🔍

shodan-reconnaissance

Name: shodan-reconnaissance
Author: sickn33

مخاطر منخفضة ⚙️ الأوامر الخارجية🌐 الوصول إلى الشبكة🔑 متغيرات البيئة

Discover Exposed Devices with Shodan

Identify vulnerable services and exposed devices on the internet using Shodan's comprehensive reconnaissance capabilities for penetration testing and security research.

يدعم: Claude Codex Code(CC)

⚠️ 67 ضعيف

تنزيل ZIP المهارة

رفع في Claude

اذهب إلى Settings → Capabilities → Skills → Upload skill

فعّل وابدأ الاستخدام

اختبرها

استخدام "shodan-reconnaissance". shodan host 1.1.1.1

النتيجة المتوقعة:

IP: 1.1.1.1
Hostnames: one.one.one.one
Country: Australia
Organization: Mountain View Communications
Ports: 53/udp, 80/tcp, 443/tcp

استخدام "shodan-reconnaissance". shodan search 'product:nginx country:US'

النتيجة المتوقعة:

Results found: 125,432
Sample IPs:
- 203.0.113.10: 80/tcp (nginx)
- 198.51.100.25: 443/tcp (nginx)

التدقيق الأمني

مخاطر منخفضة

v1 • 2/25/2026

Static analyzer flagged 138 potential issues, but manual evaluation confirms all are false positives. The skill teaches legitimate use of Shodan, a recognized security research tool. Code examples show bash commands (not Ruby execution), placeholder API keys (not real secrets), and public/placeholder IP addresses. Includes explicit authorization requirements. Risk level set to LOW.

الملفات التي تم فحصها

509

الأسطر التي تم تحليلها

النتائج

إجمالي عمليات التدقيق

مشكلات متوسطة المخاطر (4)

SKILL.md:39-510

External Commands - Documentation Examples

Static analyzer flagged shell command examples as Ruby backtick execution. These are bash CLI examples in markdown, not actual code execution. Legitimate documentation for Shodan CLI tool usage.

SKILL.md:268-274

Network - Shodan API Endpoints

Hardcoded URLs detected are legitimate Shodan API endpoints (api.shodan.io). This is expected for a skill teaching official API usage.

SKILL.md:78-493

Network - Placeholder IP Addresses

IP addresses shown are public DNS (1.1.1.1) and RFC 1918 private ranges (192.168.x.x) used as examples. Not actual targets.

SKILL.md:53-500

Environment - Placeholder API Keys

API key references use placeholder 'YOUR_API_KEY' that users must replace with their own key. No real credentials present.

عوامل الخطر

⚙️ الأوامر الخارجية (98)

SKILL.md:39-48 SKILL.md:48-51 SKILL.md:51-59 SKILL.md:59-62 SKILL.md:62-71 SKILL.md:71-76 SKILL.md:76-90 SKILL.md:90-93 SKILL.md:93-99 SKILL.md:99-104 SKILL.md:104-110 SKILL.md:110-113 SKILL.md:113-119 SKILL.md:119-122 SKILL.md:122-129 SKILL.md:129-132 SKILL.md:132-141 SKILL.md:141-144 SKILL.md:144-153 SKILL.md:153-158 SKILL.md:158-164 SKILL.md:164-167 SKILL.md:167-174 SKILL.md:174-177 SKILL.md:177-180 SKILL.md:180-183 SKILL.md:183-192 SKILL.md:192-195 SKILL.md:195-198 SKILL.md:198-201 SKILL.md:201-204 SKILL.md:204-209 SKILL.md:209-218 SKILL.md:218-221 SKILL.md:221-230 SKILL.md:230-233 SKILL.md:233-236 SKILL.md:236-241 SKILL.md:241-250 SKILL.md:250-255 SKILL.md:255-261 SKILL.md:261-266 SKILL.md:266-275 SKILL.md:275-278 SKILL.md:278-295 SKILL.md:295-303 SKILL.md:303-304 SKILL.md:304-305 SKILL.md:305-306 SKILL.md:306-307 SKILL.md:307-308 SKILL.md:308-309 SKILL.md:309-310 SKILL.md:310-311 SKILL.md:311-312 SKILL.md:312-313 SKILL.md:313-321 SKILL.md:321-322 SKILL.md:322-323 SKILL.md:323-324 SKILL.md:324-325 SKILL.md:325-326 SKILL.md:326-327 SKILL.md:327-328 SKILL.md:328-329 SKILL.md:329-330 SKILL.md:330-331 SKILL.md:331-332 SKILL.md:332-333 SKILL.md:333-334 SKILL.md:334-335 SKILL.md:335-341 SKILL.md:341-342 SKILL.md:342-343 SKILL.md:343-344 SKILL.md:344-345 SKILL.md:345-346 SKILL.md:346-347 SKILL.md:347-383 SKILL.md:383-395 SKILL.md:395-398 SKILL.md:398-407 SKILL.md:407-410 SKILL.md:410-422 SKILL.md:422-425 SKILL.md:425-434 SKILL.md:434-437 SKILL.md:437-479 SKILL.md:479-482 SKILL.md:482-494 SKILL.md:494-500 SKILL.md:500 SKILL.md:500-502 SKILL.md:502-503 SKILL.md:503-504 SKILL.md:504-505 SKILL.md:505 SKILL.md:47

🌐 الوصول إلى الشبكة (18)

SKILL.md:268 SKILL.md:271 SKILL.md:274 SKILL.md:78 SKILL.md:81 SKILL.md:95 SKILL.md:159 SKILL.md:160 SKILL.md:211 SKILL.md:214 SKILL.md:217 SKILL.md:271 SKILL.md:290 SKILL.md:343 SKILL.md:484 SKILL.md:487 SKILL.md:490 SKILL.md:493

🔑 متغيرات البيئة (6)

SKILL.md:53 SKILL.md:281 SKILL.md:442 SKILL.md:442 SKILL.md:443 SKILL.md:500

تم تدقيقه بواسطة: claude

درجة الجودة

الهندسة المعمارية

100

قابلية الصيانة

المحتوى

المجتمع

الأمان

الامتثال للمواصفات

ماذا يمكنك بناءه

Penetration Testing Reconnaissance

Use Shodan to discover exposed services and vulnerabilities in target infrastructure during authorized security assessments.

Organization Asset Discovery

Map public-facing assets belonging to target organizations for attack surface analysis.

IoT and Vulnerability Monitoring

Find exposed IoT devices and services vulnerable to known CVEs across the internet.

جرّب هذه الموجهات

Basic Host Lookup

Use the shodan-reconnaissance skill to find information about IP address 1.1.1.1. What services are running and what country is it located in?

Vulnerable Service Discovery

Find all hosts in the US running vulnerable versions of Log4j (CVE-2021-44228) using Shodan search filters.

Organization Reconnaissance

Perform reconnaissance on an organization. Search for all hosts belonging to Google and get statistics on their infrastructure including ports and products.

SSL Certificate Analysis

Find hosts with SSL certificates for example.com domain. Show how to search for expired or self-signed certificates.

أفضل الممارسات

Always obtain written authorization before scanning target networks
Use Shodan credits efficiently by starting with free count queries
Combine multiple search filters to narrow results and find specific vulnerabilities

تجنب

Using Shodan to target systems without authorization is illegal and unethical
Do not rely solely on Shodan data for vulnerability assessment - verify findings manually
Avoid excessive scanning that may trigger rate limits or account suspension

الأسئلة المتكررة

Is Shodan legal to use?

Shodan is a legal security research tool. However, using it to scan or target systems without authorization may violate laws. Always obtain written permission before investigating specific targets.

Do I need a paid Shodan account?

A free account provides limited credits. Paid plans offer more queries and scan credits. Basic searches without filters are free.

Can this skill help me hack systems?

No. This skill provides reconnaissance methodology for authorized security testing. Unauthorized access to computer systems is illegal.

How accurate is Shodan data?

Shodan data may be days or weeks old. On-demand scans provide current data. Always verify critical findings with direct testing.

What are Shodan credits?

Credits are consumed for filtered searches, downloads, and on-demand scans. Basic searches without filters are free. Check your balance with 'shodan info'.

Can I scan private IP ranges?

Shodan crawls public internet. Private IP ranges (RFC 1918) like 192.168.x.x are placeholders in examples. Only public IPs can be scanned.

تفاصيل المطور

المؤلف

sickn33

الترخيص

MIT

المستودع

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/shodan-reconnaissance

مرجع

main

بنية الملفات

📄 SKILL.md