People ask us how Sentinel compares to Shodan. The short answer is that they solve different problems. The longer answer is worth understanding because it changes how you think about infrastructure security.

Shodan Is a Search Engine

Shodan crawls the entire internet, continuously, and indexes what it finds. Every open port, every service banner, every SSL certificate. It has been doing this since 2009 and has built the most comprehensive database of internet-connected devices in existence.

When you search your IP on Shodan, you see what their crawlers found the last time they passed by. Open ports, software versions, banner text. It is a snapshot, not a live assessment. The data might be from yesterday or from last week.

This is incredibly useful for security researchers, threat intelligence teams, and anyone who needs to answer questions like “how many devices running Apache 2.4.49 are exposed on the internet right now?” Shodan was built for that use case and it is the best at it.

What Shodan does not do is tell you what to do about it. You get port 22 running OpenSSH 8.2. Is that a problem? Depends on your configuration, your authentication method, your threat model. Shodan does not know and does not try to answer.

Sentinel Is a Doctor, Not a Search Engine

Sentinel scans one target at a time, on demand, and tells you what is wrong with it.

When you run a Sentinel scan, it checks all 65535 TCP ports and the top 1000 UDP ports. It fingerprints services, matches them against CVE databases, tests common default credentials, analyzes your TLS configuration, and checks for misconfigurations. Then it feeds all of that into an AI that writes a report.

The report does not say “port 22 open, OpenSSH 8.2.” It says “SSH is exposed with password authentication enabled on the default port. This service is actively targeted by brute-force attacks. Here is how to switch to key-based authentication and disable password login, step by step.”

That difference matters when the person reading the report is an IT manager, not a penetration tester.

The Real Difference

Shodan answers the question “what does the internet see when it looks at me?”

Sentinel answers the question “what should I fix, in what order, and how?”

Both are valid questions. They come up at different stages of security maturity.

If you are a security team doing threat intelligence, attack surface mapping, or competitive analysis, Shodan is essential. If you are an IT team that needs to know whether your infrastructure has problems and what to do about them, Sentinel is more useful.

Where They Overlap

Both can tell you that port 443 is open and running nginx 1.18. Both can tell you the TLS certificate details. Both show you what services are exposed.

The overlap ends at interpretation. Shodan gives you the facts. Sentinel gives you the facts, a severity rating, and a fix.

Where They Do Not Overlap

Shodan can search the entire internet. Sentinel cannot. Sentinel only scans IPs you own, verified by residential ISP check (free tier) or DNS/admin verification (business tier). This is a deliberate design choice. Sentinel is not a reconnaissance tool. It is a defensive one.

Sentinel tests credentials. Shodan does not. When Sentinel finds an SSH server, it tries common default passwords and stops at the first match. When it finds a web login panel, it checks factory defaults. This is the kind of check that turns a “port open” finding into a “critical: default password accepted” finding.

Sentinel generates remediation guidance. Shodan gives you data and trusts you to figure it out.

Pricing

Shodan’s free tier gives you limited searches. A membership costs $69/month and unlocks the full API, monitoring, and historical data.

Sentinel’s free tier gives you a complete vulnerability scan with a full report, no account required. The business tier at CHF 249/month adds custom targets, scheduled scanning, a vulnerability tracking dashboard, and regression detection.

So Which One?

If you need internet-wide visibility and raw data: Shodan.

If you need to scan your own infrastructure and get actionable reports: Sentinel.

If you have the budget: both. They complement each other well. Use Shodan to monitor your exposure passively and Sentinel to assess it actively. Many security teams run both.

If you have never scanned your network at all, start with a free Sentinel scan. It takes 30 to 60 minutes and requires nothing but an email address. Then look yourself up on Shodan and compare. You will learn something from each.