# Shodan
## Overview
The Shodan connector brings internet exposure intelligence into Sola AI, enabling security teams to identify vulnerable or misconfigured assets, monitor their attack surface, and track adversary infrastructure. Use it to enrich investigations by looking up IPs, searching for exposed devices, querying CVE details, and performing DNS lookups directly from Sola.
With the Shodan integration, you can:
* Look up internet-facing assets by IP address, including open ports, running services, SSL details, and geolocation.
* Search Shodan's database for internet-connected devices using advanced query filters.
* Query detailed vulnerability intelligence, including CVE severity scores, EPSS ratings, and affected products.
* Perform DNS and reverse DNS lookups for domains and IP addresses during active investigations.
{% hint style="warning" %}
**Sola can only perform the actions you approve.**
Connectors require explicit permission to access or act on external systems. Permissions are securely managed at the workspace, app, and chat level to ensure control at every step.
{% endhint %}
## Set up Shodan connector integration with Sola
{% columns %}
{% column width="66.66666666666666%" %}
Go to ***Integrations*** > [***Connectors***](https://app.sola.security/integrations/connectors) > click ***New connector*** > select ***Shodan***.
*The Sola wizard will take you through the steps.*
{% endcolumn %}
{% column width="33.33333333333334%" %} Set up Shodan ->
{% endcolumn %}
{% endcolumns %}
### Connect Shodan to Sola
To connect Shodan, you'll need a [Shodan account](https://account.shodan.io/) and an API key.
{% tabs %}
{% tab title="API Token" %}
This method uses a Shodan API key to grant Sola access to your Shodan account.
{% endtab %}
{% endtabs %}
How do I set up a Shodan connector using an API key?
To connect, you'll need a [Shodan account](https://account.shodan.io/).
1. Get your API key
* In your Shodan account, go to ***Account*** > ***API Key***.
* Copy your **API key**.
2. Paste the API key in the Sola wizard.
3. Click **Test Connection** to validate the details and continue.
## Available actions with the Shodan connector
* **IP Lookup** - Look up an IP address including open ports, services, banners, and geolocation.
* **Device Search** - Search Shodan's database of internet-connected devices.
* **DNS Lookup** - Resolve domain names to IPs and perform reverse DNS lookups.
* **CVE Lookup** - Query detailed vulnerability information from Shodan's CVEDB.
* **CPE Lookup** - Search for CPE entries by product name.
* **CVEs by Product** - Search vulnerabilities affecting specific products or CPEs.
## Example prompts
During investigations, you can use the AbuseIPDB connector to:
{% code overflow="wrap" %}
```
Look up on Shodan and tell me what ports and services are exposed
```
{% endcode %}
{% code overflow="wrap" %}
```
Search Shodan for devices running Apache 2.4 in our IP range
```
{% endcode %}
{% code overflow="wrap" %}
```
Look up on Shodan and tell me its severity and affected products
```
{% endcode %}
{% code overflow="wrap" %}
```
Check what hostnames are associated with
```
{% endcode %}
{% code overflow="wrap" %}
```
What does Shodan know about ? Resolve it and check the exposure
```
{% endcode %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.sola.security/integrations/connectors/shodan.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.