Capability Spec
name: internet-asset-discovery
description: >-
Discover Internet-exposed assets associated with a target organization
using Shodan's search, DNS, and on-demand scanning surface. Useful for
external attack-surface inventories, M&A due diligence, third-party
risk reviews, and adversary infrastructure mapping.
provider: shodan
workflow:
- capability: shodan-rest
operation: getDomainDns
purpose: Enumerate subdomains and DNS history for the target organization's primary domains.
- capability: shodan-rest
operation: resolveHostnames
purpose: Resolve discovered hostnames to IP addresses for further investigation.
- capability: shodan-rest
operation: reverseDnsLookup
purpose: Reverse-resolve candidate IP ranges to find associated hostnames.
- capability: shodan-rest
operation: searchHosts
purpose: Find Internet-exposed services using filters like `org:`, `ssl.cert.subject.cn:`, `hostname:`, and `net:`.
- capability: shodan-rest
operation: createScan
purpose: Submit a targeted on-demand scan of newly discovered IP ranges to capture a fresh banner set.
- capability: shodan-rest
operation: getScan
purpose: Poll on-demand scan status until DONE.
- capability: shodan-rest
operation: getHost
purpose: Pull the full banner record for each discovered host once the scan completes.
- capability: shodan-internetdb
operation: getInternetDbHost
purpose: Cross-check each discovered IP against the free InternetDB for ports, tags, and CVEs.