def autoroot(api_key, thread_count=10): api = WebAPI(api_key) search_queries = ['Server: Linux, HTTP/1.1, DIR', 'Mathopd/1.5p6'] #, 'Server: Linux, HTTP/1.1, DIR-300'] for query in search_queries: count = 0 page = 1 total = 0 while True: results = api.search(query) if total == 0: total = int(results['total']) print('Results found: %s' % results['total']) print('Countries found: ') pprint(results['countries']) raw_input('press enter to start hacking') dm = DlinkManager(results['matches'], thread_count=10) dm.run() page += 1 count += len(results['matches']) if count == total: break print("Rooted routers count: %i" % len(rooted)) print(rooted)
def __init__(self, host): self.host = host self.key = "" if self.key == "": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.key)
def shodan_frame(port): # Currently Supports query based on port Filter only and Displays Corresponding IP print colored( "\n[!] Shodan Search Module For NoSQL Framework Launched.....", 'yellow') api = WebAPI("API KEY GOES HERE") if port == 5984: query = '{"couchdb":"Welcome","version":""}' else: query = 'port:%s' % (port) result = api.search(query) print colored("[-] Would Like to write the Results to a File", 'green') choice = raw_input() if choice.lower() == 'y': file = open('shodan-%s.txt' % (port), 'w') for host in result['matches']: file.write(host['ip'] + "\n") print colored('[-] File to %s/shodan-%s.txt' % (os.getcwd(), port), 'green') file.close() else: print colored("[-] Printing Found IP \n", 'blue') for host in result['matches']: print colored("[-] " + host['ip'], 'green')
def locateip(self, data): if '!locateip' in data['recv']: args = argv('!locateip', data['recv']) api = WebAPI("KpYC07EoGBtGarTFXCpjsspMVQ0a5Aus") #don look query = args['argv'][1] try: socket.inet_aton(query) except socket.error: return None results = api.host(query) output = [] output.append('OS: ' + str(results['os'])) output.append('City: ' + str(results['city']) + '\tPostal code: ' + str(results['postal_code'])) output.append('Area code: ' + str(results['area_code']) + '\t\tCountry code: ' + str(results['country_code'])) output.append('Region name: ' + str(results['region_name']) + '\tCountry name: ' + str(results['country_name'])) output.append('Latitude: ' + str(results['latitude']) + '\tLongitude: ' + str(results['longitude'])) ports = [] for data in results['data']: port = data['port'] if not str(port) in ports: ports.append(str(port)) output.append('Open ports: ' + ', '.join(ports)) ircoutput = '' for line in output: ircoutput += say(args['channel'], line) return ircoutput
def __init__(self, host): self.host = host self.key = "oCiMsgM6rQWqiTvPxFHYcExlZgg7wvTt" if self.key == "": print ("You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/") sys.exit() self.api = WebAPI(self.key)
def run(self, info): # This is where we'll collect the data we'll return. results = [] # Skip unsupported IP addresses. if info.version != 4: return ip = info.address parsed = netaddr.IPAddress(ip) if parsed.is_loopback() or \ parsed.is_private() or \ parsed.is_link_local(): return # Query Shodan for this host. try: key = self.get_api_key() api = WebAPI(key) shodan = api.host(ip) except Exception, e: tb = traceback.format_exc() Logger.log_error("Error querying Shodan for host %s: %s" % (ip, str(e))) Logger.log_error_more_verbose(tb) return
def __init__(self, host): self.host = host self.shodan_api_key = "oykKBEq2KRySU33OxizNkOir5PgHpMLv" if self.shodan_api_key == "": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.shodan_api_key)
def __init__(self, shodan_api_key=None, *args, **kwargs): super(ShodanWorker, self).__init__(*args, **kwargs) if not shodan_api_key: # We should do more to find this key shodan_api_key = os.environ.get('SHODAN_API_KEY') if not shodan_api_key: raise Exception('Shodan API key required') # FIXME self.api = WebAPI(shodan_api_key) self.nmap_worker = NmapWorker()
def __init__(self, search): #Attributes self.configFile = "config.dat" self.dataList = [] self.resultsList = None self.API_KEY = "" self.loadData() self.API_KEY = self.dataList[0] self.search = search self.api = WebAPI(self.API_KEY)
def main(): # Functional options: # -s -> Just Search CarelDataServer hosts. Execution result is a text file with one host per line # -sbf -> Search and BruteForce. Execution result is a text file with hosts and possible users/passwords in those hosts # -bf -> Just BruteForce. Input file with one host per line. Execution result is an output text file with hosts and valid users/passwords # # Bruteforce methods: # -sp -> Just Simple Passwords # -da -> Dictionary Attack. Input file with one password per line func = raw_input('Select functionality (s/sbf/bf): ') while ((func != 's') and (func != 'sbf') and (func != 'bf')): func = raw_input('WRONG OPTION! Select functionality (s/sbf/bf): ') if ((func == 'sbf') or (func == 'bf')): bfm = raw_input('Select brute force method (sp/da): ') while ((bfm != 'sp') and (bfm != 'da')): func = raw_input('WRONG OPTION! Select brute force method (sp/da): ') servers = [] outfile = raw_input('Output file name: ') if ((func == 's') or (func =='sbf')): SHODAN_API_KEY = raw_input('Shodan API key: ') api = WebAPI(SHODAN_API_KEY) servers_search(api, servers) if (func == 's'): of = open(outfile, 'w') for s in servers: s.print_ip(of) of.close() if ((func == 'sbf') or (func == 'bf')): if (func == 'bf'): inputfile = raw_input('Hosts file name: ') servers_load(inputfile, servers) if (bfm == 'da'): dictfile = raw_input('Dictionary file name: ') of = open(outfile, 'w') for s in servers: s.get_users() s.simple_passwords_attack() if (bfm == 'da'): s.dictionary_attack(dictfile) s.print_logins(of) of.close()
def __init__(self, queue, tid, cli): threading.Thread.__init__(self) self.queue = queue self.tid = tid self.cli = cli self.bruteForcePorts = {'ftpBrute': 21, 'sshBrute': 22} if self.cli.useShodan == True: #Using Shodan to search information about this machine in shodan database. log.info( "[+] Shodan Activated. About to read the Development Key. ") if self.cli.shodanKey == None: #If the key is None, we can't use shodan. log.warn( "[-] Shodan Key's File has not been specified. We can't use shodan without a valid key" ) else: #Read the shodan key and create the WebAPI object. shodanKey = open(self.cli.shodanKey).readline().rstrip('\n') self.shodanApi = WebAPI(shodanKey) log.info("[+] Connected to Shodan. ")
def shodan_search(search, apikey, pages): from shodan import WebAPI if apikey: API_KEY = apikey else: API_KEY = 'ENTER YOUR API KEY HERE AND KEEP THE QUOTES' api = WebAPI(API_KEY) ips_found = [] try: results = api.search(search, page=1) total_results = results['total'] print '[+] Results: %d' % total_results print '[*] Page 1...' pages = max_pages(pages, total_results) for r in results['matches']: # Replace the following ports with port 80 since they'll virtually never have a web server running # ftp, ssh, telnet, smtp, smtp, netbios x3, smb if r['port'] in [21, 22, 23, 25, 26, 137, 138, 139, 445]: r['port'] = 80 ips_found.append('%s:%s' % (r['ip'], r['port'])) if pages > 1: i = 2 while i <= pages: results = api.search(search, page=i) print '[*] Page %d...' % i for r in results['matches']: ips_found.append(r['ip']) i += 1 return ips_found except Exception as e: print '[!] Shodan search error:', e
def main(queue): # Connect to Shodan api = WebAPI(API_KEY) # get the first page of results res = api.search(filter) #keep track of how many results we have left #total_results = res['total'] total_results = res.get('total', 0) # Start looping through results now page = 1 try: while(page * 100 <= total_results): #check the matches to see if they fit what we are looking for for host in res['matches']: queue.put_nowait(host['ip']) page +=1 res = api.search(filter,page) except Exception, e: print e
def shodan_search(search, apikey, pages): from shodan import WebAPI if apikey: API_KEY = apikey else: API_KEY = 'ENTER YOUR API KEY HERE AND KEEP THE QUOTES' api = WebAPI(API_KEY) ips_found = [] try: results = api.search(search, page=1) total_results = results['total'] print '[+] Results: %d' % total_results print '[*] Page 1...' pages = max_pages(pages, total_results) for r in results['matches']: full_ip = '%s:%s' % (r['ip'], r['port']) ips_found.append(full_ip) if pages > 1: i = 2 while i <= pages: results = api.search(search, page=i) print '[*] Page %d...' % i for r in results['matches']: full_ip = '%s:%s' % (r['ip'], r['port']) ips_found.append(full_ip) i += 1 return ips_found except Exception as e: print '[!] Shodan search error:', e
#!/usr/bin/python """ To install 'easy_install shodan' to install the shodan libraries """ from shodan import WebAPI #My key. Get your own :) KEY = "" api = WebAPI(KEY) class ShodanScanner(object): def __init__(self, KEY): self.api = WebAPI(KEY) def searchShodan(self, search_string): try: filename = 'ips.txt' fp = open(filename, 'w') self.results = self.api.search(search_string) for result in self.results['matches']: print result['ip'], str(result['latitude']), str( result['longitude']) fp.write(result['ip'] + ' ' + str(result['latitude']) + ',' + str(result['longitude']) + '\n') for name in result['hostnames']: print name print result['data'] print '***%s results with \"%s\"***' % (self.results['total'], search_string)
# mirwan aka cassaprogy,shadow_maker,suddent_death,aip,r3d3,dawflin,n1nj4,hakz, # leXel,s3my0n,MaXe,Andre Corleone ,Shamus,and all my friend . # thanks communty : Tecon-crew<[url]http://tecon-crew.org[/url]> # Void-labs <[url]http://void-labs.org[/url]> # Makassar ethical hacker<[url]http://makassarhacker.com/>[/url] # Intern0t <[url]http://forum.intern0t.net/>[/url] # Deadc0de <[url]http://forum.deadc0de.or.id/>[/url] #----------------------------------------------- import shodan, sys, time, base64, os from time import sleep from shodan import WebAPI __author__ = 'amltbXlyb21hbnRpY2Rldmls' __email__ = 'PHJvbWFudGljZGV2aWwuamltbXlAZ21haWwuY29tPg==' __api__ = 'Z4xjUqqsaQbFgYrnn3EBuoJsSC0VZTyI' #request youre api key and paste in here _lolz_ = WebAPI(__api__) def tayping(title): try: for i in title: print "\b%s" % i, sys.stdout.flush() time.sleep(0.005) except ImportError: print "Some Error", def check(): try: checking = "[C]Checking module..."
choices=['Original', 'SSLv2', 'SSLv3', 'TLSv1']) ssl.add_argument("-ci", "--cert-issuer", help="Filter by CA") ssl.add_argument("-cd", "--cert-subject", help="Filter by cert description") excl = parser.add_mutually_exclusive_group(required=True) excl.add_argument("-H", "--hostname", help="Filter by host") excl.add_argument("-q", "--query", help="Query") args = parser.parse_args().__dict__ print "\n[+] Shodan HQ search client - Written by salcho" print "[+] Starting API with key %s" % SHODAN_KEY global api api = WebAPI(SHODAN_KEY) try: inf = api.info() except WebAPIError as e: msg = "\n[-] WebAPIError! Message is: " + str(e) msg += "\n[-] Your key may be causing this. You may want to change it.\n" print msg return print "[+] Account info is:\n" for key in inf.keys(): print "\t[*] %s: %s" % (key, inf[key]) if key == 'https' and inf[key]: is_https = True if not is_https:
except : print "Error in listing " +site finally: lock.release() #print "Finished logging into ftp site %s"%site self.queue.task_done() queue = Queue.Queue() #sites = ["rtfm.mit.edu", "ftp.ncsa.uiuc.edu", "prep.ai.mit.edu", "gatekeeper.dec.com"] shodanKey = open('shodanKey').readline().rstrip('\n') api = WebAPI(shodanKey) results = api.search("port:21 anonymous") sites=results['ip'] threads = [] for i in range(4) : print "Creating WorkerThread : %d"%i worker = WorkerThread(queue, i) worker.setDaemon(True) worker.start() threads.append(worker) print "WorkerThread %d Created!"%i for site in sites : queue.put(site)
verboseprint = lambda *a: None if not (args.query or args.host or args.exploit or args.in_file): parser.error("Not enough arguements given.") if (args.host or args.exploit) and (not args.api_key or args.xml_file): parser.error( "Exploit/Host lookups aren't locally supported and require a Shodan API Key." ) if not args.xml_file and not args.api_key: parser.error("Shodan API key required to perform queries.") if args.api_key: verboseprint("key detected") api = WebAPI(args.api_key) verboseprint("webapi object created successfully") out_root = ET.Element("pydan") out_tree = ET.ElementTree(out_root) verboseprint("initialized empty xml tree for output") if args.xml_file and args.xml_file != "": verboseprint("input xml file detected") tree = ET.parse(xml_file) verboseprint("parsed xml file successfully") importXML(tree, out_tree) del tree if args.query: if args.xml_file:
def __initKey(self): self.api = WebAPI("CvXzhcMm3YemfeNnNKE7ed9xRSCKfAhY")
def __init__(self, API_KEY): self.api = WebAPI(API_KEY)
#!/usr/bin/env python ''' Faraday Penetration Test IDE - Community Version Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/) See the file 'doc/LICENSE' for the license information ''' from shodan import WebAPI import xmlrpclib SHODAN_API_KEY = "insert your API key here" api = WebAPI(SHODAN_API_KEY) # Wrap the request in a try/ except block to catch errors try: # Search Shodan print "Search Shodan" results = api.search('apache') #Connect to faraday print "Connecting Farday" api = xmlrpclib.ServerProxy("http://127.0.0.1:9876/") # Show the results print 'Results found: %s' % results['total'] for result in results['matches']: if "ip" in result: print 'IP: %s' % result['ip'] print result['data'] print '' h_id = api.createAndAddHost( result['ip'], result['os'] if result['os'] is not None else "")
def checkCam(ip): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(1.5) sock.connect((ip, 80)) sock.send('GET /anony/mjpg.cgi HTTP/1.0\r\n\r\n') res = sock.recv(100) if (res.find('200 OK') > 0): return True return False except: return False api = WebAPI(key) #get the first page of results res = api.search(filter) #keep track of how many results we have left total_pages = (res['total'] / 50) + 1 page = 1 outfile = open('camlog_new', 'w') try: while (page <= total_pages): #check the matches to see if they fit what we are looking for for r in res['matches']: #if(r['data'].find(filter)>0):
#!/usr/bin/python # What: Snippet to include Shodan input to an ETL process. Reads a list of IP addresses and generates a json file with Shodan's output. # POC: [email protected] # License: Open Source Software - Apache2 from shodan import WebAPI import json SHODAN_API_KEY = "your api key" infilename = "hosts.txt" # one ip per line outfilename = "output.json" shodan = WebAPI(SHODAN_API_KEY) print "Reading hosts from ", infilename print "Writing json to ", outfilename, "\n" outfile = open(outfilename, 'w') for line in open(infilename, 'r'): print "Looking up ", line host = shodan.host(line) outfile.write(json.dumps(host, indent=4)) outfile.close
def __new__(cls, *args, **kwargs): if not cls._instance: cls._instance = super(ShodanAPI, cls).__new__(cls, *args, **kwargs) cls._api = WebAPI(SHODAN_API_KEY) return cls._instance
def __init__(self, KEY): self.api = WebAPI(KEY)