Shodan Help Center


Microsoft Copilot Security

Microsoft Copilot Security is a generative AI-powered tool designed to help users track threats, identify compromised links, and gather intelligence using natural language or simple commands. Shodan is one of the plugins that enhances the functionality of Copilot. Below is a guide on how to enable and use Shodan in Microsoft Copilot Security.

Prerequisites

Ensure you have a Copilot for Security account. Follow the quick start guide provided by Microsoft Copilot Security.

Enabling Shodan Plugins

Click on the Copilot for Security plugin icon. You will see a list of plugins, including two for Shodan:

Enable Plugin
  • Shodan InternetDB Plugin: This plugin does not require an API Key from Shodan and can be used at any time. Simply slide to enable it.
  • Shodan Plugin: A full-featured plugin that requires an API Key for setup, which can be obtained through your Shodan Account.

Using Shodan Plugins

1, Shodan InternetDB Plugin:

Once enabled, you can return to the chat prompt and start asking Copilot what IP address you want to check. Note that this plugin is limited to gathering information on IP addresses, such as ports, CPEs, hostnames, vulnerabilities, and tags.

Shodan InternetDB Plugin

Copilot also offers a feature called Direct Skill Invocation, which provides a quick method to identify specific querying skills.

Direct Skill Invocationn

2, Shodan Plugin:

The full Shodan plugin offers a broader range of actions, detailed in the table below.

Skill Name Skill Behavior Example Prompts
CheckShodanHostIP
Required:
  • ip
Optional
  • history
  • minify
 Accepts an IP address (v4 or v6) and provides information about the queried IP, including related country, last updated dates, hostnames, and ISP.
  • Check IP Address 8.8.8.8 using Shodan
  • Use Shodan to check IP address 8.8.8.8
  • What does Shodan say about IP address 8.8.8.8?
GetShodanHostCount
Required:
  • query
Optional
  • facets
 This method behaves identical to GetShodanHostSearch with the only difference that this method does not return any host results, it only returns the total number of results that matched the query and any facet information that was requested. As a result this method does not consume query credits.
  • What does Shodan know about the host count for port:22?
  • Use Shodan to look up the host count for port:22
GetShodanHostSearch
Required:
  • query
Optional
  • facets
 Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.
Requirements:
This method may use API query credits depending on usage. If any of the following criteria are met, your account will be deducted 1 query credit:
  1. The search query contains a filter.
  2. Accessing results past the 1st page using the "page". For every 100 results past the 1st page 1 query credit is deducted.
  • Search for hosts running port:22 using Shodan.
  • Use Shodan to look up the hosts running port:22
GetShodanHostSearchFacets This method returns a list of facets that can be used to get a breakdown of the top values for a property.
  • List all search facets from Shodan records.
  • What are all the Shodan search facets?
GetShodanHostSearchFilters This method returns a list of search filters that can be used in the search query.
  • List all filters that can be used when searching Shodan records.
  • What are the Shodan search filters?
GetShodanHostSearchTokens
Required:
  • query
 This method lets you determine which filters are being used by the query string and what parameters were provided to the filters.
  • Use Shodan to break down Raspbian port:22 into tokens.
  • Get the Shodan host search tokens for Raspbian port:22.
GetShodanPorts This method returns a list of port numbers that the crawlers are looking for.
  • List all ports that Shodan is crawling on the Internet.
  • Get all Shodan ports.
GetShodanProtocols This method returns an object containing all the protocols that can be used when launching an Internet scan.
  • List all protocols that can be used when performing on-demand Internet scans via Shodan.
  • What protocols can be used with Shodan?
GetShodanScans Returns a listing of all the on-demand scans that are currently active on the account.
  • Get list of all the created scans via Shodan.
  • What are all the scans created by Shodan?
GetShodanScansID
Required:
  • id
 Check the progress of a previously submitted scan request. Possible values for the status are:
  • SUBMITTING
  • QUEUE
  • PROCESSING
  • DONE
  • Get the status of the scan request DQdcm6QYgENbGj0R using Shodan.
  • What does Shodan say about the scan request DQdcm6QYgENbGj0R?
GetShodanAlertIDInfo
Required:
  • id
 Returns the information about a specific network alert.
  • Get the details for the network alert 0DC55K0N2HHZS3D1 using Shodan.
  • What does Shodan say about the network alert 0DC55K0N2HHZS3D1?
GetShodanAlertsInfo Returns a listing of all the network alerts that are currently active on the account.
  • Get a list created alerts using Shodan.
  • What are all the created alerts in Shodan?
GetShodanAlertTriggers Returns a list of all the triggers that can be enabled on network alerts.
  • Get a list of available triggers using Shodan.
  • What are all the available triggers in Shodan?

You can interact with Copilot by using prompts to chat or by utilizing the Direct Skill Invocation method to get answers through the Shodan Plugin.

Shodan Plugin