Services that support an SSL connection will have a Shodan banner with a top-level property called ssl. The ssl dictionary contains many sub-properties. Here is an example:
{
"dhparams": null,
"tlsext": [],
"versions": ["TLSv1", "-SSLv2", "-SSLv3", "-TLSv1.1", "-TLSv1.2"],
"acceptable_cas": [],
"cert": {
"sig_alg": "sha256WithRSAEncryption",
"issued": "20180227000000Z",
"expires": "20190717120000Z",
"pubkey": {
"bits": 2048,
"type": "rsa"
},
"version": 2,
"extensions": [{
"data": "0\\x16\\x80\\x14\\x90X\\xff\\xb0\\x9cu\\xa8QTw\\xb1\\xed\\xf2\\xa3C\\x168\\x9el\\xc5",
"name": "authorityKeyIdentifier"
}, {
"data": "\\x04\\x14\\x0c3w\\xc7\\xee\\x14\\xbb\\xd1A\\xf4\\xa5\\xb9\\xe4W%/\\x9ac\\x05w",
"name": "subjectKeyIdentifier"
}, {
"data": "0\\x1e\\x82\\x0e*.secure.ne.jp\\x82\\x0csecure.ne.jp",
"name": "subjectAltName"
}, {
"critical": true,
"data": "\\x03\\x02\\x05\\xa0",
"name": "keyUsage"
}, {
"data": "0\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02",
"name": "extendedKeyUsage"
}, {
"data": "0503\\xa01\\xa0/\\x86-http://cdp.geotrust.com/GeoTrustRSACA2018.crl",
"name": "crlDistributionPoints"
}, {
"data": "0C07\\x06\\t`\\x86H\\x01\\x86\\xfdl\\x01\\x020*0(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x02\\x01\\x16\\x1chttps://www.digicert.com/CPS0\\x08\\x06\\x06g\\x81\\x0c\\x01\\x02\\x01",
"name": "certificatePolicies"
}, {
"data": "0g0&\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x01\\x86\\x1ahttp://status.geotrust.com0=\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x02\\x861http://cacerts.geotrust.com/GeoTrustRSACA2018.crt",
"name": "authorityInfoAccess"
}, {
"data": "0\\x00",
"name": "basicConstraints"
}, {
"data": "\\x04\\x82\\x01k\\x01i\\x00w\\x00\\xbb\\xd9\\xdf\\xbc\\x1f\\x8aq\\xb5\\x93\\x94#\\x97\\xaa\\x92{G8W\\x95\\n\\xabR\\xe8\\x1a\\x90\\x96d6\\x8e\\x1e\\xd1\\x85\\x00\\x00\\x01a\\xd5\\x0e\\x03\\xf0\\x00\\x00\\x04\\x03\\x00H0F\\x02!\\x00\\x81\\xac\\xb0\\xfe\\xfa\\xe2\\x16\\x15W\\x01\\xf7M\\xb9a]\\xbd\\xef\\xee\\x9d\\t\\xfc\\x1dA\\x13\\xe0\\xc9\\xd5\\xb6\\xc7 ;\\x83\\x02!\\x00\\xa2\\xec\\xde+\\x84h\\x9c[s\\x9e\\xeb\\x13\\xb2C\\xaa\\xed\\t\\x8c\\x14\\xca\\xa1o\\xaa\\t\\x11LM\\x9d\\xde\\x87\\xb7H\\x00u\\x00\\x87u\\xbf\\xe7Y|\\xf8\\x8cC\\x99_\\xbd\\xf3n\\xffV\\x8dGV6\\xffJ\\xb5`\\xc1\\xb4\\xea\\xff^\\xa0\\x83\\x0f\\x00\\x00\\x01a\\xd5\\x0e\\x03\\x82\\x00\\x00\\x04\\x03\\x00F0D\\x02 \\'-\\xf7\\x80\\x12\\xf7\\x8d\\x86\\xe5\\x19\\xe9\\xc8\\xcc\\n\\xd3>hSW\\xb0\\xb0\\xef(P\\x82\\xe4X#\\x8aTH\\xed\\x02 (7\\x96i\\x12\\xae\\x13\\xb9\\xd0\\xec\\x19\\xd4h\\xd8\\x11\\xf0\\xcd\\xb1WK\\x91\\x06<\\xc2\\x9e\\xa4&=\\xde\\xfd:\\xbc\\x00w\\x00oSv\\xac1\\xf01\\x19\\xd8\\x99\\x00\\xa4Q\\x15\\xffw\\x15\\x1c\\x11\\xd9\\x02\\xc1\\x00)\\x06\\x8d\\xb2\\x08\\x9a7\\xd9\\x13\\x00\\x00\\x01a\\xd5\\x0e\\x05\\x9c\\x00\\x00\\x04\\x03\\x00H0F\\x02!\\x00\\xbaG(\\xaf=G[a\\x986&\\x0eC\\xac\\x9e\\x1b3\\xf9X\\xf3\\xf5\\xfc\\xc8=\\xf7B\\xe8j2\\xbe\\x7f\\xc5\\x02!\\x00\\xd1ad\\\\,v\\xe4\\xaa\\xf8g\\x90=\\x99x\\xe1\\x82\\x90I9\\x8eV\\x8c\\xcem\\xfd\\xae\\x8e\\xd11\\xe8\\x82\\xf4",
"name": "ct_precert_scts"
}],
"fingerprint": {
"sha256": "ece537bf521573813df656e69051824ceb9c552df1bb0f6cef48be6ec16bf15e",
"sha1": "18b2886966e5e0eb8f046907c38a1f6cfdd485d6"
},
"serial": 6596692990875508509620539832346469659,
"issuer": {
"C": "US",
"OU": "www.digicert.com",
"O": "DigiCert Inc",
"CN": "GeoTrust RSA CA 2018"
},
"expired": false,
"subject": {
"CN": "*.secure.ne.jp"
}
},
"cipher": {
"version": "TLSv1/SSLv3",
"bits": 256,
"name": "AES256-SHA"
},
"chain": ["-----BEGIN CERTIFICATE-----\nMIIGMjCCBRqgAwIBAgIQBPZ6E0SYqtY6w9glplHlGzANBgkqhkiG9w0BAQsFADBe\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe\nFw0xODAyMjcwMDAwMDBaFw0xOTA3MTcxMjAwMDBaMBkxFzAVBgNVBAMMDiouc2Vj\ndXJlLm5lLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUYeOSIR\nWi+SnNDmjgfdZ57IbcmWrdKBIrLLeTiYQ5/mRP1E/YiwR/KcAih3mkiTlCp4k7Ye\ngRLu/e+unQdumTkAu95AX7HrT/BTd6qv6nEqkjwyGbVao5m6l63+x2Naxq0LcvQ4\njGMKjJ/jXTtPRwu05MBoHgtJHrL89sitDGzhzvjRyZ6t1BAwptxpLo+xVi8cUB7f\nOIEkrX3Qc1p68N0GsbVnusjY7KTbFDSet4oNE2Wwrg3+fsqnI3TYiTEyLhwSl7wT\n7hBVZwjYA7dykLxiYbtWZmS972vjrSziiD79op1Jo9RTyQcNkIozOM8phworC1RD\nAMR57/JpzgsfEQIDAQABo4IDLzCCAyswHwYDVR0jBBgwFoAUkFj/sJx1qFFUd7Ht\n8qNDFjiebMUwHQYDVR0OBBYEFAwzd8fuFLvRQfSlueRXJS+aYwV3MCcGA1UdEQQg\nMB6CDiouc2VjdXJlLm5lLmpwggxzZWN1cmUubmUuanAwDgYDVR0PAQH/BAQDAgWg\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAv\nhi1odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmww\nTAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93\nd3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMCYG\nCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9BggrBgEFBQcw\nAoYxaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4\nLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwC72d+8\nH4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWHVDgPwAAAEAwBIMEYCIQCB\nrLD++uIWFVcB9025YV297+6dCfwdQRPgydW2xyA7gwIhAKLs3iuEaJxbc57rE7JD\nqu0JjBTKoW+qCRFMTZ3eh7dIAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq\n/16ggw8AAAFh1Q4DggAABAMARjBEAiAnLfeAEveNhuUZ6cjMCtM+aFNXsLDvKFCC\n5FgjilRI7QIgKDeWaRKuE7nQ7BnUaNgR8M2xV0uRBjzCnqQmPd79OrwAdwBvU3as\nMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWHVDgWcAAAEAwBIMEYCIQC6\nRyivPUdbYZg2Jg5DrJ4bM/lY8/X8yD33QuhqMr5/xQIhANFhZFwsduSq+GeQPZl4\n4YKQSTmOVozObf2ujtEx6IL0MA0GCSqGSIb3DQEBCwUAA4IBAQAcZh9iEaMER4YF\nmk87QbeEg8PrKvuV+Tdw8vKxkcv8B0AEHyVOXO1i28EtoUEfTQpC3D9Dip2D+G5g\n1z6MDPnFGN3uHR9TOm2+z+qLFf2c/zp3LYe+fUNAelGzTjrINB/N5CVzo80CpVLn\nXubBI6ZBJCG1UG/Rg9ySIEU2dW1vrbHlq4ACSx/+qfXqxP0YJhl/+47yrhBSDmRK\nzwIGQyqX74P0L/EzyyQeNY/kN6h2c1qxJSgrwxEMdDxS4pQSNj2+GxSftZaRK19e\nEAFMYJrXeW8h43Ze67nCEMjivXYvgrfGZovy1iGGtTYmVp7D0jvXg7iLi3zphxKw\nqaSUjhyC\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEizCCA3OgAwIBAgIQBUb+GCP34ZQdo5/OFMRhczANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xNzExMDYxMjIzNDVaFw0yNzExMDYxMjIzNDVaMF4xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAv4rRY03hGOqHXegWPI9/tr6HFzekDPgxP59FVEAh\n150Hm8oDI0q9m+2FAmM/n4W57Cjv8oYi2/hNVEHFtEJ/zzMXAQ6CkFLTxzSkwaEB\n2jKgQK0fWeQz/KDDlqxobNPomXOMJhB3y7c/OTLo0lko7geG4gk7hfiqafapa59Y\nrXLIW4dmrgjgdPstU0Nigz2PhUwRl9we/FAwuIMIMl5cXMThdSBK66XWdS3cLX18\n4ND+fHWhTkAChJrZDVouoKzzNYoq6tZaWmyOLKv23v14RyZ5eqoi6qnmcRID0/i6\nU9J5nL1krPYbY7tNjzgC+PBXXcWqJVoMXcUw/iBTGWzpwwIDAQABo4IBQDCCATww\nHQYDVR0OBBYEFJBY/7CcdahRVHex7fKjQxY4nmzFMB8GA1UdIwQYMBaAFAPeUDVW\n0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo\nMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E\nOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i\nYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo\ndHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAw\n8YdVPYQI/C5earp80s3VLOO+AtpdiXft9OlWwJLwKlUtRfccKj8QW/Pp4b7h6QAl\nufejwQMb455OjpIbCZVS+awY/R8pAYsXCnM09GcSVe4ivMswyoCZP/vPEn/LPRhH\nhdgUPk8MlD979RGoUWz7qGAwqJChi28uRds3thx+vRZZIbEyZ62No0tJPzsSGSz8\nnQ//jP8BIwrzBAUH5WcBAbmvgWfrKcuv+PyGPqRcc4T55TlzrBnzAzZ3oClo9fTv\nO9PuiHMKrC6V6mgi0s2sa/gbXlPCD9Z24XUMxJElwIVTDuKB0Q4YMMlnpN/QChJ4\nB0AFsQ+DU0NCO+f78Xf7\n-----END CERTIFICATE-----\n"],
"alpn": []
}
Here is a more readable format as a gist:
https://gist.github.com/achillean/88531c3e47cc2b9fc94435b6fd8fce08
The property you are looking for is ssl.cert.issuer.CN. In Python, this translates to:
results = api.search('port:443')
for banner in results:
# Only care about services that use SSL
if 'ssl' in banner:
# You should also check to make sure this property exists or wrap whatever you're doing with it in a try/ except clause
print(banner['ssl']['cert']['issuer']['CN'])
You should also check out the Shodan CLI (https://cli.shodan.io) which can handle 80% of Shodan-related use cases. We have a few videos over here to get you started:
https://asciinema.org/~Shodan
For these sorts of issues I would recommend to print out the entire object:
print(banner)
And then figure out the exact property once you've seen what the entire object has to offer.