:

Look up internet-facing assets by IP address, including open ports, running services, SSL details, and geolocation.
Search Shodan's database for internet-connected devices using advanced query filters.
Query detailed vulnerability intelligence, including CVE severity scores, EPSS ratings, and affected products.
Perform DNS and reverse DNS lookups for domains and IP addresses during active investigations.

Sola can only perform the actions you approve.

Connectors require explicit permission to access or act on external systems. Permissions are securely managed at the workspace, app, and chat level to ensure control at every step.

Set up Shodan connector integration with Sola

Go to Integrations > Connectors > click New connector > select Shodan.

The Sola wizard will take you through the steps.

Set up Shodan ->

Connect Shodan to Sola

To connect Shodan, you'll need a Shodan account and an API key.

This method uses a Shodan API key to grant Sola access to your Shodan account.

How do I set up a Shodan connector using an API key?

To connect, you'll need a Shodan account.

Get your API key
- In your Shodan account, go to Account > API Key.
- Copy your API key.
Paste the API key in the Sola wizard.
Click Test Connection to validate the details and continue.

Available actions with the Shodan connector

IP Lookup - Look up an IP address including open ports, services, banners, and geolocation.
Device Search - Search Shodan's database of internet-connected devices.
DNS Lookup - Resolve domain names to IPs and perform reverse DNS lookups.
CVE Lookup - Query detailed vulnerability information from Shodan's CVEDB.
CPE Lookup - Search for CPE entries by product name.
CVEs by Product - Search vulnerabilities affecting specific products or CPEs.

Example prompts

During investigations, you can use the AbuseIPDB connector to:

Look up <IP address> on Shodan and tell me what ports and services are exposed

Search Shodan for devices running Apache 2.4 in our IP range

Look up <CVE ID> on Shodan and tell me its severity and affected products

Check what hostnames are associated with <IP address>

What does Shodan know about <domain name>? Resolve it and check the exposure

PreviousAbuseIPDB NextPrompt Library

Last updated 12 days ago

Was this helpful?