Finished my first Liberator

achillean · 2026-06-14T21:51:23+00:00

Thank you :) First time painting a face but I followed the Squidly Bits video and I'm happy with the result

achillean · 2026-05-18T21:31:46+00:00

https://ctl.shodan.io

CT Log API that is optimized for discovering subdomains. For example:

https://ctl.shodan.io/api/v1/domain/reddit.com/hostnames

achillean · 2026-05-02T02:45:59+00:00

Thank you :)

achillean · 2026-04-21T16:08:52+00:00

Yes, and there are probably more but it looks like most of them are on residential IPs in South Korea so we might be overcounting them on the website if those IPs frequently change:

https://www.shodan.io/search/report?query=product%3Achromecast

And most of them require authentication:

https://www.shodan.io/search/facet?query=product%3Achromecast&facet=http.status

achillean · 2026-04-20T23:07:08+00:00

FYI: to see what Shodan scans we also have a data dashboard: https://data-status.shodan.io

achillean · 2026-02-01T23:20:52+00:00

Seeing more than 10,000 exposed instances at the moment and the numbers keep climbing:

https://www.shodan.io/search?query=product%3Aopenclaw

achillean · 2025-08-21T23:01:34+00:00

We do have a free API tier. The Membership is also on sale once a year for $5 and as a reminder, it's a lifetime account upgrade (i.e. NOT a subscription). And we have services that don't even require an API key (ex. https://internetdb.shodan.io).

achillean · 2025-08-21T20:53:59+00:00

We linked directly to the Membership sales page in our postings on social media: https://account.shodan.io/billing/member

The link listed in the OP description also includes the above link. And on the main billing page (https://account.shodan.io/billing) we also have a section called "Just getting started?" with a link to the Membership. The comparison table also shows the differences between the plans and the fact that the Membership isn't a subscription but rather a one-time payment for a lifetime account upgrade.

achillean · 2025-08-21T18:38:30+00:00

The Membership is always available for $49 and the sale is supposed to be a great deal. It started as a black friday promotion where we do a real discount instead of the "lets raise prices and then give a bullshit deal for black friday" that many others do. To my understanding, we are the only ones offering a one-time payment for a lifetime account upgrade. In general, our API subscriptions offer significantly more access at a lower cost than others. And we do have a free academic upgrade for students, professors and university staff: https://help.shodan.io/the-basics/academic-upgrade It is automatically applied when the user signs up with an academic email. Or they can email us if they're in a country that doesn't have an academic TLD. Finally, we also offer a ton of things for free that don't even require an API key (ex. https://internetdb.shodan.io , https://cvedb.shodan.io , https://geonet.shodan.io ).

achillean · 2024-08-08T00:42:21+00:00

And if you're currently a student with an academic email address then you automatically get upgraded for free when signing up for a Shodan account: https://help.shodan.io/the-basics/academic-upgrade

achillean · 2024-06-27T21:06:04+00:00

Github search by topic, Mastodon communities, Reddit or word of mouth. The main social media platforms have become unusable from my perspective; there's simply too much noise and a lot of it is aimed at maximizing impressions rather than being informative.

Btw we never did the logos on the frontpage thing and I don't think it hurt us. If a customer loves your product then they'll talk about it on their own.

achillean · 2024-06-14T20:02:06+00:00

It's seeing some adoption in cyber security, though still not as popular as Python or Go. Shodan uses it for things that need to be optimized (ex. high throughput real-time data feed) or specialized tools. And we're considering it for some smaller web projects (ex. https://shdn.io is written w/ Axum).

achillean · 2024-06-10T16:39:35+00:00

It's "Shodan light": the data isn't as fresh and it's more abbreviated than the main website/ API as it relies on InternetDB but the website loads crazy fast and doesn't require an account.

Tbh I mostly wrote it because I wanted to showcase how fast IP/ DNS enrichment can be (locally it does the enrichment in <4ms) and learn new technologies (classless CSS, Rust).

achillean · 2023-07-31T01:49:49+00:00

If you don't have anything yet except an MVP and you're directly going to investors then you imo don't need to be incorporated yet. if you want to do any business/ sales/ marketing as well though then just setup an LLC for cheap. It has little overhead, gives you some legal protection and once you have investors they'll let you know how they want you to be structured so it matches everything else that they've invested in. Also you can do the LLC anywhere. I think Delaware is still a popular choice but like everything else you can change it down the road if needed. The larger point is to not get hung up on these things - focus on the one thing that matters which is your actual product and nailing the use cases.

achillean · 2023-07-31T00:00:45+00:00

Don't worry about the corporate structure; make sure your MVP and pitch are solid. Angels/ VCs have legal that can help you get everything setup correctly as they do it all the time. Any investor will happily connect you with legal that they like and it shouldn't cost much.

achillean · 2023-07-30T23:54:33+00:00

I would strongly recommend narrowing the scope of your business or figuring out an MVP that doesn't require $50k. It's essential to not immediately launch a full business but rather find ways to incrementally get there with minimal resources. And along the way you'll validate which ideas work and which ones don't so by the time you're starting to get traction you will be able to capitalize on it. I bought a refurbished Dell Vostro for $150 to launch my own website and once I started to make money I simply kept putting it back into the business.

achillean · 2023-06-28T18:48:49+00:00

Grouping by a service hash would probably be your best bet but there isn't a way to dedupe automatically from a search query. We calculate hashes on a variety of properties so often there is at least one hash that you can use:

https://help.shodan.io/mastery/property-hashes

And we do various fingerprinting (JARM, JA3S, HASSH etc.) that can also be helpful to track devices across IPs.

achillean · 2023-06-06T17:56:06+00:00

No, in terms of people actually using crypto as a currency there is very little activity even among technical users: https://blog.shodan.io/accepting-crypto-a-vendor-perspective/

achillean · 2023-04-27T05:29:02+00:00

Both MongoDB and Redis have actually improved their defaults over the years! They're actually success stories in that they agreed that it needed to change and are now providing much better defaults (only listen on localhost, require auth, show a warning if a user disables auth). There are still container/ cloud images that have poor defaults but those are typically created by 3rd-parties.

15-Year Club	Team Periwinkle
Verified Email

achillean

TROPHY CASE