def __init__(self):
self.key = shodanAPI_key
if self.key == '':
raise MissingKey(True)
self.api = Shodan(self.key)
self.hostdatarow = []
def __getShodanByAPI__(self, shodan_api='', session_id=None):
if not shodan_api:
return Shodan(ht.Config.getAPIKey('shodan_api', session_id))
return Shodan(shodan_api)
from sys import argv, exit
# Input validation
if len(argv) != 3:
print('Usage: {} <IPs filename> <output.json.gz>'.format(argv[0]))
print('Example: {} iplist.txt iplist.json.gz'.format(argv[0]))
exit(1)
input_filename = argv[1]
output_filename = argv[2]
# Must have initialized the CLI before running this script
key = get_api_key()
# Create the API connection
api = Shodan(key)
# Create the output file
fout = open_file(output_filename, 'w')
# Open the file containing the list of IPs
with open(input_filename, 'r') as fin:
# Loop over all the IPs in the file
for line in fin:
ip = line.strip() # Remove any trailing whitespace/ newlines
# Wrap the API calls to nicely skip IPs which don't have data
try:
print('Processing: {}'.format(ip))
info = api.host(ip)
sys.stdout.write('%s[+] load favicon source: %s%s\n' %
(fg('green'), favsource, attr(0)))
sys.stdout.write('[+] favicon size: %d\n' % len(data))
if not len(data):
if not args.silent:
sys.stdout.write('%s[-] invalid favicon%s\n' % (fg('red'), attr(0)))
exit()
favhash = faviconHash(data, web_src)
if not args.silent:
sys.stdout.write('%s[+] hash calculated: %s%s\n' %
(fg('green'), str(favhash), attr(0)))
if shokey:
shodan = Shodan(shokey)
search = 'http.favicon.hash:' + str(favhash)
if not args.silent:
sys.stdout.write('[+] searching: %s\n' % search)
t_results = shodan.search(search)
if not args.silent:
sys.stdout.write('%s[+] %d results found%s\n' %
(fg('green'), len(t_results['matches']), attr(0)))
for result in t_results['matches']:
tmp = []
for v in t_values:
if v in result:
tmp.append(str(result[v]))
else:
tmp.append('')
# print( tmp )
def init():
# set API key
api_key = "PUT YOUR SHODAN API LEY HERE"
# define and init global API object
global api
api = Shodan(api_key)
from shodan import Shodan
import requests
import subprocess
IP = ""
api = Shodan('')
def url_ok(url):
r = requests.head("http://" + url)
return r.status_code == 200
def check_page(url):
r = requests.get("http://" + url + "/admin/")
return "Pi-hole" in r.text
def pruneIPS(vulnerableIPs):
for i in vulnerableIPs:
if not url_ok(i):
if not check_page(i):
vulnerableIPs.remove(i)
return vulnerableIPs
result = api.search("pi-hole")
VulnerableIP = []
for service in result['matches']:
if service['ip_str'] == IP:
ulnerableIP.append(service['ip_str'])
print("Yes")
# output file name
parser.add_argument('--out', help='json output file path')
args = parser.parse_args()
got_api = False
default_config_path = os.path.abspath(
str(os.path.dirname(os.path.realpath(__file__))) +
"/../conf/shodan.conf")
if args.config:
config.read(args.config)
if config['Shodan']["api_key"] != "API KEY HERE":
api = Shodan(config['Shodan']["api_key"])
got_api = True
elif args.key:
api = Shodan(args.key)
got_api = True
else:
config.read(default_config_path)
if config['Shodan']["api_key"] != "API KEY HERE":
api = Shodan(config['Shodan']["api_key"])
got_api = True
print(" ")
parse_response(host)
except APIError, e:
if e.value == "Invalid IP":
print "[!] Invalid IP format"
else:
print "[!] Unkown error (\"%s\")" % (e.value)
#####################
# Main starts here
#####################
if __name__ == "__main__":
check_api()
parser, args = parse_args()
api = Shodan(API_KEY)
VERBOSE = args.verbose
if args.time:
time = int(args.time) if args.time.isdigit() else 0
# Do main work
try:
if (args.ip):
query(args.ip)
elif (args.file):
print "[!] Waiting %d seconds between each query" % (time)
for e in read_file_into_list(args.file):
query(e)
sleep(time)
else:
def initShodan(self, key):
with open('shodan_api_key', 'w') as file:
file.write(key)
self.api = Shodan(key)
import json
import dateutil.parser as dp
import schedule #pip install schedule
from cStringIO import StringIO
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.header import Header
from email import Charset
from email.generator import Generator
import smtplib
import ast
conn = sqlite3.connect('shodan_db.sqlite')
# Create a connection to the Shodan API
api = Shodan(SHODAN_API_KEY)
#Queries Shodan for a search term and then stores results in a list of dictionaries
def query_Shodan(term, callback):
print "Runing Shodan Query"
templist = []
previous_ip=""
while True:
try:
#Search Shodan and get bunch of IP Addresses (limit 100, you can increase it even more as per the number of servers you are planning to monitor)
results = api.search(term,page=1,limit=100)
#Construct a temp dictionary to store details of each of IP Address
for result in results['matches']:
#Shodan repeat IP entries for each port Open on an IP, the below code is for that
from shodan import Shodan
api = Shodan('QoN9YkJiB2w5o6AjYXaeXFxRIYocUCPX')
def ipscan():
ip = raw_input("enter an ip address")
host = api.host(ip)
print("""
IP: {}
Organization: {}
City {}
Operating System: {}
Hostnames: {}
Country: {}
Updated: {}
Number of open ports {}
""".format(host['ip_str'], host.get('org', 'n/a'), host.get('city', 'n/a'),
host.get('os', 'n/a'), " ".join(host.get('hostnames')),
host.get('country_name'), host.get('last_update'),
len(host.get('ports'))))
for item in host['data']:
print("""Port: {} / {} Product: {} """.format(
item['port'], item['transport'], item.get('product', 'n/a')))
def myip():
print(api.tools.myip())
def send_command(self, command, search, thread_num, exec_cmd, startIP, endIP, ipfile):
"""Execute a command"""
if search == "censys":
self.search = Censys()
elif search == "zoomeye":
self.search = Zoomeye()
elif search == "shodan":
self.search = Shodan()
elif search == "local":
self.search = Local()
else:
print "you got a wrong type of search engine, you can select censys, shodan or zoomeye as your scan engine."
sys.exit()
if self.setQuery(command):
return {'prompt': '', 'busy': False, 'data': 'QUERY => %s\n' % self.query}
elif self.setPage(command):
return {'prompt': '', 'busy': False, 'data': 'PAGE => %d\n' % self.page}
else:
if command == "exploit\n" or command == "run\n":
if not self.search:
print "please select a search engine using the -s or --search option."
sys.exit()
if (self.module and self.moduleType) or exec_cmd:
if (startIP and endIP) or ipfile:
args = (self.queue, self.STOP_ME, startIP, endIP, ipfile)
else:
if self.query:
self.search.getConfig()
args = (self.query, self.page, self.queue, self.STOP_ME)
else:
return {'prompt': '', 'busy': False, 'data': 'QUERY must be setted\n'}
threads = []
t1 = threading.Thread(target = self.search.searchIP, args = args)
threads.append(t1)
t2 = threading.Thread(target=self.DoExploit, args=(exec_cmd, command, thread_num))
threads.append(t2)
for t in threads:
t.setDaemon(True)
t.start()
for t in threads:
t.join()
result = {'prompt': '', 'busy': False, 'data': '\n'}
else:
return {'prompt': '', 'busy': False, 'data': 'please select the module\n'}
else:
isSuccess = self.client.call('console.write', [self.console_id, command])
if isSuccess.has_key('error'):
self.login()
self.client.call('console.write', [self.console_id, command])
sleep(0.5)
result = self.client.call('console.read', [self.console_id])
while result['busy']:
if result['data']:
print result['data']
sleep(0.5)
result = self.client.call('console.read', [self.console_id])
if command == "show options\n":
if exec_cmd:
result['data'] = "%s command %s\n" % (result['data'], exec_cmd)
result['data'] = "%s QUERY %s\n" % (result['data'], self.query)
result['data'] = "%s PAGE %s\n" % (result['data'], self.page)
if command.startswith("use"):
module = command.split(' ')[1].strip()
self.moduleType = module[:module.find('/')]
self.module = module[module.find('/')+1:]
if command.startswith("set"):
options = command.split(' ')
self.opts[options[1]] = options[2].strip()
return result
def main(api_key, search):
api = Shodan(api_key)
for result in api.search_cursor(search):
print(result['hostnames'])
from shodan import Shodan
from pathlib import Path
import configparser
import requests
from CloudCarrot.settings import __config_file__
import os
config = configparser.ConfigParser()
try:
config.read(os.path.join(str(Path.home()),
'.config/{}'.format(__config_file__)))
TOKEN = config.get('shodan', 'API_KEY')
except configparser.NoSectionError:
TOKEN = False
api = Shodan(TOKEN)
def shodan_search(host):
if not TOKEN:
return False
try:
banner = api.search_cursor('"{0}"'.format(host))
title_result = set([host['ip_str'] for host in banner])
if title_result:
return title_result
else:
return set()
except:
return False
def shodan_search_worker(fk,
query,
search_type,
category,
country=None,
coordinates=None,
all_results=False):
results = True
page = 1
SHODAN_API_KEY = keys['keys']['shodan']
pages = 0
screenshot = ""
print(query)
while results:
if pages == page:
results = False
break
# Shodan sometimes fails with no reason, sleeping when it happens and it prevents rate limitation
search = Search.objects.get(id=fk)
api = Shodan(SHODAN_API_KEY)
fail = 0
try:
time.sleep(5)
if coordinates:
results = api.search("geo:" + coordinates + ",20 " + query,
page)
if country:
results = api.search("country:" + country + " " + query, page)
except:
fail = 1
print('fail1, sleeping...')
if fail == 1:
try:
time.sleep(10)
if coordinates:
results = api.search("geo:" + coordinates + ",20 " + query,
page)
if country:
results = api.search("country:" + country + " " + query,
page)
except Exception as e:
print(e)
if fail == 1:
try:
time.sleep(10)
if coordinates:
results = api.search("geo:" + coordinates + ",20 " + query,
page)
if country:
results = api.search("country:" + country + " " + query,
page)
except Exception as e:
print(e)
if fail == 1:
try:
time.sleep(10)
if coordinates:
results = api.search("geo:" + coordinates + ",20 " + query,
page)
if country:
results = api.search("country:" + country + " " + query,
page)
except Exception as e:
results = False
print(e)
try:
total = results['total']
if total == 0:
print("no results")
break
except Exception as e:
print(e)
break
pages = math.ceil(total / 100) + 1
print(pages)
for counter, result in enumerate(results['matches']):
lat = str(result['location']['latitude'])
lon = str(result['location']['longitude'])
city = ""
indicator = []
# print(counter)
# time.sleep(20)
try:
product = result['product']
except:
product = ""
if 'vulns' in result:
vulns = [*result['vulns']]
else:
vulns = ""
if result['location']['city'] != None:
city = result['location']['city']
hostnames = ""
try:
if 'hostnames' in result:
hostnames = result['hostnames'][0]
except:
pass
try:
if 'SAILOR' in result['http']['title']:
html = result['http']['html']
soup = BeautifulSoup(html)
for gps in soup.find_all("span", {"id": "gnss_position"}):
coordinates = gps.contents[0]
space = coordinates.split(' ')
if "W" in space:
lon = "-" + space[2][:-1]
else:
lon = space[2][:-1]
lat = space[0][:-1]
except Exception as e:
pass
if 'opts' in result:
try:
screenshot = result['opts']['screenshot']['data']
with open(
"app_kamerka/static/images/screens/" +
result['ip_str'] + ".jpg", "wb") as fh:
fh.write(base64.b64decode(screenshot))
fh.close()
for i in result['opts']['screenshot']['labels']:
indicator.append(i)
except Exception as e:
pass
if query == "Niagara Web Server":
try:
soup = BeautifulSoup(result['http']['html'],
features="html.parser")
nws = soup.find("div", {"class": "top"})
indicator.append(nws.contents[0])
except:
pass
# get indicator from niagara fox
if result['port'] == 1911 or result['port'] == 4911:
try:
fox_data_splitted = result['data'].split("\n")
for i in fox_data_splitted:
if "station.name" in i:
splitted = i.split(":")
indicator.append(splitted[1])
except:
pass
# get indicator from tank
if result['port'] == 10001:
try:
tank_info = result['data'].split("\r\n\r\n")
indicator.append(tank_info[1])
except:
pass
if result['port'] == 2000:
try:
ta_data = result['data'].split("\\n")
indicator.append(ta_data[1][:-3])
except Exception as e:
pass
if result['port'] == 502:
try:
sch_el = result['data'].split('\n')
if sch_el[4].startswith("-- Project"):
indicator.append(sch_el[4].split(": ")[1])
except:
pass
if "GPGGA" in result['data']:
try:
splitted_data = result['data'].split('\n')
for i in splitted_data:
if "GPGGA" in i:
msg = pynmea2.parse(i)
lat = msg.latitude
lon = msg.longitude
break
except Exception as e:
print(e)
if result['port'] == 102:
try:
s7_data = result['data'].split("\n")
for i in s7_data:
if i.startswith("Plant"):
indicator.append(i.split(":")[1])
if i.startswith("PLC"):
indicator.append(i.split(":")[1])
if i.startswith("Module name"):
indicator.append(i.split(":")[1])
except:
pass
# get indicator from bacnet
if result['port'] == 47808:
try:
bacnet_data_splitted = result['data'].split("\n")
for i in bacnet_data_splitted:
if "Description" in i:
splitted1 = i.split(":")
indicator.append(splitted1[1])
if "Object Name" in i:
splitted2 = i.split(":")
indicator.append(splitted2[1])
if "Location" in i:
splitted3 = i.split(":")
indicator.append(splitted3[1])
except:
pass
device = Device(search=search,
ip=result['ip_str'],
product=product,
org=result['org'],
data=result['data'],
port=str(result['port']),
type=search_type,
city=city,
lat=lat,
lon=lon,
country_code=result['location']['country_code'],
query=search_type,
category=category,
vulns=vulns,
indicator=indicator,
hostnames=hostnames,
screenshot=screenshot)
device.save()
page = page + 1
if not all_results:
results = False
from shodan import Shodan
import re
api = Shodan('XXXXXXXXXXXXXXXXXXX')
def final(query,level):
if level=='1':
return (api.search(query,page=2,limit=10, offset=None, facets=None, minify=True))
elif level=='2':
return (api.search(query,page=None,limit=None, offset=None, facets=None, minify=True))
elif level=='3':
return (api.search(query,page=15,limit=None, offset=8, facets=None, minify=True))
else:
return("ERROR!!!!")
def sh(query,resp):
level='1'
if re.findall("--level\s[0-3]",query):
level=str(re.findall("--level\s[0-3]",query)[0].replace("--level ",""))
query=query.replace("--level {}".format(level),"")
#print (query)
out=final(query,level)
for i in out['matches']:
resp.message("{}\n".format(("IP: {}\nOS: {}\nISP: {}\nPostal Code: {}\nCity Name: {}\nCountry Name: {}".format(i['ip_str'],i['os'],i['isp'],i['location']['postal_code'],i['location']['city'],i['location']['country_name']))))
return resp
else:
if re.findall("--level\s[0-9]",query):
level=str(re.findall("--level\s[0-9]",query)[0].replace("--level ",""))
query=query.replace("--level {}".format(level),"")
from shodan import Shodan
import sys
domain = sys.argv[1]
hosts=[]
api = Shodan('YOUR_API_KEY')
results=api.search('hostname:.{}'.format(domain))
try:
for res in results['matches']:
hosts.append(''.join(res['hostnames']))
except KeyError:
pass
with open('shodan_subdomains.txt', 'w') as f:
for item in hosts:
f.write("%s\n" % item)
#return hosts
def Search(Query_List, Task_ID, Type, **kwargs):
try:
Data_to_Cache = []
Directory = General.Make_Directory(Plugin_Name.lower())
logger = logging.getLogger()
logger.setLevel(logging.INFO)
Log_File = General.Logging(Directory, Plugin_Name.lower())
handler = logging.FileHandler(os.path.join(Directory, Log_File), "w")
handler.setLevel(logging.DEBUG)
formatter = logging.Formatter("%(levelname)s - %(message)s")
handler.setFormatter(formatter)
logger.addHandler(handler)
Shodan_API_Key = Load_Configuration()
API_Session = Shodan(Shodan_API_Key)
Cached_Data = General.Get_Cache(Directory, Plugin_Name)
Query_List = General.Convert_to_List(Query_List)
Limit = General.Get_Limit(kwargs)
for Query in Query_List:
try:
if Type == "Search":
Local_Plugin_Name = Plugin_Name + "-Search"
try:
API_Response = API_Session.search(Query)
except Exception as e:
logging.error(
f"{General.Date()} - {__name__.strip('plugins.')} - {str(e)}."
)
break
JSON_Output_Response = json.dumps(API_Response,
indent=4,
sort_keys=True)
Main_File = General.Main_File_Create(
Directory, Local_Plugin_Name, JSON_Output_Response,
Query, The_File_Extensions["Main"])
Output_Connections = General.Connections(
Query, Local_Plugin_Name, Domain, "Domain Information",
Task_ID, Plugin_Name.lower())
Current_Step = 0
for Shodan_Item in API_Response["matches"]:
Shodan_Item_Module = Shodan_Item['_shodan']['module']
Shodan_Item_Module = Shodan_Item_Module.replace(
'-simple-new', '')
if Shodan_Item_Module.startswith("http"):
Shodan_Item_Host = ""
Shodan_Item_Port = 0
if 'http' in Shodan_Item:
Shodan_Item_Host = Shodan_Item['http']['host']
Shodan_Item_Response = Shodan_Item['http'][
'html']
elif 'ip_str' in Shodan_Item and 'domains' in Shodan_Item and len(
Shodan_Item['domains']) > 0:
Shodan_Item_Host = Shodan_Item['domains'][0]
Shodan_Item_Response = Shodan_Item['data']
elif 'ip_str' in Shodan_Item and 'domains' not in Shodan_Item:
Shodan_Item_Host = Shodan_Item['ip_str']
Shodan_Item_Response = Shodan_Item['data']
if Shodan_Item_Host:
if 'port' in Shodan_Item_Host:
if int(Shodan_Item['port']) not in [
80, 443
]:
Shodan_Item_Port = Shodan_Item['port']
if Shodan_Item_Port != 0:
Shodan_Item_URL = f"{Shodan_Item_Module}://{Shodan_Item_Host}:{str(Shodan_Item_Port)}"
else:
Shodan_Item_URL = f"{Shodan_Item_Module}://{Shodan_Item_Host}"
Title = "Shodan | " + str(Shodan_Item_Host)
if Shodan_Item_URL not in Cached_Data and Shodan_Item_URL not in Data_to_Cache and Current_Step < int(
Limit):
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Local_Plugin_Name,
Shodan_Item_Response, Shodan_Item_Host,
The_File_Extensions["Query"])
if Output_file:
Output_Connections.Output(
[Main_File, Output_file],
Shodan_Item_URL, Title,
Plugin_Name.lower())
Data_to_Cache.append(Shodan_Item_URL)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
Current_Step += 1
elif Type == "Host":
Local_Plugin_Name = Plugin_Name + "-Host"
try:
API_Response = API_Session.host(Query)
except Exception as e:
logging.error(
f"{General.Date()} - {__name__.strip('plugins.')} - {str(e)}."
)
break
JSON_Output_Response = json.dumps(API_Response,
indent=4,
sort_keys=True)
Main_File = General.Main_File_Create(
Directory, Local_Plugin_Name, JSON_Output_Response,
Query, The_File_Extensions["Main"])
Output_Connections = General.Connections(
Query, Local_Plugin_Name, Domain, "Domain Information",
Task_ID, Plugin_Name.lower())
Shodan_URL = f"https://www.{Domain}/host/{Query}"
Title = "Shodan | " + Query
if Shodan_URL not in Cached_Data and Shodan_URL not in Data_to_Cache:
Shodan_Responses = General.Request_Handler(
Shodan_URL,
Application_JSON_CT=True,
Accept_XML=True,
Accept_Language_EN_US=True,
Filter=True,
Host=f"https://www.{Domain}")
Shodan_Response = Shodan_Responses["Filtered"]
Output_file = General.Create_Query_Results_Output_File(
Directory, Query, Plugin_Name, Shodan_Response,
Query, The_File_Extensions["Query"])
if Output_file:
Output_Connections.Output([Main_File, Output_file],
Shodan_URL, Title,
Plugin_Name.lower())
Data_to_Cache.append(Shodan_URL)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to create output file. File may already exist."
)
else:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - No results found."
)
except:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - Failed to complete task."
)
General.Write_Cache(Directory, Cached_Data, Data_to_Cache, Plugin_Name)
except Exception as e:
logging.warning(
f"{General.Date()} - {__name__.strip('plugins.')} - {str(e)}")
def setup(self):
from shodan import Shodan
self.api = Shodan(self.plugin_config["api_key"])
from shodan import Shodan
# Register in shodan.io to get your api key
shodan_key = ''
api = Shodan(shodan_key)
try:
query = api.search('struts')
print(f'Found {query["total"]}')
for host in query['matches']:
print('-----------------------------')
print(f'IP: {host["ip_str"]}')
print(f'Port: {host["port"]}')
print(f'ORG: {host["org"]}')
try:
print(f'ASN {host["asn"]}')
except:
pass
for l in host['location']:
print(f'{l}: {str(host["location"][l])}')
# more details...
# print(host['data'])
print('-----------------------------')
except Exception as e:
print(e)
def __init__(self):
self.key = Core.shodan_key()
if self.key is None:
raise MissingKey(True)
self.api = Shodan(self.key)
self.hostdatarow = []
def run(self, args, lookup, report_directory, api_key_directory):
"""main function"""
self.shodan_query_result = []
self.shodan_api_key = None
self.api_key_value = None
#first if https://shodan.readthedocs.io/en/latest/tutorial.html#connect-to-the-api
#else https://shodan.readthedocs.io/en/latest/tutorial.html#looking-up-a-host
#check for a stored api key, if missing ask for it and if it should be saved
if not os.path.exists(api_key_directory + 'shodan.key'):
print('[!] You are missing {}shodan.key'.format(api_key_directory))
self.api_key_value = getpass.getpass(
'[i] Please provide an API Key: ')
response = raw_input(
'[i] Would you like to save this key to a plaintext file? (y/n): '
)
if 'y' in response.lower():
with open(api_key_directory + 'shodan.key',
'w') as api_key_file:
api_key_file.writelines(self.api_key_value)
else:
pass
with open(api_key_directory + 'shodan.key') as f:
self.api_key_value = f.readlines()[0]
#invoke api with api key provided
shodanApi = Shodan(self.api_key_value)
#roll through the lookup list from -i or -d
for i, l in enumerate(lookup):
#open output file
shodan_text_output = open(
report_directory + l + '/' + l + '_shodan.txt', 'w')
#user notification that something is happening
print('[+] Querying Shodan via API search for {}'.format(l))
try:
#set results to api search of current lookup value
#https://shodan.readthedocs.io/en/latest/examples/basic-search.html
result = shodanApi.search(query="hostname:" + l)
print('[+] Shodan found: {} hosts'.format(str(
result['total'])))
#for each result
for service in result['matches']:
if args.verbose is True:
print(str(service['ip_str'].encode('utf-8')+\
' ISP: '+service['isp'].encode('utf-8')+\
' Last seen: '+service['timestamp'].encode('utf-8')))
if args.verbose is True:
#print and encode if there are non-us chars
print(service['data'].encode('utf-8'))
#append to shodanResult list
self.shodan_query_result.append(str(\
service['ip_str'].encode('utf-8')+\
'\nISP:'+service['isp'].encode('utf-8')+\
'\nLast seen:'+service['timestamp'].encode('utf-8'))+\
'\n'+service['data'].encode('utf-8'))
#catch exceptions
except Exception as e:
#print excepted error
print('[-] Shodan Error: {} '.format(e))
print(
'[!] You may need to specify an API key with -s <api key>')
return
#write contents of shodanResult list. this needs formatted
shodan_text_output.writelines('[+] Shodan found: {} hosts\n\n'.format(
str(result['total'])))
shodan_text_output.writelines(self.shodan_query_result)
return self.shodan_query_result
def shodan_host_ip(target):
ms = 'def shodan_host_ip: ' + target
fn_core.edit_log(fn_default.log_full_path, ms, lvl='info')
config = fn_core.import_config()
apikey = config['shodan']['api-key']
api = Shodan(apikey)
# print(api.host(target))
response = api.host(target)
person_string = json.dumps(response)
result = json.loads(person_string)
print(fn_core.highlight("black", "█▓▒░ Shodan ░▒▓█"))
print('\n')
print(fn_core.highlight("black", "Host IP "))
if str(result['area_code']) != 'null':
print('area_code: ' + str(result['area_code']))
if str(result['asn']) != 'null':
print('asn: ' + str(result['asn']))
if str(result['city']) != 'null':
print('city: ' + str(result['city']))
if str(result['country_code']) != 'null':
print('country_code: ' + str(result['country_code']))
if str(result['country_code3']) != 'null':
print('country_code3: ' + str(result['country_code3']))
if str(result['country_name']) != 'null':
print('country_name: ' + str(result['country_name']))
# if result['data']:
# print('data: ')
# if result['data']:
# print('data: ')
# for i in result['data']:
# i = json.dumps(result)
# i = json.loads(i)
# print('\t' + 'positives: ' + str(i['positives']))
# print('vulns: ')
# if i['vulns']:
# for k in i['vulns']:
# k = json.dumps(k)
# k = json.loads(k)
# print('\t' + k)
# print('\t' + 'asn: ' + str(i['asn']))
# print('\t' + 'domains: ' + str(i['domains']))
# print('\t' + 'hostnames: ' + str(i['hostnames']))
# print('\t' + 'isp: ' + str(i['isp']))
# print('\t' + 'org: ' + str(i['org']))
# print('\t' + 'port: ' + str(i['port']))
# print('vulns: ' + result['vulns'])
# for i in result['data']:
if 'vulns' in result:
print('vulns: ')
if result['vulns']:
for k in result['vulns']:
k = json.dumps(k)
k = json.loads(k)
print('\t' + k)
if str(result['domains']) != 'null':
print('domains: ' + str(result['domains']))
if str(result['hostnames']) != 'null':
print('hostnames: ' + str(result['hostnames']))
if str(result['ip_str']) != 'null':
print('ip_str: ' + str(result['ip_str']))
if str(result['isp']) != 'null':
print('isp: ' + str(result['isp']))
if str(result['last_update']) != 'null':
print('last_update: ' + str(result['last_update']))
if str(result['latitude']) != 'null':
print('latitude: ' + str(result['latitude']))
if str(result['longitude']) != 'null':
print('longitude: ' + str(result['longitude']))
if str(result['org']) != 'null':
print('org: ' + str(result['org']))
if str(result['os']) != 'null':
print('os: ' + str(result['os']))
if str(result['ports']) != 'null':
print('ports: ' + str(result['ports']))
if str(result['postal_code']) != 'null':
print('postal_code: ' + str(result['postal_code']))
if str(result['region_code']) != 'null':
print('region_code: ' + str(result['region_code']))
if str(result['tags']) != 'null':
print('tags: ' + str(result['tags']))
# keys = k.keys()
# values = k.values()
# print(keys)
# print(json.dumps(i['vulns'],indent=4,sort_keys=True))
# print(fn_core.highlight("red", '\t' + 'positives: ' + str(i['positives'])))
# print('\t' + 'scan_date: ' + str(i['scan_date']))
# print('\t' + 'total: ' + str(i['total']))
# print('\t' + 'url: ' + str(i['url']))
# print('country-code: ' + str(result['country-code']))
# print('country-code3: ' + str(result['country-code3']))
# print('currency-code: ' + str(result['currency-code']))
# print('ip: ' + str(result['ip']))
# if result['host-domain']:
# print('host-domain: ' + str(result['host-domain']))
# if result['hostname']:
# print('hostname: ' + str(result['hostname']))
# if result['is-bogon']:
# print(fn_core.highlight("red", 'is-bogon: ' + str(result['is-bogon'])))
#
#
f = json.dumps(result, indent=4, sort_keys=True)
return f
import sys
import requests
import base64
import mmh3
from ipwhois import IPWhois
from bs4 import BeautifulSoup
from shodan import Shodan
shodan = Shodan(open("SHODAN_API.txt", "r").readline())
def faviconHash(data, source):
if source == "web":
b64data = base64.encodebytes(data).decode()
else:
b64data = base64.encodebytes(data)
return mmh3.hash(b64data)
def searchFaviconHTML(link):
data = requests.get(link, stream=True)
soup = BeautifulSoup(data.content, 'html.parser')
iconLink = soup.find('link', rel='icon').get("href")
if not iconLink.startswith("http"):
iconLink = link + "/" + iconLink
return requests.get(iconLink)
def shodanSearch(favhash):
results = shodan.search(f"http.favicon.hash:{favhash}")
import platform
import re
import time
#from pexpect import pxssh # Not supported on windows
import termcolor
except ModuleNotFoundError:
exit("Please install requirements.txt (pip install -r requirements.txt")
# Check to see if the Shodan Module exists.
# We don't wanna enforce it but only allow if installed
# will need to add to requirements.txt beforehand to make sure
try:
from shodan import Shodan
API_KEY = 'INSERT_API_KEY_HERE'
SHODAN_API = Shodan(API_KEY)
except ModuleNotFoundError:
pass
from requests.auth import HTTPBasicAuth
from subprocess import Popen, PIPE
from threading import *
# [IP's for Testing on Home Network]
# 10.10.10.254 : Default Address for CloudHub
# 192.168.0.34 : Home Machine for testing purposes
# 192.168.0.1 : Common Home Router Address
# 192.168.0.254: BTHomeHub Default Address
aliveHosts = []
discoveredPorts = []
def run(self):
if self.keyFile:
self.shodan = Shodan(open(self.keyFile, "r").readline().strip())
elif self.key:
self.shodan = Shodan(self.key)
elif self.shodanCLI:
self.shodan = Shodan(get_api_key())
else:
print('[x] Wrong input API key type.')
exit(1)
if self.faviconFile or self.fileList:
self.fileList.extend(self.faviconFile)
for fav in self.fileList:
self._iterator.set_description(
f"[+] iterating over favicon files | processing {fav}")
self._iterator.update(1)
data = open(fav, 'rb').read()
_fH = self.faviconHash(data)
self.faviconsList.append({
'favhash': _fH,
'file': fav,
'_origin': fav
})
if self.faviconURL or self.urlList:
self.urlList.extend(self.faviconURL)
for fav in self.urlList:
self._iterator.set_description(
f"[+] iterating over favicon URLs | processing {fav}")
self._iterator.update(1)
headers = {
'User-Agent': self.get_user_agent(),
}
data = requests.get(fav, stream=True, headers=headers)
_dcL = self.deepConnectionLens(data)
data = data.content
_fH = self.faviconHash(data)
self.faviconsList.append({
'favhash': _fH,
'url': self.faviconURL,
'domain': fav,
'maskIP': _dcL['mIP'],
'maskISP': _dcL['mISP'],
'_origin': fav
})
if self.web or self.webList:
self.webList.extend(self.web)
for w in self.webList:
self._iterator.set_description(
f"[+] iterating over domains | processing {w}")
self._iterator.update(1)
try:
headers = {
'User-Agent': self.get_user_agent(),
}
data = requests.get(f"https://{w}",
stream=True,
headers=headers)
_dcL = self.deepConnectionLens(data)
data = self.searchFaviconHTML(f"https://{w}")
if not isinstance(data, str):
_fH = self.faviconHash(data.content, web_source=True)
else:
_fH = "not-found"
except requests.exceptions.ConnectionError:
self._iterator.write(f"[x] Connection refused by {w}.")
if len(self.webList) == 1:
exit(1)
self.faviconsList.append({
'favhash': _fH,
'domain': f"https://{w}",
'maskIP': _dcL['mIP'],
'maskISP': _dcL['mISP'],
'_origin': w
})
_alreadyScanned = {}
_aF = set([f for i in self.faviconsList for f in i])
_aF.remove('_origin')
_aF.add('found_ips')
_cObj = {}
for f in _aF:
_cObj.update({f: ''})
if self.output:
if self._output['type'].lower() == 'csv':
self._output['file'].write(','.join(f for f in _aF) + '\n')
self._iterator.reset(total=len(self.faviconsList))
for _fObject in self.faviconsList:
self._iterator.set_description(
f"[+] lookup for {_fObject['favhash']}")
self._iterator.update(1)
try:
_ = _alreadyScanned[_fObject['favhash']]
except KeyError:
found_ips = "not-found"
if _fObject['favhash'] != "not-found":
found_ips = self.shodanSearch(_fObject['favhash'])
_alreadyScanned.update({_fObject['favhash']: found_ips})
found_ips = _alreadyScanned[_fObject['favhash']]
_fObject.update({'found_ips': found_ips})
if self.show:
self._iterator.write("-" * 25)
self._iterator.write(f"[{_fObject['_origin']}]")
del _fObject['_origin']
for _atr in _fObject:
self._iterator.write(f"--> {_atr:<10} :: {_fObject[_atr]}")
if self.output:
_tcObj = _cObj
_tcObj.update(_fObject)
_t = self._output['type']
if _t.lower() == 'csv':
self._output['file'].write(','.join(
str(_tcObj[k]) for k in _tcObj) + '\n')
elif _t.lower() == 'json':
self._output['file'].write(json.dumps(_tcObj) + '\n')
else:
self._iterator.write(
"[x] Output format not supported, closing.")
exit(1)
import sys
from shodan import Shodan
from config import shodan_key
try:
sho = Shodan(shodan_key)
# query = ' '.join("120.50.13.165")
result = sho.host("123.245.10.187", minify=True)
print(result)
# sample result
# result = {
# 'region_code': '81',
# 'tags': [],
# 'ip': 2016546213,
# 'area_code': None,
# 'latitude': 23.729000000000013,
# 'hostnames': ['NEW-ASSIGNED-FROM-APNIC-20-03-2008.telnet.net.bd'],
# 'postal_code': '1000',
# 'dma_code': None,
# 'country_code': 'BD',
# 'org': 'Telnet Communication Limited',
# 'data': [],
# 'asn': 'AS38712',
# 'city': 'Dhaka',
# 'isp': 'Telnet Communication Limited',
# 'longitude': 90.41120000000001,
# 'last_update': '2019-01-16T16:39:57.393738',
# 'country_code3': 'BGD',
# 'country_name': 'Bangladesh',
# 'ip_str': '120.50.13.165',
# 'os': None,
# coding=utf-8
from shodan import Shodan
import requests
api = Shodan('PSKINdQe1GyxGgecYz2191H2JoS9qvgD')
for i in range(1, 20):
print('开始第:{}页'.format(i))
results = api.search('port:"888"', i)
if len(results['matches']) > 0:
for result in results['matches']:
try:
url = "http://" + result['ip_str'] + ":888/pma"
res = requests.get(url)
if res.status_code == 200:
print('接口状态:{} 地址:{}'.format(200, url))
except:
pass
else:
print '结束'
break
def __init__(self, api_key=DefaultValues.SHODAN_API_KEY):
self.api = Shodan(api_key)
self.results: list = []
self.shodan_results_count: int = 0
self.real_results_count: int = 0
from shodan import Shodan
import json
api = Shodan('key') #Get key from shodan API
# Lookup an IP
verified_cve = {}
hosts = ['152.1.109.5', '152.1.220.152', '152.1.52.127', '152.7.99.62']
for host in hosts:
ipinfo = api.host(host)
print(host)
print(ipinfo['vulns'])
for data in ipinfo['data']:
if 'vulns' in data:
for cve, ele in data['vulns'].items():
if ele['verified']:
verified_cve[cve] = ele['summary']
#printing only summary of the CVE whose verified flag is set to True
print(verified_cve)
print("\n")