Shodan Cheatsheet

Sites with valid SSL certs

ssl:"orgname" 200

Negative search

This is used to specify things you don't want to be appended to your search

-"content"

An example could be:

ssl:"orgname" 200 -"nosniff"

Look for patterns in html

html:"Dashboard Jenkins"

Search for a specific technology

This example will find all sites that use Bootstrap

http.component:bootstrap

Jenkins:

http.component:"jenkins"

Resources:
https://twitter.com/shodanhq/status/985964783089233920?lang=en
https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6

Assets belonging to an organization

org:"Name of Organization"

That also return a 200 response code

org:"Name of Organization" 200

Find CVE-2020-3452

org:"Name of Organization" 200 "Set-Cookie: webvpn;"

Resource: https://twitter.com/amanmahendra_/status/1286671418264924160