Understanding the Shodan Exploit Integration

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding the Shodan Exploit Integration

    The ServiceNow® Shodan Exploit Integration application leverages exploit data from the Shodan search engine to help you assess the impact and prioritize potentially malicious exploits within your environment. This integration enriches vulnerability management by linking Shodan’s exploit data to third-party vulnerabilities in the ServiceNow® Vulnerability Response application.

    Show full answer Show less

    Key Features

    • Data Source: Utilizes the Shodan API to import exploit information into the ServiceNow AI Platform®, enhancing visibility into vulnerabilities.
    • Automated Scheduled Jobs: Daily scheduled jobs automatically synchronize exploit data, streamlining vulnerability remediation workflows. You can run these jobs manually if needed.
    • Preconfigured Run-As User: Integrations run under the system user VR.System, which should not be modified to ensure proper operation.
    • Two Core Integrations:
      • Shodan ExploitDB Integration: Retrieves ExploitDB data from Shodan, running daily at 03:15.
      • Shodan Metasploit Integration: Retrieves Metasploit data from Shodan, running daily at 01:15.
    • Role-Based Access Control: Access to Shodan Exploit Integration tasks is controlled via roles:
      • snvulshodan.admin: Full read/write/delete permissions.
      • snvulshodan.user: Read/write permissions.
      • snvulshodan.read: Read-only permissions.
      Persona and granular roles help tailor user and group permissions within Vulnerability Response.
    • Customization: Scheduled import times can be changed, but other configuration adjustments require advanced expertise.

    Key Outcomes

    • Enhanced vulnerability data with up-to-date exploit information, improving risk assessment and prioritization.
    • Streamlined vulnerability remediation through automated synchronization between Shodan data and your Vulnerability Response instance.
    • Granular control over user permissions ensures secure and appropriate access to exploit data.
    • Efficient integration setup with default configurations suitable for most environments, with options to customize import schedules.

    The ServiceNow® Shodan Exploit Integration application uses data imported from the Shodan search engine to help you determine the impact and priority of potentially malicious exploits.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Shodan Exploit Integration

    The Shodan search engine collects exploit data and the Shodan API makes that database available to the ServiceNow AI Platform®. It easily integrates with the ServiceNow® Vulnerability Response application to map exploits to third-party vulnerabilities enriching the exploit data in your instance.

    There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    Every day, scheduled jobs invoke the integrations automatically in the order they are listed. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.

    Available versions

    Release version for Zurich Release Notes

    Shodan Exploit Integration v10.6, 10.7

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

    Roles

    Shodan Exploit Integration tasks involve the following roles.
    • sn_vul_shodan.admin: Users with this role can read, write, and delete records.
    • sn_vul_shodan.user: Users with this role can read and write records.
    • sn_vul_shodan.read: Users with this role can read records.

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    Shodan exploit integrations

    To view the Shodan exploit integrations, navigate to All > Shodan Exploit Integration > Integrations.

    The following integrations are included in the base system. These integrations are active by default.

    Table 1. Shodan exploit integrations
    Integration Description
    Shodan ExploitDB Integration Retrieves ExploitDB data from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 03:15:00.
    Shodan Metasploit Integration Retrieves Metasploit information from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 01:15:00.

    To change the default start time for the scheduled integration imports, see Set Shodan Exploit Integration import time.

    To view exploit data in third-party vulnerabilities, see View Vulnerability Response vulnerability libraries.

    Changing other Shodan Exploit Integration settings requires advanced ServiceNow and Vulnerability Response expertise and is beyond the scope of the product documentation.