Sites with valid SSL certs
ssl:"orgname" 200
Negative search
This is used to specify things you don’t want to be appended to your search
-"content"
An example could be:
ssl:"orgname" 200 -"nosniff"
Look for patterns in html
html:"Dashboard Jenkins"
Search for a specific technology
This example will find all sites that use Bootstrap
http.component:bootstrap
Jenkins:
http.component:"jenkins"
Resources:
- https://twitter.com/shodanhq/status/985964783089233920?lang=en
- https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6
Assets belonging to an organization
org:"Name of Organization"
With a 200 response code:
org:"Name of Organization" 200
Find CVE-2020-3452
org:"Name of Organization" 200 "Set-Cookie: webvpn;"
Resource: https://twitter.com/amanmahendra_/status/1286671418264924160