Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Understanding the Shodan Exploit Integration

Log in to subscribe to topics and get notified when content changes.

Understanding the Shodan Exploit Integration

The ServiceNow®Shodan Exploit Integration application uses data imported from the Shodan search engine to help you determine the impact and priority of potentially malicious exploits.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, refer to the ServiceNow Store version history release notes.

Shodan Exploit Integration

The Shodan search engine collects exploit data and the Shodan API makes that database available to the Now Platform®. It easily integrates with the ServiceNow® Vulnerability Response application to map exploits to third-party vulnerabilities enriching the exploit data in your instance..

There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

Every day, scheduled jobs invoke the integrations automatically in the order they are listed. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation lifecycle by keeping the instance synchronized with other vulnerability management systems.

Available versions

Release version Release Notes

Shodan Exploit Integration v8.0

Vulnerability Response release notes


Shodan Exploit Integration tasks involve the following roles.
  • sn_vul_shodan.admin: Users with this role can read, write, and delete records.
  • sn_vul_shodan.user: Users with this role can read and write records.
  • Users with this role can read records.

Shodan exploit integrations

To view the Shodan exploit integrations, navigate to Shodan Exploit Integration > Integrations.

The following integrations are included in the base system. These integrations are active by default.

Table 1. Shodan exploit integrations
Integration Description
Shodan ExploitDB Integration Retrieves ExploitDB data from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 03:15:00.
Shodan Metasploit Integration Retrieves Metasploit information from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 01:15:00.

To change the default start time for the scheduled integration imports, see Set Shodan Exploit Integration import time.

To view exploit data in third-party vulnerabilities, see View vulnerability libraries.

Changing other Shodan Exploit Integration settings requires advanced ServiceNow and Vulnerability Response expertise and is beyond the scope of the product documentation.