Phantom + Shodan for Internet Connected Devices

We’re in the final two weeks of the Phantom Playbook & App Contest, so the early entries are coming in for review.

The contest has been a great way to invest in the community.  It’s also been fun to watch people collaborate and develop their ideas into Phantom Playbooks and Apps.

Today, we’re sharing a great entry built around Shodan, the first search engine for internet connected devices.  Kudos to Ryan Kranz for his work!  You can find the Phantom Playbook and App for Shodan here:

shodan logo

Ryan even suggested a few use cases with his entry.  Users can check whether or not an IP address is listening to specific ports. This allows them to gain information that is: credible, publicly accessible, and does not require a single packet to be sent to the target IP address.

For Example:

  • For alerts about an inbound connection, Phantom can validate whether or not the service is publicly accessible.
  • For alerts regarding outbound connections (irc, smtp, ntp, etc.) the App can be used to verify whether or not the host is hosting the service and which service is listening on the port.
  • Users can also perform reconnaissance on internet hosts.

It’s a great example of what you can do with Phantom. You don’t have to take Ryan’s word for it (or mine).  See for yourself.  Join the contest or just sign-up for the free Community Edition of our product.  Here are a few links to help:

The contest runs through the end of May.  Interested in participating?  (get info & register)  When you register, you’ll automatically get a Community Edition account.

Just want to skip the contest and get access to the Community Edition?  (get Phantom)  Once you have an account, sign in to the portal and click “Learn” on the menu.  You’ll see full documentation, the knowledgebase and helpful videos.

Building a Phantom Playbook or App and have questions?  Sourabh Satish (our CTO) holds “Office Hours” to help.  Simply send an email to  He has opened his calendar daily from noon – 12:30 PDT… first come, first serve.  You can also join our Slack channel by sending an email request to Sourabh.

Have you been to a Phantom Tech Session?  We host them every two weeks.  Check out the recorded sessions that focus on App Development (Part 1 and Part 2).

Hope to see you in the Community!

CP Morey
VP, Products & Marketing

About Phantom:
Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: