Kikimora
← all integrations
Shodan

Attack Surface

Shodan

See your infrastructure the way the internet sees it.

✦ built-in

Core platform capability - included with every plan. No third-party account, license, or API key required.

TRY ASKING:

“What does Shodan know about our public IP ranges?”

  • “Which of our public IPs expose a database or admin port to the internet?”
  • “Show the service banners on our domains and flag outdated software versions.”
  • “Compare what is exposed now against last month and highlight what is new.”

Shodan shows what attackers see first. Kikimora queries it conversationally so external exposure checks become a sentence, not a side-quest.

See your external attack surface from one conversation

The capability covers the outside-in view of your infrastructure: what is publicly visible on your IP ranges and domains, which ports are open, the service banners those ports expose, and the software versions an attacker would fingerprint. Because Shodan is passive internet intelligence, you get this picture without running a scan against your own hosts, which makes it a fast, safe first look at where you are exposed. The gap between what you think is public and what actually is tends to be wide. A database port left open during a migration, a staging box that was never meant to face the internet, an old service still answering on a forgotten IP: these are the things Shodan already sees, and the things an attacker checks first. Starting an exposure review from the outside view means you find them before reconciling against your own inventory, not after.

What you can do

  • Look up what’s publicly visible on your IP ranges and domains.
  • Check open ports and exposed service banners.
  • Feed exposure data into triage alongside internal findings.

Things you might ask

  • “What does the internet already know about our public IP ranges, and which ports should not be open?” This is the starting point for attack surface work. Our guide on how to find every internet-facing asset you forgot you had walks through turning these lookups into a real inventory.
  • “Show me exposed services running outdated versions that attackers actively target.”
  • “What changed in our external exposure since last month?”

Shodan is the outside view. Pair it with the built-in Network Scanner integration, which maps the inside of your private networks, so you see exposure from both directions in a single conversation.

Use Shodan - included free Browse all integrations

[ faq ]

Do I need my own Shodan account or API key? +

No. Shodan is built in as a core platform capability. There is no Shodan subscription to buy and no API key to paste. You ask, and the agent queries it for you.

How do I activate it? +

It is included with every plan. Nothing to install or license. You name the IP ranges and domains you want checked and the agent runs the lookups.

Is this scanning my own infrastructure? +

Shodan reflects what is already publicly visible on the internet from the outside. It is passive external intelligence, not an active scan of your hosts, so it shows what attackers can see without touching your systems.

Can I combine it with internal scanning? +

Yes. Shodan gives the outside view; the built-in Network Scanner covers the inside. Together they show exposure from both directions in one conversation.

More in Attack Surface

Network Scanner