On it’s initial release, Shodan search refine capabilities include country, hostname, ip-range (removed), port, service-version and header part specifications. Although the majority of the indexed results include web server data, it can be used already for other services too. Some examples:

• List of telnet enabled hosts in Greece
• List of apache servers running version 2.2.3
• List of cisco routers with web interface
  

The results of this Service can be used for malicious activities. With automated queries, exploiters could find in seconds vulnerable versions or legacy unpatched machines, botnets could find easier possibly vulnerable hosts or spammers could gather old/unpatched SMTP servers. On the other side, as a side effect, it may can help administrators to identify a possible  vulnerability/security hole in their systems.

Shodan can be compared with the capability of forming specific queries to known search engines like Google. One difference is, Google can show data indexed from web page content while Shodan is more like a portscan utility, such us nmap, caching the results.

The service raises some ethical arguments and some discussions about its legality. Although it does not serve anything more that it is not already “in plain view”, port scanning can be considered illegal as they are not “authorized” connections to the hosts.