Wellcome to Shodan.
If you're thinking "What on Earth is it?", please read the lines below. If you're already familiar with, move to the next Section.
So here’s the basic: SHODAN (Sentient Hyper-Optimized Data Access Network) is a search engine, but instead of indexing web page content, it indexes banners information. It indexes data on HTTP, SSH, FTP, TELNET and SNMP services for almost the whole Internet. You can find it at http://www.shodanhq.com.
You can do basic searching for free. An account and credit are required for some features.
What can I do with it?
A lot of things.
For good and for worst.
Per example, you can ask for network devices that shows up banner information (routers, switches, printers, voip phones, etc). Tunning your filter and you can find devices without authentication or with default passwords (a lot of them, on a lot of places).
You can find out vulnerable systems. Where they are, who owns it.
And you can do it easily. Shodan is like "Google" for network scanning.
Of course, you can use Shodan to track vulnerable/exposed system or devices on your network and work to close the breaches.
Is it legal?
A controversial point.
If we look on terms of technical arguments, SHODAN is a massive port scanner and the precedent set is that port scanning is not a violation of the Computer Fraud and Abuse Act because it does not meet the requirement for damage the availability or integrity of the device.
But, of course someone can use it to dig information about a certain network to start an attack.
I believe this is more an "is it moral or not?", than a "is it legal or not?" case.
There's plenty on documents and presentations over the Internet (on this case, Google will help a lot) so it's pointless here to focus on how to use Shodan.
But, I'll give you an advice.
Check your network against Shodan just in case.
It can solve a lot of pain in the future