TriOp is a tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries. Generally, it may be useful to security researchers who wish to use data gathered from Shodan over time as a part of their research (e.g. to show how number of systems exposing remote access protocols to the internet changed as a reaction to new movement restrictions connected to the Covid-19 pandemic) and to CSIRTs, especially national ones, that wish to monitor their constituencies for changes and/or vulnerabilities, but lack the technical tooling that would enable them to periodically scan all of their external IP ranges.

In its most basic mode of operation, TriOp takes a list of searches as an input and displays number of systems, which Shodan sees, which satisfy the search. The outputs may be saved in a CSV, which enables you to monitor “counts” for the same set of searches over time.

TriOp also enables you to quickly generate list(s) of searches from parameters, which are relevant for you (e.g. if you provide a list of searches and a list of countries, the tool will generate a relevant search list for each of the countries).

All that is necessary to use TriOp is a valid API key, which comes with every Shodan.io account (even a free one), and to have Python 3 with the Shodan Python library installed.

The tool may be downloaded from my GitHub page and bellow you may find a short tutorial showing its use in greater detail.

Direct URL: https://www.youtube.com/watch?v=pp9lD58Dc-w