I was searching some query on Shodan and was getting lots of Honeypots and i wanted to filter out all the result which are honeypot, i tried adding -honeypot but still it showed results with honeypot, what am i doing wrong? Help will be appreciated. Thanks
Asked
Active
Viewed 2,897 times
2 Answers
1
To remove honeypots from the search results you can add -tag:honeypot to the search query. Note that this requires a Corporate subscription.
If you just add -honeypot then you are excluding results where the banner's data property doesn't include the word honeypot. For more information about the search query syntax please visit:
https://help.shodan.io/the-basics/search-query-fundamentals
You need to use search filters to narrow results based on a specific property. A list of available filters is available at:
achillean
- 520
- 4
- 10
-1
You do not need pay for an Enterprise subscription. Make this filter in shodan web:
- Add the filter after your pattern search
-"792/71644" - In the API terminal type this:
shodan search <your pattern search> | egrep -v "792/71644" - obs: this number is in all honeypot expressions and it is removed with this filter.
I hope aid by by *:
Jeremy Caney
- 7,102
- 69
- 48
- 77
-
I added some formatting to aid in readability and to ensure that all characters are displayed correctly. But I'm still having trouble following. Can you tell us more about that number? – Jeremy Caney Jul 05 '21 at 00:14
-
It's a way to filter for a specific type of honeypot. If you search for that number string you can see that some honeypot software always includes that string in the HTTP headers of its response: https://www.shodan.io/search?query=%22792%2F71644%22 However, there are a LOT more honeypots than just that one. If you know that only that specific honeypot will be in the results then you can exclude it using that number but otherwise it won't work. Oh, and the "tag" filter only requires a Corporate subscription - not an enterprise account. – achillean Aug 04 '21 at 21:32