Esempio n. 1
0
class ShodanConnector:
    @exception_handler(expected_exception=ShodanConnectorInitError)
    def __init__(self, api_key=DefaultValues.SHODAN_API_KEY):
        self.api = Shodan(api_key)
        self.results: list = []
        self.shodan_results_count: int = 0
        self.real_results_count: int = 0

    @exception_handler(expected_exception=ShodanConnectorSearchError)
    def search(
        self, query: str, max_records=DefaultValues.SHODAN_DEFAULT_RESULTS_QUANTITY
    ) -> None:
        try:
            self.results = list(self.api.search_cursor(query))[:max_records]
            self.shodan_results_count = self.api.count(query).get("total")
        except (APIError, APITimeout) as api_error:
            print(f"Shodan API error: {api_error}")
        self.real_results_count = len(list(self.results))

    def get_results(self) -> list:
        return self.results

    def get_shodan_count(self) -> int:
        return self.shodan_results_count

    def get_real_count(self) -> int:
        return self.real_results_count

    def get_vulnerabilities(self) -> dict:
        return {
            host["ip_str"]: host["vulns"] for host in self.results if host.get("vulns")
        }
Esempio n. 2
0
    def sameico(self, url):
        import json
        '''
        使用shodan查找和目标使用相同图标的网站
        :param url: 访问的url
        :param ip_lis: 对该ip_lis进行添加最后进行返回
        :return:
        '''
        print("开始进行相同图标网站的查询")

        url = "http://" + url
        api = Shodan(config.shodan_api)

        url = url + "/favicon.ico"
        res = []
        try:
            hash = self.getfaviconhash(url)

            if hash:

                query = "http.favicon.hash:{}".format(hash)
                # print(query)

                print("[+] The same ico get")
                for hosts in api.search_cursor(query):
                    res.append(hosts['ip_str'])

                return res

        except:
            pass
        print("相同图标网站查询结束找到了 " + str(len(res)))
        self.ms.text_print.emit(self.sameinfo,
                                stander_output('通过相同的网站图标寻找', res))
        return res
Esempio n. 3
0
 def search(self, domain):
     """  call Shodan API and save result list to self.raw_results
     """
     api = Shodan(self.SHODAN_API)
     query = "ssl.cert.subject.cn:" + domain
     log(f"**Querying Shodan with Search query {query}\n", "INFO")
     self.raw_results = list(api.search_cursor(query))
Esempio n. 4
0
def search(db_file, keyword, api_key):
    api = Shodan(api_key)
    #query = 'product:elastic port:9200'
    query = 'product:elastic'
    if keyword is not None:
        query += ' ' + keyword
    count_results = api.count(query)
    print(f'Total results for keyword "{keyword}": {count_results["total"]}')

    with sqlite3.connect(str(db_file)) as conn:
        cur = conn.cursor()
        try:
            existing_r = cur.execute('SELECT COUNT(*) FROM IP_SEARCH_RESULT').fetchone()
            existing = existing_r[0] if len(existing_r) > 0 else 0

            results = []
            for result in api.search_cursor(query):
                
                ip = result['ip_str']
                port = result['port']
                org = result['org']
                cntry = result['location']['country_code3']
                loc = f"{result['location']['country_name']} ({result['location']['country_code']})"
                lat = result['location']['latitude']
                lon = result['location']['longitude']
                date = datetime.now().strftime('%Y-%m-%d %H:%M:%S')

                results.append((ip, port, org, cntry, loc, lat, lon, query, date))
            cur.executemany(
                    'INSERT OR REPLACE INTO IP_SEARCH_RESULT '
                    '(IP_ADDRESS, PORT, ORGANIZATION, COUNTRY_CODE, LOCATION, '
                    'LATITUDE, LONGITUDE, ORIGINAL_SEARCH_QUERY, UPDATED_DATE) '
                    'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)',
                    results)
            conn.commit()

            now_r = cur.execute('SELECT COUNT(*) FROM IP_SEARCH_RESULT').fetchone()
            now = now_r[0] if len(now_r) > 0 else 0
            print(f'New IP addresses added: {now - existing}')

        finally:
            conn.commit()
            cur.close()
Esempio n. 5
0
def shodan_search(query: str, api: Shodan, output: str):
    """
  Search Shodan for query
  """
    for matches in api.search_cursor(query):
        ip_addr = matches['ip_str']
        fw = Filewriter(basefolder=output, filename=ip_addr)
        if fw.existed:
            continue
        ftp = ftplogin(ip_addr)
        if ftp != None:
            fw.writeshodan(matches)
            try:
                ftp.retrlines('LIST', callback=fw.writeintel)
            except Exception as e:
                logging.debug('Ftp LIST failed -> {0}'.format(e))
                continue
            if ftpupload(ftp):
                fw.writeupload()
Esempio n. 6
0
def main():
    try:
        api = Shodan(api_key)
        showInfo('Querying from Shodan API')
        showInfo('Using query: {}'.format(search_query))
        search = api.search_cursor(search_query)
        showInfo('Retrieved result from Shodan')
        showInfo('Starting scanning')
        for result in search:
            ip = result['ip_str'].strip()
            port = result['port']
            th = Thread(target=check, args=(ip, port,))
            th.daemon = True
            th.start()
            while activeCount() > 5:
                sleep(0.001)
        while activeCount() > 1:
            sleep(0.001)
        exit('Scan ended')
    except Exception as e:
        exit(e)
Esempio n. 7
0
from shodan import Shodan
from shodan.cli.helpers import get_api_key
import json
import os
import subprocess

api = Shodan("api_key")
limit = 500
counter = 0
os.system("touch ips")
for banner in api.search_cursor('html:/dana/'):
    # Perform some custom manipulations or stream the results to a database
    # print(banner)
    # with open('data.txt', 'w') as outfile:
    #     json.dump(banner, outfile)

    # f = open('ips','w+')
    # print(banner['http']['host'])
    # os.system("curl -I 'https://" + banner['http']['host'] + "/dana-na///css/ds.js?/dana/html5acc/guacamole/'")
    command = "curl -I -k 'https://" + str(
        banner['http']
        ['host']) + "/dana-na///css/ds.js?/dana/html5acc/guacamole/'"
    proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
    results = proc.stdout.read().decode("utf-8")
    if '200' in results:
        f = open('ips', 'a')
        f.write(str(banner['http']['host']) + "\n")

        print(str(banner['http']['host']))
    counter += 1
    if counter >= limit:
Esempio n. 8
0
from shodan import Shodan
import os

path = '/output/'  #download path

api_key = "aWAsQyIds3Z1DLuJvA4ePfM4RoWmWSxs"  #(dummy key), replace with yours

api = Shodan(api_key)

limit = 500
counter = 0

search_ = """master_host port:"6379" OR port:"6379" "Connected Clients" """

for result in api.search_cursor(search_):
    """
    #uncomment to limit results
    counter += 1
    
    if counter >= limit:
        break

    """

    ip_str = result['ip_str']

    print(ip_str)

    filepath = path + ip_str + '.txt'
Esempio n. 9
0
class ShodanConnector:
    @exception_handler(expected_exception=ShodanConnectorInitError)
    def __init__(self, api_key=DefaultValues.SHODAN_API_KEY):
        self.api = Shodan(api_key)
        self.results: list = []
        self.shodan_results_count: int = 0
        self.real_results_count: int = 0

    def _remove_unused_fields_in_vulns(
        self,
        max_references: int = DefaultValues.
        SHODAN_MAX_VULNERABILITIES_REFERENCES
    ) -> None:
        """
        Remove fields that not useful from vulnerabilities.
        :param max_references: decrease quantity of reference to this number
        :return: None
        """
        for host in self.results:
            if not host.get("vulns"):
                continue
            for cve, cve_information in host.get("vulns", {}).items():
                if cve_information.get("references"):
                    cve_information["references"] = cve_information[
                        "references"][:max_references]
                if "verified" in cve_information.keys():
                    cve_information.pop("verified")

    @exception_handler(expected_exception=ShodanConnectorSearchError)
    def search(
            self,
            query: str,
            max_records=DefaultValues.SHODAN_DEFAULT_RESULTS_QUANTITY) -> None:
        """
        Search for defined query in Shodan database
        :param query: query to search for
        :param max_records: quantity of max records to search
        :return: None
        """
        try:
            self.results = list(self.api.search_cursor(query))[:max_records]
            self._remove_unused_fields_in_vulns()
            self.shodan_results_count = self.api.count(query).get("total")
        except (APIError, APITimeout) as api_error:
            print(f"Shodan API error: {api_error}")
        self.real_results_count = len(list(self.results))

    def get_results(self) -> list:
        """
        Return Shodan results
        :return: list of results
        """
        return self.results

    def get_shodan_count(self) -> int:
        """
        Return quantity of results from Shodan database
        :return: quantity of results
        """
        return self.shodan_results_count

    def get_real_count(self) -> int:
        """
        Return real quantity of results that
        was successfully gained from Shodan
        :return: quantity of real results that we get
        """
        return self.real_results_count

    def get_vulnerabilities(self) -> dict:
        """
        Return dictionary with vulnerabilities,
        {host: vulnerabilities}
        :return: dictionary with vulnerabilities
        """
        return {
            host["ip_str"]: host["vulns"]
            for host in self.results if host.get("vulns")
        }
Esempio n. 10
0
from shodan import Shodan

API_KEY = ""
api = Shodan(API_KEY)

# Search for websites that have been "hacked"
for banner in api.search_cursor('http.title:"hacked by"'):
    print(banner)

# Get the total number of industrial control systems services on the Internet
ics_services = api.count('tag:ics')
print('Industrial Control Systems: {}'.format(ics_services['total']))

# Get the total number of scada services on the Internet
scada_services = api.count('tag:scada')
print('Supervisory Control and Data Acquisition: {}'.format(
    scada_services['total']))

# Get the total number of plc services on the Internet
plc_services = api.count('tag:plc')
print('Programmable Logic Controller: {}'.format(plc_services['total']))

# Get the total number of dcs services on the Internet
dcs_services = api.count('tag:dcs')
print('Distributed Control System: {}'.format(dcs_services['total']))
Esempio n. 11
0
print("<\033[96m{ \033[92mAPI Scanner \033[96m}\033[0m>\n")
print("\033[91m1 \033[92m) \033[0mHost scan")
print("\033[91m2 \033[92m) \033[0mDork scan")
print("\033[91m3 \033[92m) \033[0mScan selected target \n")
choose=int(input("\033[96m[\033[91m+\033[96m] \033[0mChoose: "))
if choose==1:
   target=raw_input("\033[96m[\033[91m+\033[96m] \033[0mEnter target: ")
   print("\033[96m========== \033[92mScanning\033[0m %s \033[92mwith Shodan \033[96m==========\033[0m \n"%(target))
   os.system("shodan host "+target)
elif choose==2:
   dork=raw_input("\033[96m[\033[91m+\033[96m] \033[0mEnter dork: ")
   print("\033[96m========== \033[92mScanning\033[0m %s \033[92mdork with Shodan \033[96m==========\033[0m \n"%(dork))
   with open('apikeys/shodan.txt', 'r') as file:
      api_key = file.read().replace('\n', '')
   api = Shodan(api_key)
   for targets in api.search_cursor(dork):
      print(targets['ip_str'])
   print("\033[96m========== \033[92mScanning\033[0m %s \033[92mdork with ZoomEye \033[96m==========\033[0m \n"%(dork))
   zoom = zoomeye.ZoomEye()
   with open('apikeys/zoomuser.txt') as zfile:
      zoomuser = zfile.read().replace('\n', '')
   zoom.username = zoomuser
   with open('apikeys/zoompass.txt') as pfile:
      zoompass = pfile.read().replace('\n', '')
   zoom.password = zoompass
   logs = zoom.login()
   data = zoom.dork_search(dork)
   zoomeye.show_site_ip(data)
elif choose==3:
   with open('temp.txt', 'r') as file:
      specified=file.read().replace('\n', '')
Esempio n. 12
0
def main(api_key, search):
    api = Shodan(api_key)

    for result in api.search_cursor(search):
        print(result['hostnames'])
Esempio n. 13
0
load_dotenv()
parser = argparse.ArgumentParser()
parser.add_argument("-s", "--service", help="Specify what service to look for", choices=['googleMaps'])
args = parser.parse_args()

api = Shodan(os.getenv('SHODAN_API'))
if (args.service == "googleMaps"):
    def checkGoogleMapsApiKey(key):
        if key not in validMapsApiKeys:
            r = requests.head(
                'https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=places&signed_in=true&key=' + format(key))
            if (r.status_code == 200):
                validMapsApiKeys.add(key)
                with open("maps_keys.txt", "a") as txtfile:
                    txtfile.write(key + "\n")


    try:
        # Search Shodan
        validMapsApiKeys = set()
        for result in api.search_cursor('https://maps.googleapis.com/maps/api/js'):
            if 'http' in result:
                if 'html' in result['http']:
                    soup = BeautifulSoup(format(result['http']), features="html.parser")
                    sources = soup.findAll('script', {"src": True})
                    for source in sources:
                        if re.search(r"^https:\/\/maps.googleapis.com\/maps\/api(.*)$", source['src']):
                            checkGoogleMapsApiKey(urlparse.parse_qs(urlparse.urlparse(source['src']).query)['key'][0])
    except Exception as e:
        print('Error: {}'.format(e))
Esempio n. 14
0
from shodan import Shodan
from shodan.cli.helpers import get_api_key
import csv
import time
import json

api = Shodan(get_api_key())

limit = 1050
counter = 0
i = 0
data = []
for banner in api.search_cursor('city:Santiago country:cl port:445'):
    # Perform some custom manipulations or stream the results to a database
    # For this example, I'll just print out the "data" property
    data.append(banner)

    # Keep track of how many results have been downloaded so we don't use up all our query credits
    counter += 1
    if counter >= limit:
        break
print(len(data))

hosts = []
i = 1
for ip in data:
    print(ip['ip_str'], " ", i)
    try:
        hosts.append(api.host(ip['ip_str']))
        time.sleep(1)
    except: