def locateip(self, data): if '!locateip' in data['recv']: args = argv('!locateip', data['recv']) api = WebAPI("KpYC07EoGBtGarTFXCpjsspMVQ0a5Aus") #don look query = args['argv'][1] try: socket.inet_aton(query) except socket.error: return None results = api.host(query) output = [] output.append('OS: ' + str(results['os'])) output.append('City: ' + str(results['city']) + '\tPostal code: ' + str(results['postal_code'])) output.append('Area code: ' + str(results['area_code']) + '\t\tCountry code: ' + str(results['country_code'])) output.append('Region name: ' + str(results['region_name']) + '\tCountry name: ' + str(results['country_name'])) output.append('Latitude: ' + str(results['latitude']) + '\tLongitude: ' + str(results['longitude'])) ports = [] for data in results['data']: port = data['port'] if not str(port) in ports: ports.append(str(port)) output.append('Open ports: ' + ', '.join(ports)) ircoutput = '' for line in output: ircoutput += say(args['channel'], line) return ircoutput
def run(self, info): # This is where we'll collect the data we'll return. results = [] # Skip unsupported IP addresses. if info.version != 4: return ip = info.address parsed = netaddr.IPAddress(ip) if parsed.is_loopback() or \ parsed.is_private() or \ parsed.is_link_local(): return # Query Shodan for this host. try: key = self.get_api_key() api = WebAPI(key) shodan = api.host(ip) except Exception, e: tb = traceback.format_exc() Logger.log_error("Error querying Shodan for host %s: %s" % (ip, str(e))) Logger.log_error_more_verbose(tb) return
class Shodan: """ Clase para buscar en Shodan """ def __init__(self, API_KEY): self.api = WebAPI(API_KEY) def buscar(self, cadena): """ Busca segun la cadena dada """ try: # Buscamos lo de la cadena pasada como parametro resultado = self.api.search(str(cadena)) return resultado except Exception as e: print 'Ups! Ha ocurrido un error: %s' % e resultado = [] return resultado def obtener_info_host(self, IP): """ Obtiene la info que pueda tener shodan sobre una IP """ try: host = self.api.host(IP) return host except Exception as e: print 'Ups! Ha ocurrido un error: %s' % e host = [] return host
class Shodan: """ Clase para buscar en Shodan """ def __init__(self,API_KEY): self.api = WebAPI(API_KEY) def buscar(self,cadena): """ Busca segun la cadena dada """ try: # Buscamos lo de la cadena pasada como parametro resultado = self.api.search(str(cadena)) return resultado except Exception as e: print 'Ups! Ha ocurrido un error: %s' % e resultado = [] return resultado def obtener_info_host(self,IP): """ Obtiene la info que pueda tener shodan sobre una IP """ try: host = self.api.host(IP) return host except Exception as e: print 'Ups! Ha ocurrido un error: %s' % e host = [] return host
def locateip(self, data): if '!locateip' in data['recv']: args = argv('!locateip',data['recv']) api = WebAPI("KpYC07EoGBtGarTFXCpjsspMVQ0a5Aus")#don look query = args['argv'][1] try: socket.inet_aton(query) except socket.error: return None results = api.host(query) output = [] output.append('OS: ' + str(results['os'])) output.append('City: ' + str(results['city']) + '\tPostal code: ' + str(results['postal_code'])) output.append('Area code: ' + str(results['area_code']) + '\t\tCountry code: ' + str(results['country_code'])) output.append('Region name: ' + str(results['region_name']) + '\tCountry name: ' + str(results['country_name'])) output.append('Latitude: ' + str(results['latitude']) + '\tLongitude: ' + str(results['longitude'])) ports = [] for data in results['data']: port = data['port'] if not str(port) in ports: ports.append(str(port)) output.append('Open ports: ' + ', '.join(ports)) ircoutput = '' for line in output: ircoutput += say(args['channel'],line) return ircoutput
class fingershodan: def __init__(self, search, typeSearch): self.search = search self.typeSearch = typeSearch self.searchList = {} self.allCount = 0 self.__initKey() self.__switchSearch() def __initKey(self): self.api = WebAPI("CvXzhcMm3YemfeNnNKE7ed9xRSCKfAhY") def __switchSearch(self): if self.typeSearch == "search": self.__execSearch() elif self.typeSearch == "lookup": self.search = socket.gethostbyname(self.search) self.webHost = self.api.host(self.search) self.__execLookup() #elif self.typeSearch=="mac": # self.__macLocation() def __execSearch(self): searched = self.api.search(self.search) for search in searched["matches"]: try: self.searchList["Result " + str(self.allCount)] = { "Ip": search["ip"], "Updated": search["updated"], "Country": search["country_name"], "Latitude": search["latitude"], "Longitude": search["longitude"], "Port": search["port"], "Data": search["data"], "Os": search["os"] } self.allCount += 1 except: continue def __execLookup(self): try: self.searchList["Result " + str(self.allCount)] = { "Ip": self.webHost["ip"], "Country": self.webHost["country_name"], "City": self.webHost["city"], "Os": self.webHost["os"], "Banner": self.webHost["data"][0]["banner"], "Port": self.webHost["data"][0]["port"], "TimeStamp": self.webHost["data"][0]["timestamp"] } except: print "Fail Lookup" #def __macLocation(self): def _returnData(self): return self.searchList
class search_shodan(): def __init__(self,host): self.host=host self.key = "" if self.api =="": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.key) def run(self): try: host = self.api.host(self.host) return host['data'] except: #print "SHODAN empty reply or error in the call" return "error"
def shodanquery(query, api_key=None): if not api_key or api_key == "": return False api = WebAPI(api_key) if is_valid_ipv4(query): try: response = api.host(query) except: return False else: try: response = api.search(query) except: return False return response
class fingershodan: def __init__(self,search,typeSearch): self.search = search self.typeSearch = typeSearch self.searchList = {} self.allCount = 0 self.__initKey() self.__switchSearch() def __initKey(self): self.api = WebAPI("CvXzhcMm3YemfeNnNKE7ed9xRSCKfAhY") def __switchSearch(self): if self.typeSearch=="search": self.__execSearch() elif self.typeSearch=="lookup": self.search = socket.gethostbyname(self.search) self.webHost = self.api.host(self.search) self.__execLookup() #elif self.typeSearch=="mac": # self.__macLocation() def __execSearch(self): searched = self.api.search(self.search) for search in searched["matches"]: try: self.searchList["Result "+str(self.allCount)] = {"Ip":search["ip"],"Updated":search["updated"], "Country":search["country_name"],"Latitude":search["latitude"],"Longitude":search["longitude"], "Port":search["port"],"Data":search["data"],"Os":search["os"]} self.allCount += 1 except: continue def __execLookup(self): try: self.searchList["Result "+str(self.allCount)] = {"Ip":self.webHost["ip"],"Country":self.webHost["country_name"],"City":self.webHost["city"], "Os":self.webHost["os"],"Banner":self.webHost["data"][0]["banner"],"Port":self.webHost["data"][0]["port"], "TimeStamp":self.webHost["data"][0]["timestamp"]} except: print "Fail Lookup" #def __macLocation(self): def _returnData(self): return self.searchList
class shodan_plug(PluginBase): """This plugin returns any information from Shodan""" name = 'shodan' title = 'Shodan' description = 'Computer Search Engine' cache_timeout = 60*60*2 types = ['ip'] remote = False def setup(self): from shodan import WebAPI self.api = WebAPI(self.plugin_config["api_key"]) def get_info(self, arg): info = self.api.host(arg) return info
class search_shodan(): def __init__(self, host): self.host = host self.key = "" if self.key == "": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.key) def run(self): try: host = self.api.host(self.host) return host['data'] except: #print "SHODAN empty reply or error in the call" return "error"
class search_shodan(): def __init__(self, host, key): self.host = host if key != "": self.key = key else: self.key = "oCiMsgM6rQWqiTvPxFHYcExlZgg7wvTt" if self.key == "": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.key) def run(self): try: host = self.api.host(self.host) return host['data'] except: print "SHODAN empty reply or error in the call" return "error"
#!/usr/bin/env python # # shodan plugin # # Author: Radek Domanski # email: radek.domanski # gmail.com # website: intothebug.com from shodan import WebAPI import sys # put your shodan API key here SHODAN_API_KEY = "" api = WebAPI(SHODAN_API_KEY) try: host = api.host(sys.argv[1]) r = '' # process data from shodan for item in host['data']: for key in item.keys(): r += "%s: %s" % (key, repr(item[key])) r += "\n==============================\n" print r except Exception, e: print "Error: %s" % e
''' Created on Feb 22, 2014 @author: Zhu Yirong ''' from shodan import WebAPI SHODAN_API_KEY = "CUn5UHoYD784Z3AlfUdvulRjiP2oUBfm" api= WebAPI(SHODAN_API_KEY) # This example retrieves detailed information from a list of hosts, and count how many of them are accessible. count=0 for i in range(41,50): try: host = api.host('217.140.75.'+str(i)) print 'accessing host %s' % host['ip'] print '%s' % host # print the entire jasonobject for the host. count+=1 except Exception, e: print 'Error: %s 217.140.75.%s' % (e,i) print 'total # of available hosts in the range is %s' % count
#!/usr/bin/python # What: Snippet to include Shodan input to an ETL process. Reads a list of IP addresses and generates a json file with Shodan's output. # POC: [email protected] # License: Open Source Software - Apache2 from shodan import WebAPI import json SHODAN_API_KEY = "your api key" infilename = "hosts.txt" # one ip per line outfilename = "output.json" shodan = WebAPI(SHODAN_API_KEY) print "Reading hosts from ", infilename print "Writing json to ", outfilename, "\n" outfile = open(outfilename, 'w') for line in open(infilename, 'r'): print "Looking up ", line host = shodan.host(line) outfile.write(json.dumps(host, indent=4)) outfile.close
class WorkerThread(threading.Thread): ''' Worker Thread to information gathering and attack the exit nodes found. ''' def __init__(self, queue, tid, cli): threading.Thread.__init__(self) self.queue = queue self.tid = tid self.cli = cli self.bruteForcePorts = {'ftpBrute': 21, 'sshBrute': 22} if self.cli.useShodan == True: #Using Shodan to search information about this machine in shodan database. log.info( "[+] Shodan Activated. About to read the Development Key. ") if self.cli.shodanKey == None: #If the key is None, we can't use shodan. log.warn( "[-] Shodan Key's File has not been specified. We can't use shodan without a valid key" ) else: #Read the shodan key and create the WebAPI object. shodanKey = open(self.cli.shodanKey).readline().rstrip('\n') self.shodanApi = WebAPI(shodanKey) log.info("[+] Connected to Shodan. ") def run(self): lock = threading.Lock() while True: lock.acquire() host = None try: ip, port = self.queue.get(timeout=1) if hasattr(self, 'shodanApi'): log.info("[+] Using Shodan against %s " % (ip)) try: shodanResults = self.shodanApi.host(ip) recordShodanResults(self, ip, shodanResults) except WebAPIError: log.error( "[-] There's no information about %s in the Shodan Database." % (ip)) pass if self.cli.brute == True: if self.cli.usersFile != None and self.cli.passFile != None: for method in self.bruteForcePorts.keys(): if self.bruteForcePorts[method] == port: #Open port detected for a service supported in the "Brute-Forcer" #Calling the method using reflection. attr(service) else: log.warn( "[-] BruteForce mode specified but there's no files for users and passwords. Use -u and -f options" ) except Queue.Empty: log.info("Worker %d exiting... " % self.tid) finally: log.info("Releasing the Lock in the Thread %d " % self.tid) lock.release() self.queue.task_done() def ftpBrute(self): log.info("Starting FTP BruteForce mode on Thread: %d " % self.tid) #log.info("Reading the Users File: %s "%self.cli.) def sshBrute(self): log.info("Starting SSH BruteForce mode on Thread: %d " % self.tid) def recordShodanResults(self, host, results): entryFile = 'shodanScan-%s.txt' % (host) shodanFileResults = open(entryFile, 'a') entry = '------- SHODAN REPORT START FOR %s ------- \n' % (host) recursiveInfo(entry, results) entry = '------- SHODAN REPORT END FOR %s ------- \n' % (host) shodanFileResults.write(entry) shodanFileResults.close() def recursiveInfo(self, entry, data): if type(data) == dict: for key in results.keys(): if type(key) == dict: entry += recursiveInfo(entry, key) elif type(key) == list: for element in key: if type(key) == dict: entry += recursiveInfo(entry, key) else: entry += '[+]%s : %s \n' % (key, results[key]) print entry
class WorkerThread(threading.Thread): ''' Worker Thread to information gathering and attack the exit nodes found. ''' def __init__(self, queue, tid, cli) : threading.Thread.__init__(self) self.queue = queue self.tid = tid self.cli = cli self.bruteForcePorts ={'ftpBrute':21, 'sshBrute':22} if self.cli.useShodan == True: #Using Shodan to search information about this machine in shodan database. log.info("[+] Shodan Activated. About to read the Development Key. ") if self.cli.shodanKey == None: #If the key is None, we can't use shodan. log.warn("[-] Shodan Key's File has not been specified. We can't use shodan without a valid key") else: #Read the shodan key and create the WebAPI object. shodanKey = open(self.cli.shodanKey).readline().rstrip('\n') self.shodanApi = WebAPI(shodanKey) log.info("[+] Connected to Shodan. ") def run(self) : lock = threading.Lock() while True : lock.acquire() host = None try: ip, port = self.queue.get(timeout=1) if hasattr(self, 'shodanApi'): log.info("[+] Using Shodan against %s " %(ip)) try: shodanResults = self.shodanApi.host(ip) recordShodanResults(self, ip, shodanResults) except WebAPIError: log.error("[-] There's no information about %s in the Shodan Database." %(ip)) pass if self.cli.brute == True: if self.cli.usersFile != None and self.cli.passFile != None: for method in self.bruteForcePorts.keys(): if self.bruteForcePorts[method] == port: #Open port detected for a service supported in the "Brute-Forcer" #Calling the method using reflection. attr(service) else: log.warn("[-] BruteForce mode specified but there's no files for users and passwords. Use -u and -f options") except Queue.Empty : log.info("Worker %d exiting... "%self.tid) finally: log.info("Releasing the Lock in the Thread %d "%self.tid) lock.release() self.queue.task_done() def ftpBrute(self): log.info("Starting FTP BruteForce mode on Thread: %d "%self.tid) #log.info("Reading the Users File: %s "%self.cli.) def sshBrute(self): log.info("Starting SSH BruteForce mode on Thread: %d "%self.tid) def recordShodanResults(self, host, results): entryFile = 'shodanScan-%s.txt' %(host) shodanFileResults = open(entryFile, 'a') entry = '------- SHODAN REPORT START FOR %s ------- \n' %(host) recursiveInfo(entry, results) entry = '------- SHODAN REPORT END FOR %s ------- \n' %(host) shodanFileResults.write(entry) shodanFileResults.close() def recursiveInfo(self, entry, data): if type(data) == dict: for key in results.keys(): if type(key) == dict: entry += recursiveInfo(entry, key) elif type(key) == list: for element in key: if type(key) == dict: entry += recursiveInfo(entry, key) else: entry += '[+]%s : %s \n' %(key, results[key]) print entry
print 'The number of vulnerable ip addresses are %s' % len(vulnerable_Ip) # Count the number of vulnerable port:32764 in each country country_details = {} for vul in vul_Country: if vul not in country_details: country_details[vul] = 1 else: country_details[vul] += 1 print 'The distribution of vulnerable addresses: %s' % country_details # Get the ip addresses and the number of devices that could be intruded into right now. ipbreak = set() ipbreaklocation = set() for ip in vulnerable_Ip: host = api.host(ip) for port in host['data']: if port['port'] == 80: ipbreak.add(host['ip']) if host['latitude'] != None and host['longitude'] != None: ipbreaklocation.add((host['latitude'],host['longitude'])) print 'The ip addresses of devices that could be intruded are in this %s' % ipbreak print 'The number of devices that could be intruded are %s out of 100' % len(ipbreak) print 'The locations of devices that could be identified are in this %s' % ipbreaklocation print 'The number of locations of devices that could be identified are %s' % len(ipbreaklocation) except Exception, e: print 'Error: %s' % e