Shodan is very expensive to get do anything useful with. How do people manage? Some searches are restricted to enterprise users, paying is not enough. There is a chinese alternative I haven't tried much called zoomeye: https://www.zoomeye.org/
I'm obviously biased but I think it's extremely affordable. It's a one-time payment of $49 (i.e. no subscription) to get access to most features, including the ability to have network monitoring for up to 16 IPs (https://monitor.shodan.io). The data itself is the same across all of our products. Enterprise customers can simply download more of it and the only 2 filters that are restricted are "vuln" and "tag". Note that you can still use those filters to get the number of results for a query - you just can't download the actual list of IPs. I.e. you can do the following for free:
# Number of services vulnerable to Heartbleed
$ shodan count vuln:CVE-2014-0160
This however requires at least a Corporate subscription if you wanted to actually download all IPs on the Internet that are vulnerable:
$ shodan download --limit=0 vuln:CVE-2014-0160
For example, this entire dashboard is generated using a free API key:
You have to understand, if I am using shodan for day to day purposes, the free option is very limiting (censys has similar limitations). Now consider something like VirusTotal, their limits are structured in a way that allows everyday human usage for free except if you want their more useful features you pay at minimum a $600/month. If I can make better use of it for free, I can justify contacting your sales for a POC/consultation, but right now I can do a handful ofql queries a day and something like 5 pages of results even with an account. If I create a query that shows something I can't share it with non-members, I have to use screen shots or dumb down the query.
From an individual perspective, download restrictions and payment option flexibility are a pain for me.
Feature request: A lot of sites don't serve meaningful content if you don't visit using the right hostname. If Shodan can discover hostnames based on TLS cert SAN values or retroactively scan newly registered domains, that would provide a lot of value to enterprise customes. For the vuln tag, it would be nice if I didn't have to convince my compnay to buy the product before using it,even testing it on a personal paid account, or a temp free trial?
I mentioned your product was expensive due to the "token" based payment approach where downloading or exporting things for example requires payment each time. If I had just enough free access to do something more than occassional shodan safari or looking up suspicious IPs 5 times a day, perhaps then I would pay for it and feel like your customers. For full access even a $500/month is very cheap but there are limits and the token based approach sounds costly if it is in additon to one time payment.
Last comment: Very gladly surprised to see someone actually working at shodan respond, HN never ceases to surprise. Thank you for putting together this great service to the internet.
A few things as it sounds like you've only had limited exposure to Shodan:
We scan 600+ million hostnames per month to be able to detect websites that require a valid SNI. We've been curating our own DNS database for many years for that reason. You can query that information if you're a member/ subscriber (ex: https://beta.shodan.io/domain/ycombinator.com).
Only downloading by website is based on single-use tokens. Downloading via the API or command-line interface doesn't require a payment each time - that's why we have subscriptions. And we generally recommend users to download using the renewable query credits:
Our Corporate API plan ($899/ month) has unlimited query credits per month. I mean every system out there will be priced based on some factor - for us it's the amount of data you want to download each month. Most companies have 1 functional Shodan account that's subscribed to the API and they then share the API key internally.
And doing IP lookups doesn't count towards your search quota as a free user. You can lookup more than 5 IPs per day if you do a direct IP lookup instead of a search.
Note that we're going to deprecate export credits because it's caused some confusion. They were the first way that I tried to monetize the website (aside from donations) because some security companies asked to download data but it makes more sense to simply have query/ scan credits nowadays.
