| A few things as it sounds like you've only had limited exposure to Shodan: We scan 600+ million hostnames per month to be able to detect websites that require a valid SNI. We've been curating our own DNS database for many years for that reason. You can query that information if you're a member/ subscriber (ex: https://beta.shodan.io/domain/ycombinator.com). Only downloading by website is based on single-use tokens. Downloading via the API or command-line interface doesn't require a payment each time - that's why we have subscriptions. And we generally recommend users to download using the renewable query credits: https://help.shodan.io/guides/how-to-download-data-with-api Our Corporate API plan ($899/ month) has unlimited query credits per month. I mean every system out there will be priced based on some factor - for us it's the amount of data you want to download each month. Most companies have 1 functional Shodan account that's subscribed to the API and they then share the API key internally. And doing IP lookups doesn't count towards your search quota as a free user. You can lookup more than 5 IPs per day if you do a direct IP lookup instead of a search. Here's a breakdown of the credit types on Shodan: https://help.shodan.io/the-basics/credit-types-explained Note that we're going to deprecate export credits because it's caused some confusion. They were the first way that I tried to monetize the website (aside from donations) because some security companies asked to download data but it makes more sense to simply have query/ scan credits nowadays. |