Skip to main content

​
Shodan integration with Snapsec ASM

The Shodan integration allows Snapsec ASM to automatically enrich your external attack surface with intelligence gathered from Shodan’s global internet scan data. Once connected, ASM can fetch:
  • Open ports and exposed services
  • Service banners & fingerprints
  • Detected technologies
  • Host metadata (ISP, organization, tags)
  • Exposure indicators discovered by Shodan
This provides deeper context for identifying high-risk internet-facing assets.

​
1. Prerequisites

Before enabling the integration, ensure you have:
  • A Shodan API Key
  • An active Snapsec ASM workspace
  • Internet access from the Snapsec backend to api.shodan.io
Shodan API keys can be generated from your Shodan account dashboard under Account β†’ API Keys.

​
2. Enable the Shodan Integration in Snapsec ASM

  1. Navigate to ASM β†’ Integrations.
  2. Locate the Shodan integration tile.
  3. Click Install (or Configure if already added).
A configuration dialog will appear requesting:
  • API Key
  • Optional: request frequency or Shodan lookup limits depending on your plan.
Enter your Shodan API Key, then click Install Now. If valid, the integration status will update to Connected.

​
3. How ASM uses Shodan data

When enabled, ASM performs the following automatically:

​
πŸ” Enriches Discovered Hosts

Whenever ASM finds an external IP or domain, it queries Shodan for:
  • Exposed ports
  • Service versions
  • TLS/SSL info
  • Technology signatures
  • Banner metadata
  • CVE mappings (when available)

​
⚠️ Surface-Level Risk Indicators

Shodan-derived risk attributes include:
  • Services flagged as dangerous (RDP, Telnet, Elasticsearch, etc.)
  • Deprecated protocols
  • Known exploitable service versions

​
πŸ”— Correlation with ASM Exposure Engine

Shodan results are merged with:
  • Snapsec exposure detections
  • Internal scan results
  • DNS + port mapping
  • Asset classification rules
This gives a unified and more accurate risk profile.

​
4. Viewing Shodan Data in Asset Views

Once the integration is active, each IP/domain page may show additional fields:
  • Open Ports (Shodan)
  • Service Banners
  • Technologies Identified
  • ISP & ASN Information
  • Exposed Protocols
  • Risk Signals from Shodan
These appear under the Exposures, Ports, or Technologies sections depending on the data type.

​
5. Troubleshooting

IssuePossible CauseFix
Invalid API keyWrong key or expired Shodan planRegenerate key and retry
No data returnedShodan has not scanned the host yetRetry later or upgrade Shodan plan
Rate limit errorsFree-tier API limit exceededIncrease plan or reduce query frequency

​
Next Steps

Explore ASM Exposures

View enriched exposures, ports, and Shodan-derived risk indicators for your assets.