Some enterprises block Shodan from crawling their network, and Shodan honors such requests. However, attackers don't need Shodan to find vulnerable devices connected to your network. Blocking Shodan might save you from momentary embarrassment, but it is unlikely to improve your security posture.
It works by scanning the entire Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.
Only one keyword searching for "default password" will reveal a multitude of system control devices and printers, the server uses "admin" as the username and "1234" as the main password. Many networked systems don't even have passwords - all you need is a web browser to connect them.
Here are the basic search filters you can use:
- city: find devices in a particular city
- country: find devices in a particular country
- geo: you can pass it coordinates
- hostname: find values that match the hostname
- net: search based on an IP or /x CIDR
- os: search based on operating system
- port: find particular ports that are open
- before/after: find results within a timeframe
Source: hackers-arise
