” There are libraries to enable your use of the API via Python, Ruby, PHP, C#, Go, Haskell, Java, Node. OPEN TERMINAL AND TYPE msfconsole. The Shodan API also allows to download the found exploits but for security reasons I don't have implemented this feature. memcachedump - Use your Shodan API Key to dump all the contents of exposed memcached servers. com) so you will need an API key. OK, I Understand. The Shodan API allows developers to access search engine data. Signing up for the API keys is the least fun and most time consuming part of the setup. MPT1327 Trunked Radio networks, such as the Belgium/Netherlands Entropia, can be tracked and monitored. IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. 07 credits) are required. I'm using Shodan's API through the Anaconda Terminal on Windows 10 to get data against the query below, but after a few seconds of running, the ETA timer freezes, and my network activity drops to zero. Get for free at: Shodan API page Installation The Maltego add-ons for Shodan have 2 parts:entities and transforms. We're the trusted source for IP address information, handling 12 billion IP geolocation API requests per month for over 1,000 businesses and 100,000+ developers. Established in and founded in 2000 by Chief Instructor, Ramlan Ortega Kyoshi, 6th Dan Aikido registered with Aikido Shudokan International. At the moment, the shodan CLI supports 6 commands. Between September and December 2019, Unit 42 researchers periodically scanned and collected metadata from Docker hosts exposed to the internet (largely due to inadvertent user errors) and this research reveals some of the tactics and techniques used by attackers in the compromised Docker engines. If a ViewDNS API key parameter ( -viewdns-key KEY) is passed, domain historical data will also be. It's free to create an account, which will also give you an API key for use with Shodan's command-line tool. Optional Async Support. Commercial licensing (eg. You can find descriptions of key and application types here. Shodan crawls the entire Internet at least once a month, but if you want to request Shodan to scan a network immediately you can do so using the on-demand scanning capabilities of the API. com! Code examples. To identify which cloud services and container platforms were exposed to the public Internet, Unit 42 used Shodan to highlight the ease of identification of these services. There are also premium accounts that allow you to export data to use in offline or independent research. Signing up for the API keys is the least fun and most time consuming part of the setup. 返回查询结果的数量:shodan count SSH. The Shodan API allows developers to access search engine data. Google lets you search for websites, Shodan lets you search for devices. (including the API key). This method accepts an HTTP POST request and returns a response indicating a url's status in our database. 关于shodan的安装和使用,传送门——> 渗透测试之Shodan的安装和使用常用Shodan库函数shodan. com work for. API Keys: Shodan API keys are free with limitations for any user on the Shodan website and registration is completely free. This is a quick post mostly for refreshing my memory in the future. All API endpoints are hosted at https://censys. 注意:需要你有Shodan的API keys,可以在maltgo进行Shodan的使用,API keys在你登陆Shodan账户时候是可以获得的。. This API key can be retrieved by navigating to the "My Account" section of the Shodan website, linked at the upper right of the homepage or simply by opening account. You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. io in order to discover exposed services all over the Internet. You can find everything using …. I am just starting to think about how api keys and secret keys work. Already @pry0cc created a topic which shows you the usage of this script. query (string) - Shodan search query. Shodan(key) :初始化连接API Shodan. Tools like Shodan scan the internet looking for active connections, and try to banner-grab on common ports, looking for details like server versions, operating system versions, etc for a long list of protocols like telnet, http, ssh, smtp, vnc, remote desktop (often with screenshots of the remote system, disturbing often unauthenticated. SHODAN is particularly. io in the dark from scanning Update 2017-10-21: If you would like to know how I detect the IPs and want to run your own aggregator see my new article. Where does the data come from? We collect all of the data ourselves from a big network of constantly shifting servers in hundreds of data centers across the Internet. key (string) - SHODAN API key. shodan-hq-nse is an nmap nse script to query the Shodan API and passively get information about hosts. API Keys: Shodan API keys are free with limitations for any user on the Shodan website and registration is completely free. Shodan periodi-cally scans the IP space and records the historical scan data. Returns the number of results for a search query. If a ViewDNS API key parameter ( -viewdns-key KEY) is passed, domain historical data will also be. And as a bonus it also lets you search for exploits using the Shodan Exploits REST API. It is an array reference containing strings and hash references. The Shodan Exploit Integration assumes that you are familiar with the Shodan search engine and API. import shodan api = shodan. AutoSploit now prompts you for your API keys from Shodan and Censys. Python len() The len() function returns the number of items (length) in an object. Shodan的使用者曾发现过一个水上公园的控制系统,一个加油站,甚至一个酒店的葡萄酒冷却器。而网站的研究者也曾使用Shodan定位到了核电站的指挥和控制系统及一个粒子回旋加速器。 Shodan真正值得注意的能力就是能找到几乎所有和互联网相关联的东西。. The next argument is facets , and will be a list of properties on which to summarize. The good guys have the upper hand for a change. Subscribe to the newsletter. Shodan is a search service that helps users to find Internet of Things interfaces, conduct market research, and monitor business security. If you've ever spent any time with the Logs & Monitor area of Smartconsole, there usually comes the time where a lookup of an IP address is needed. Bu API key’in en güzel özelliği Maltego, NMAP ve benzeri uygulamalarda kullanabilmemizdir. Check what plugins are configured with harpoon config -c. Initialize the CLI using your Shodan API key: shodan init API_KEY. An API key is mandatory to use this service, so one is hardcoded. di HWS | Pubblicato 15 Maggio, 2017-Aggiornato 3 Novembre, 2017-con dimensione 1353 × 605 in InstaRecon. Step 3 - Calling the Shodan API with Python In order to use Python to make requests using the Shodan API, we'll need to have a functional Python environment as well as the Shodan Python module installed. Interestingly, the Metasploit Framework has a capability to integrate with Shodan to fire search queries right from msfconsole. You can also search any website/IP address simply enter the your target name and as you see below it will show the details of the target. Shodan Cheat Sheet less than 1 minute read Shodan's a search engine which helps find systems on the internet. Shodan is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc. shodan - The official Python library for the Shodan search engine¶ This is the official Python wrapper around both the Shodan REST API as well as the experimental Streaming API. Our API-first approach means that you always have modern easy-to-use APIs that allow you to get up and running with powerful business data in under 5 minutes. The output from the module is displayed on the screen, which you can save to a file or to the MSF database. We use cookies for various purposes including analytics. Browse The Most Popular 29 Shodan Open Source Projects. It ultimately relies on Shodan to find the exposed cameras in the first place (those running the tool need to have a Shodan account with an API key). For example, the following search query would find. Shodan is a search engine that provides a search for connected devices on the Internet. You can also set the SHODAN_API_KEY environment variable instead of passing the API key as an argument when creating a client. Test $ shodan info $ shodan myip. Shodan Eye Ethical Hacking Tool. Después de iniciar Recon-ng se utiliza el comando “keys-list” para listas las llaves API configuradas en Recon-ng. nse file itself. Once you have created your Shodan account, select My Account in the top right corner (or navigate to https://account. io API key parameter ( -shodan-key KEY) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration). Is a really simple tool, but very effective for the early stages of a penetration test or just to know. On creating an account on Shodan, an API key is generated from the URL https://account. com and Ask. alert The alert command provides you the ability to create, list, clear and remove network alerts. To request an API key, please see the Farsight Security Getting Started page. How to do it To obtain host information of a remote target from Shodan, use the following command:. Automate Everything. Once that's done, install the library via the cheeseshop using:. Оно нужно для работы некоторых полезных программ, его могут попросить у вас при приеме в корпорацию (например в нашу). To run the script save as "export-hosts. Some have also described it as. Before you can run the Shodan Exploit Integration in your instance, download and install it from the ServiceNow Store. The example below is of a quick IIS search. When I search for words as an Example, I do not get these errors. It’s been 3. [email protected]:~# shodan init [API_Key] #请使用自己账号的API Key Successfully initialized count 返回查询的结果数量。 [email protected]:~# shodan count nginx 1. Debo decir, que no estoy seguro de que la API de Shodan este disponible para Python 3, yo estoy usando la versión 2. Un video con ejemplos de uso : El codigo :. More Shodan. The following are code examples for showing how to use shodan. The DNSDB API is provided over an encrypted HTTPS transport over the Internet at the following URL:. Google lets you search for websites, Shodan lets you search for devices. Suppose we want to search for AXIS devices, we compile the search form and launch the query: including a map showing the geolocation using Mapbox API (omitted in the next image). Shodan API Key The shodan. Nmap - the Network Mapper. Getting Started. A modern, async Ruby gem for Shodan, the world's first search engine for Internet-connected devices. Stores specific hosts in the database for scanning later. io, and it can be used for fingerprinting and deep information about IoT based devices. Shodan API client. This module uses the Shodan API to search Shodan. Retrieve your API from Shodan and enter it here. Malicious Host Intelligence This tool is used to collect various intelligence sources for hosts. Alternatively, you can write your own tool. 點選右上角Show API Key,之後會顯示個人帳號的API Key 2. This tool is not API-driven, so it can be queried directly by recon-ng without the need for an API key. If you like this video, please hit the like button and subscribe to my channel for more videos. To use all of the different transform options (or you can stick with the free options) you can simply click on settings in the transform hub after installing to add your API key. Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. There is not a proper documentation on how to supply the the Shodan API key but after reading the source code, you need to supply the key at discovery/shodansearch. Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. API Keys: Shodan API keys are free with limitations for any user on the Shodan website and registration is completely free. 쇼단의 API 는 기본 API 와 RESTAPI 와 Streamming API 세 개로 나뉘고, 각각 사용 용도가 다르다. Por suerte instituciones como SAN ofrecen listados actualizados que pueden servir para bloquear / engañar a shodan. Shodan(SHODAN_API_KEY) Note: the library is working for both python 2 and 3 but we’ll use only python 3 as python 2 is deprecated. The Shodan API also allows to download the found exploits but for security reasons I don't have implemented this feature. The shodan sensor platform is displaying the total of result of a Shodan query. Can be very useful service for researchers and big companies. With API v7, discover improved query performance for your results. CVE-2018-1000115. 點選右上角Show API Key,之後會顯示個人帳號的API Key 2. ” There are libraries to enable your use of the API via Python, Ruby, PHP, C#, Go, Haskell, Java, Node. 在使用api前,还需要去shodan上注册一个个人账户,然后拿到你的API Key: 之后就可以愉快的写脚本啦~ 对于Shodan模块在这里我不进行太详细的介绍,只要知道使用该模块的时候需要先把手里的API作为参数传入后利用. 8') After python shodan. To run the map locally install the Shodan CLI: pip install shodan. Google lets you search for websites, Shodan lets you search for devices. Shodan(SHODAN_API_KEY). DEFCON 25 - RECON VILLAGE INTRIGUE IS…. Shodan Eye tool collects all information about all devices that are directly connected to the internet with the specified keywords that you enter. xml file ssh Get the SSH banner, its host key and fingerprint portmap-udp Get a list of processes that are running and their ports. If you need more, you may sign up for billing in the API Console. argv) == 1: print 'Usage: %s ' % sys. The free version limits the viewable results to 100 per query; paid versions (requiring a monthly subscribtion fee) have fewer limitations. Get Nmap: Network Exploration and Security Auditing Cookbook - Second Edition now with O'Reilly online learning. Generating Shodan API Key. AlternativeTo is a free service that helps you find better alternatives to the products you love and hate. Shodan(SHODAN_API_KEY) 用您从Shodan网站检索到的API密钥替换“在此处插入您的API密钥”,留下引号将字段包含在内。. Shodan Exploit Search, iPhone App, Wireless Database, & More by grecs • September 20, 2012 • 7 Comments Beyond our previous post earlier this week about Shodan, where we covered its basic search capabilities , we also found a number of interesting tidbits on their site that we thought we’d pass along. setg SHODAN_APIKEY YourAPIKey save. It's a great resource to provide passive reconnaissance on a target or as a measuring tool for how widespread a configuration or device is. io API key parameter ( -shodan-key KEY) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration). # shodan -h. It is worth noting that the syntax of the query differs from that of Shodan. ) connected to the internet using a variety of filters. which was a key target of the Stuxnet attack -- can include They used the Shodan API and more than 700. Key Features. A modern, async Ruby gem for Shodan, the world's first search engine for Internet-connected devices. The API provides access to all of the search features, allowing you to get exactly the information you want. If you just want the block list continue with this article. Otherwise you need to do that on your own by providing the page parameter to the search() method. Skip to content. It can anything. Nmap - the Network Mapper. It's also a great source of information that you can put to good. Shodan Search Operators. IP lookup from favicon using Shodan. 2 Install Sodan. Shodan Eye Ethical Hacking Tool Release Before we start the year 2020, today there is a new big release. Many SpiderFoot modules require API keys to function to their fullest extent (or at all), so you will need to go to each service and obtain an API key where you feel that having such a key would add value to your scans. If you like this video, please hit the like button and subscribe to my channel for more videos. The Shodan API enables you to request and receive data from the search engine directly, automating some of your security operations. This module uses the Shodan API to search Shodan. keys add shodan_api insert shodan api key here >. Use this key to authenticate your Bing Maps application as described in the documentation for the Bing Maps API you are. A particularly useful feature of Shodan is that you don't need to open a web browser to use it if you know your API Key. io in order to discover exposed services all over the Internet. This resource is just an intro to what Shodan is and how to do the basics to what Shodan is and how to do the basics. Step 4: Explore. How to Monitor a Network in Real-Time. theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). Some of the images within the repository contained a Shodan script that identified potential targets for further distribution. Using your API key, this application allows you to explore data gathered by Shodan. Recon-ng has a look and feel and even command flow similar to the Metasploit Framework. Command Overview. Stream that provides access to the Streaming API. Using your API key, this. Queries Shodan API for given targets and produces similar output to a -sV nmap scan. IP lookup from favicon using Shodan. Shodan is a search engine for Internet-connected devices. Explore Memcached. 649 has realised a new security note Memcached 1. Get unlimited public & private packages + team-based management with npm Teams. io in order to discover exposed services all over the Internet. Shodan is a search service that helps users to find Internet of Things interfaces, conduct market research, and monitor business security. io/) then make note of API Key. Search operators are only available to registered users. For the full list of acceptable key/value pairs, consult the Shodan REST API Documentation. com) I decided that it was a perfect opportunity to utilise my AutomateAPI to get decent, actionable information out of the Shodan API. Using your API key, this application allows you to explore data gathered by Shodan. Para el paciente, nos sintonizamos la próxima semana. How to Incorporate Shodan into Kali Linux Go back to your Shodan account page and copy your API Key. Data mining capabilities. Using the Streaming API, you get the raw access to potentially all the data that ends up in the Shodan search engine. (There are +108000 on Shodan as of today. Read a Shodan JSON file and print out the full host information. TrunkView is an MPT1327 protocol decoder, used in a single radio setup without the need for a discriminator output. The provided string is used to search the database of banners in Shodan, with the. shodan - lunch it, 2. ⚫使用shodan指令前,要先輸入API Key shodan init 35 ⚫兩種方式取得API Key 1. 點選右上角Show API Key,之後會顯示個人帳號的API Key 2. Some have also described it as a public port scan directory or a search engine of banners. And when i was stuck at a point, the original developer ( Andrew Aksyonoff, shodan [at] shodan. Search for specific terms or any popular queries and start browsing connected devices. Key Features. This is a quick script written for sorting and categorizing Shodan API keys acquired via scraping the internet. But Why Metabigor? Don't use your API key so you don't have to worry about litmit of API quotation. [--shodan-api-key SHODAN_API_KEY] DATABASE positional arguments: DATABASE The path to the intelligence database to use. Installation This app should be installed on a Splunk Search Head. A quick guide on setting up network alerts using the Shodan command-line interface. Search for specific. Shodan(SHODAN_API_KEY). hostnames (string) - Comma-separated list of hostnames, example "google. 6 Stars out of 5. Following are the API's which we are using in this tool for a time being. Implemented VPN client and server using openssl cryptography api. To perform more advanced searches using Shodan, we can apply search operators. 2 Terminal & Search Like Mr Robot Show. The limitations of the free API key are as follows: Only the first 100 results per query; Advanced keywords can only be used one at a time (ie you cannot search for a dns name within a particular country). Shodan('inserted my API-KEY- within single quotes') info = api. html - MY_KEY_MAP [+] firebase_conf. Shodan crawls the entire Internet at least once a month, but if you want to request Shodan to scan a network immediately you can do so using the on-demand scanning capabilities of the API. Step 3: Enter API Keys for data services like Shodan, AlienVault, etc. API v2 The API allows the list of pwned accounts (email addresses and usernames) to be quickly searched via a RESTful service. It can search given a public-key you provide it, or, it can fingerprint a host and search shodan for similar hosts. 0 。将搜索结果下载到 ssh-data 文件中,文件中的每一行都是 JSON 格式存储的目标 banner 信息。默认情况下,该命令只会下载 100 条结果。. As you can see, we got 5 options and it is totally automated so I ain't explain everything in detail. This doesn't break any existing scripts using Shodanz, but now offers even more flexibility to write more awesome things, like this asyncronous honeypot detector:. 1 query credits is used when you perform a search containing filters or go past the 1st page. Using the IP Tools API. argv [0] sys. yaml file:. Please notify Hybrid Analysis immediately if you believe that your API key or user credentials have been compromised. The domain shodan. And then view the map: shodan radar. Nmap - the Network Mapper. OK, I Understand. Recon-ng is a full-featured Web Reconnaissance Framework written in Python. 安装python模块. Signing up for the API keys is the least fun and most time consuming part of the setup. Related Posts : ap, api ddos, api ddos stresser, booter, DDOS, ddos booter, ddos download, ddos programı, ddos server, ddps program, dree stresser, free booter, free. IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. Once the tool is installed you have to initialize the environment with your API key using shodan initshodan init YOUR_API_KEY. io/?q=IIS ”. Voip电话和所有数据采集监控系统 Shodan能做的: 1. First things first, you have to create a shodan account for this. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. Shodan_Search: get Shodan information on a domain. And when i was stuck at a point, the original developer ( Andrew Aksyonoff, shodan [at] shodan. Descripción de Shodan. 무료 계정은 멤버계정의 10% 정보만 볼 수 있다. Shodan crawls the entire Internet at least once a month, but if you want to request Shodan to scan a network immediately you can do so using the on-demand scanning capabilities of the API. First define how you pass the API key:-k or --key to pass the key to the stdin-kf or --key-file to pass the filename which get the key from-sc or --shodan-cli to get the key from Shodan CLI (if you initialized it) As of now, this tool can be used in three different ways:. io in order to discover exposed services all over the Internet. Generating API Keys. It ultimately relies on Shodan to find the exposed cameras in the first place (those running the tool need to have a Shodan account with an API key). py + ip ou query Ele não exibe o resultado e rtorna. Many SpiderFoot modules require API keys to function to their fullest extent (or at all), so you will need to go to each service and obtain an API key where you feel that having such a key would add value to your scans. Is a really simple tool, but very effective for the early stages of a penetration test or just to know. io API is the Shodan CLI or Com mand Line Int erface. Usually, using the name of the manufacturer or the server name which is the most effective because Shodan query results will output the IP and the corresponding web port. search('apache'). 0 - for count search result. Shodan(SHODAN_API_KEY) Note: the library is working for both python 2 and 3 but we’ll use only python 3 as python 2 is deprecated. Before we start the year 2020, today there is a new big release. io in order to discover exposed services all over the Internet. Shodan Eye Ethical Hacking Tool. This guide will cover how to keep track of changes to a public network's IP range using the command-line interface and API. How to obtain those keys goes beyond the scope of this documentation, but generally the pattern looks like:. For example, the following search query would find Apache webservers located in Germany: "apache country:DE". Memcached is simple yet powerful. This analyzer comes in two flavors: Shodan_Host: get Shodan information on a host. AutoSploit now prompts you for your API keys from Shodan and Censys. Requirements. Recon doesn’t always mean to find subdomains belonging to a company, it also could relate to finding out how a company is setting up its properties and what resources they are using. Compiling it was a breeze. We need following API keys to run this tool efficiently: shodan_api, censysio_id, censysio_secret, zoomeyeuser, zoomeyepass, clearbit_apikey, emailhunter, fullcontact, google_cse_key, google_cse_cx. API Keys: Shodan API keys are free with limitations for any user on the Shodan website and registration is completely free. 50个ip地址的限制可以通过购买无限制API key来扩大到查询10000个ip地址 0x04 Shodan的组件 1. The internet has a lot of exploits, both good and bad, If you thought no one has access to your webcam, think again. If you want to make the most of Shodan, you need to go beyond the web interface. So, press 2 and hit Enter. A Shodan API key can be found here. Posted by longjidin at 1:07 PM. The next argument is facets , and will be a list of properties on which to summarize. search_cursor(query) method instead of just Shodan. Step 2: Retrieving a Shodan API Key. io has ranked N/A in N/A and 950,483 on the world. If you like this video, please hit the like button and subscribe to my channel for more videos. Check what plugins are configured with harpoon config -c. shodan init APIKEY. Shodan(SHODAN_API_KEY) 搜索Shodan. A successful Shodan Exploit Integration requires planning and careful execution of pre-integration tasks. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down telephone calls in most parts of the world-wide public switched telephone network (PSTN). [email protected]: ~ # shodan init 쇼단 내 API key. *** NOTHING MORE *** [!] In order to use the App and have your API key, create on account on shodan. 50个ip地址的限制可以通过购买无限制API key来扩大到查询10000个ip地址 0x04 Shodan的组件 1. Search Engine Land is a must read hub for news and information about search engine marketing, optimization and how search engines such as Google, Yahoo, Microsoft Live. Shodan focuses on crawling all types of systems connected to the Internet (webcams, routers, servers, intelligent homes and devices, power plants, etc). ru ) helped me out. py is a simple python tool that can search through your shodan_api_key language:python, Shodan API keys (try other languages too) Kaspersky report: the number. Which is also very easy to adjust via the Shodan Eye tool. io in order to discover exposed services all over the Internet. Check out Shodan Monitor for an easy way to setup network monitoring. In order to use the App and have your API key, create on account on shodan. Its simple design promotes quick deployment, ease of development, and solves many problems facing large data caches. With this key, you can use Recon-ng, Datasploit, or Spiderfoot to pull from HIBP. Shodan API Class, by HR. Search operators are only available to registered users. The default dashboard URL is dashboard. Script parses results from Shodan, excluding empty and compromised databases. At the end of the post, we will have an extension that will take any HTTP request, determine the IP address of domain and get specific information using Shodan API. Register/Authenticate you can with help of social network services like twitter or facebook, also you can register directly as shodan. Memcached is simple yet powerful. Moreover, it is possible to generate reports by clicking on "Create Report":. Como você já deve saber o Shodan indexa um grande número de equipamentos conectados na rede e você pode se impressionar com os resultados. This way you get a complete overview. key (string) – SHODAN API key. Retrieve your API from Shodan and enter it here. io and get your API key there. The following are code examples for showing how to use shodan. (Bottom of Figure 8, Look close it is there) keys add shodan_api API Keys Signup URLs. shodansploit API key Information Security Newspaper | Hacking News. 在開課之前,讓我們先了解「API」是什麼東西吧。 API 為 Application Programming Interface(應用程式介面)的縮寫,通常是一些系統廠商,為了能夠讓第三方的開發者可以額外開發應用程式來強化他們的產品,所推出可以與他們系統溝通的介面。. (This is the first key undocumented fact. If you want to make the most of Shodan, you need to go beyond the web interface. Well i got the black friday deal for shodan lifetime $5 …… Here is what I did first! Open VLC and put in the following URL https://gist. Register an account in shodan. Getting Started with Plotly for Python. There are a lot of thing that will be connected to internet may be, it's a web cam or may be a router , It may be android devide either nuclear power or a computer etc. Must say OSS makes the world a better place to live in, Red Hat notwithstanding ;-) Okay on sphinx, i indexed my table which had close to 700,000 rows of data (Blob), and it indexed it in under 100 secs!!. shodan - lunch it, 2.