def locateip(self, data):
if '!locateip' in data['recv']:
args = argv('!locateip', data['recv'])
api = WebAPI("KpYC07EoGBtGarTFXCpjsspMVQ0a5Aus") #don look
query = args['argv'][1]
try:
socket.inet_aton(query)
except socket.error:
return None
results = api.host(query)
output = []
output.append('OS: ' + str(results['os']))
output.append('City: ' + str(results['city']) + '\tPostal code: ' +
str(results['postal_code']))
output.append('Area code: ' + str(results['area_code']) +
'\t\tCountry code: ' + str(results['country_code']))
output.append('Region name: ' + str(results['region_name']) +
'\tCountry name: ' + str(results['country_name']))
output.append('Latitude: ' + str(results['latitude']) +
'\tLongitude: ' + str(results['longitude']))
ports = []
for data in results['data']:
port = data['port']
if not str(port) in ports:
ports.append(str(port))
output.append('Open ports: ' + ', '.join(ports))
ircoutput = ''
for line in output:
ircoutput += say(args['channel'], line)
return ircoutput
def run(self, info):
# This is where we'll collect the data we'll return.
results = []
# Skip unsupported IP addresses.
if info.version != 4:
return
ip = info.address
parsed = netaddr.IPAddress(ip)
if parsed.is_loopback() or \
parsed.is_private() or \
parsed.is_link_local():
return
# Query Shodan for this host.
try:
key = self.get_api_key()
api = WebAPI(key)
shodan = api.host(ip)
except Exception, e:
tb = traceback.format_exc()
Logger.log_error("Error querying Shodan for host %s: %s" % (ip, str(e)))
Logger.log_error_more_verbose(tb)
return
class Shodan:
""" Clase para buscar en Shodan """
def __init__(self, API_KEY):
self.api = WebAPI(API_KEY)
def buscar(self, cadena):
""" Busca segun la cadena dada """
try:
# Buscamos lo de la cadena pasada como parametro
resultado = self.api.search(str(cadena))
return resultado
except Exception as e:
print 'Ups! Ha ocurrido un error: %s' % e
resultado = []
return resultado
def obtener_info_host(self, IP):
""" Obtiene la info que pueda tener shodan sobre una IP """
try:
host = self.api.host(IP)
return host
except Exception as e:
print 'Ups! Ha ocurrido un error: %s' % e
host = []
return host
class Shodan:
""" Clase para buscar en Shodan """
def __init__(self,API_KEY):
self.api = WebAPI(API_KEY)
def buscar(self,cadena):
""" Busca segun la cadena dada """
try:
# Buscamos lo de la cadena pasada como parametro
resultado = self.api.search(str(cadena))
return resultado
except Exception as e:
print 'Ups! Ha ocurrido un error: %s' % e
resultado = []
return resultado
def obtener_info_host(self,IP):
""" Obtiene la info que pueda tener shodan sobre una IP """
try:
host = self.api.host(IP)
return host
except Exception as e:
print 'Ups! Ha ocurrido un error: %s' % e
host = []
return host
def locateip(self, data):
if '!locateip' in data['recv']:
args = argv('!locateip',data['recv'])
api = WebAPI("KpYC07EoGBtGarTFXCpjsspMVQ0a5Aus")#don look
query = args['argv'][1]
try:
socket.inet_aton(query)
except socket.error:
return None
results = api.host(query)
output = []
output.append('OS: ' + str(results['os']))
output.append('City: ' + str(results['city']) + '\tPostal code: ' + str(results['postal_code']))
output.append('Area code: ' + str(results['area_code']) + '\t\tCountry code: ' + str(results['country_code']))
output.append('Region name: ' + str(results['region_name']) + '\tCountry name: ' + str(results['country_name']))
output.append('Latitude: ' + str(results['latitude']) + '\tLongitude: ' + str(results['longitude']))
ports = []
for data in results['data']:
port = data['port']
if not str(port) in ports:
ports.append(str(port))
output.append('Open ports: ' + ', '.join(ports))
ircoutput = ''
for line in output:
ircoutput += say(args['channel'],line)
return ircoutput
class fingershodan:
def __init__(self, search, typeSearch):
self.search = search
self.typeSearch = typeSearch
self.searchList = {}
self.allCount = 0
self.__initKey()
self.__switchSearch()
def __initKey(self):
self.api = WebAPI("CvXzhcMm3YemfeNnNKE7ed9xRSCKfAhY")
def __switchSearch(self):
if self.typeSearch == "search":
self.__execSearch()
elif self.typeSearch == "lookup":
self.search = socket.gethostbyname(self.search)
self.webHost = self.api.host(self.search)
self.__execLookup()
#elif self.typeSearch=="mac":
# self.__macLocation()
def __execSearch(self):
searched = self.api.search(self.search)
for search in searched["matches"]:
try:
self.searchList["Result " + str(self.allCount)] = {
"Ip": search["ip"],
"Updated": search["updated"],
"Country": search["country_name"],
"Latitude": search["latitude"],
"Longitude": search["longitude"],
"Port": search["port"],
"Data": search["data"],
"Os": search["os"]
}
self.allCount += 1
except:
continue
def __execLookup(self):
try:
self.searchList["Result " + str(self.allCount)] = {
"Ip": self.webHost["ip"],
"Country": self.webHost["country_name"],
"City": self.webHost["city"],
"Os": self.webHost["os"],
"Banner": self.webHost["data"][0]["banner"],
"Port": self.webHost["data"][0]["port"],
"TimeStamp": self.webHost["data"][0]["timestamp"]
}
except:
print "Fail Lookup"
#def __macLocation(self):
def _returnData(self):
return self.searchList
class search_shodan(): def __init__(self,host): self.host=host self.key = "" if self.api =="": print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/" sys.exit() self.api = WebAPI(self.key) def run(self): try: host = self.api.host(self.host) return host['data'] except: #print "SHODAN empty reply or error in the call" return "error"
def shodanquery(query, api_key=None): if not api_key or api_key == "": return False api = WebAPI(api_key) if is_valid_ipv4(query): try: response = api.host(query) except: return False else: try: response = api.search(query) except: return False return response
class fingershodan:
def __init__(self,search,typeSearch):
self.search = search
self.typeSearch = typeSearch
self.searchList = {}
self.allCount = 0
self.__initKey()
self.__switchSearch()
def __initKey(self):
self.api = WebAPI("CvXzhcMm3YemfeNnNKE7ed9xRSCKfAhY")
def __switchSearch(self):
if self.typeSearch=="search":
self.__execSearch()
elif self.typeSearch=="lookup":
self.search = socket.gethostbyname(self.search)
self.webHost = self.api.host(self.search)
self.__execLookup()
#elif self.typeSearch=="mac":
# self.__macLocation()
def __execSearch(self):
searched = self.api.search(self.search)
for search in searched["matches"]:
try:
self.searchList["Result "+str(self.allCount)] = {"Ip":search["ip"],"Updated":search["updated"],
"Country":search["country_name"],"Latitude":search["latitude"],"Longitude":search["longitude"],
"Port":search["port"],"Data":search["data"],"Os":search["os"]}
self.allCount += 1
except:
continue
def __execLookup(self):
try:
self.searchList["Result "+str(self.allCount)] = {"Ip":self.webHost["ip"],"Country":self.webHost["country_name"],"City":self.webHost["city"],
"Os":self.webHost["os"],"Banner":self.webHost["data"][0]["banner"],"Port":self.webHost["data"][0]["port"],
"TimeStamp":self.webHost["data"][0]["timestamp"]}
except:
print "Fail Lookup"
#def __macLocation(self):
def _returnData(self):
return self.searchList
class shodan_plug(PluginBase):
"""This plugin returns any information from Shodan"""
name = 'shodan'
title = 'Shodan'
description = 'Computer Search Engine'
cache_timeout = 60*60*2
types = ['ip']
remote = False
def setup(self):
from shodan import WebAPI
self.api = WebAPI(self.plugin_config["api_key"])
def get_info(self, arg):
info = self.api.host(arg)
return info
class search_shodan():
def __init__(self, host):
self.host = host
self.key = ""
if self.key == "":
print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/"
sys.exit()
self.api = WebAPI(self.key)
def run(self):
try:
host = self.api.host(self.host)
return host['data']
except:
#print "SHODAN empty reply or error in the call"
return "error"
class search_shodan():
def __init__(self, host, key):
self.host = host
if key != "":
self.key = key
else:
self.key = "oCiMsgM6rQWqiTvPxFHYcExlZgg7wvTt"
if self.key == "":
print "You need an API key in order to use SHODAN database. You can get one here: http://www.shodanhq.com/"
sys.exit()
self.api = WebAPI(self.key)
def run(self):
try:
host = self.api.host(self.host)
return host['data']
except:
print "SHODAN empty reply or error in the call"
return "error"
#!/usr/bin/env python
#
# shodan plugin
#
# Author: Radek Domanski
# email: radek.domanski # gmail.com
# website: intothebug.com
from shodan import WebAPI
import sys
# put your shodan API key here
SHODAN_API_KEY = ""
api = WebAPI(SHODAN_API_KEY)
try:
host = api.host(sys.argv[1])
r = ''
# process data from shodan
for item in host['data']:
for key in item.keys():
r += "%s: %s" % (key, repr(item[key]))
r += "\n==============================\n"
print r
except Exception, e:
print "Error: %s" % e
'''
Created on Feb 22, 2014
@author: Zhu Yirong
'''
from shodan import WebAPI
SHODAN_API_KEY = "CUn5UHoYD784Z3AlfUdvulRjiP2oUBfm"
api= WebAPI(SHODAN_API_KEY)
# This example retrieves detailed information from a list of hosts, and count how many of them are accessible.
count=0
for i in range(41,50):
try:
host = api.host('217.140.75.'+str(i))
print 'accessing host %s' % host['ip']
print '%s' % host # print the entire jasonobject for the host.
count+=1
except Exception, e:
print 'Error: %s 217.140.75.%s' % (e,i)
print 'total # of available hosts in the range is %s' % count
#!/usr/bin/python # What: Snippet to include Shodan input to an ETL process. Reads a list of IP addresses and generates a json file with Shodan's output. # POC: [email protected] # License: Open Source Software - Apache2 from shodan import WebAPI import json SHODAN_API_KEY = "your api key" infilename = "hosts.txt" # one ip per line outfilename = "output.json" shodan = WebAPI(SHODAN_API_KEY) print "Reading hosts from ", infilename print "Writing json to ", outfilename, "\n" outfile = open(outfilename, 'w') for line in open(infilename, 'r'): print "Looking up ", line host = shodan.host(line) outfile.write(json.dumps(host, indent=4)) outfile.close
#!/usr/bin/env python
#
# shodan plugin
#
# Author: Radek Domanski
# email: radek.domanski # gmail.com
# website: intothebug.com
from shodan import WebAPI
import sys
# put your shodan API key here
SHODAN_API_KEY = ""
api = WebAPI(SHODAN_API_KEY)
try:
host = api.host(sys.argv[1])
r = ''
# process data from shodan
for item in host['data']:
for key in item.keys():
r += "%s: %s" % (key, repr(item[key]))
r += "\n==============================\n"
print r
except Exception, e:
print "Error: %s" % e
#!/usr/bin/python # What: Snippet to include Shodan input to an ETL process. Reads a list of IP addresses and generates a json file with Shodan's output. # POC: [email protected] # License: Open Source Software - Apache2 from shodan import WebAPI import json SHODAN_API_KEY = "your api key" infilename = "hosts.txt" # one ip per line outfilename = "output.json" shodan = WebAPI(SHODAN_API_KEY) print "Reading hosts from ", infilename print "Writing json to ", outfilename, "\n" outfile = open(outfilename, 'w') for line in open(infilename, 'r'): print "Looking up ", line host = shodan.host(line) outfile.write(json.dumps(host, indent=4)) outfile.close
class WorkerThread(threading.Thread):
'''
Worker Thread to information gathering and attack the exit nodes found.
'''
def __init__(self, queue, tid, cli):
threading.Thread.__init__(self)
self.queue = queue
self.tid = tid
self.cli = cli
self.bruteForcePorts = {'ftpBrute': 21, 'sshBrute': 22}
if self.cli.useShodan == True:
#Using Shodan to search information about this machine in shodan database.
log.info(
"[+] Shodan Activated. About to read the Development Key. ")
if self.cli.shodanKey == None:
#If the key is None, we can't use shodan.
log.warn(
"[-] Shodan Key's File has not been specified. We can't use shodan without a valid key"
)
else:
#Read the shodan key and create the WebAPI object.
shodanKey = open(self.cli.shodanKey).readline().rstrip('\n')
self.shodanApi = WebAPI(shodanKey)
log.info("[+] Connected to Shodan. ")
def run(self):
lock = threading.Lock()
while True:
lock.acquire()
host = None
try:
ip, port = self.queue.get(timeout=1)
if hasattr(self, 'shodanApi'):
log.info("[+] Using Shodan against %s " % (ip))
try:
shodanResults = self.shodanApi.host(ip)
recordShodanResults(self, ip, shodanResults)
except WebAPIError:
log.error(
"[-] There's no information about %s in the Shodan Database."
% (ip))
pass
if self.cli.brute == True:
if self.cli.usersFile != None and self.cli.passFile != None:
for method in self.bruteForcePorts.keys():
if self.bruteForcePorts[method] == port:
#Open port detected for a service supported in the "Brute-Forcer"
#Calling the method using reflection.
attr(service)
else:
log.warn(
"[-] BruteForce mode specified but there's no files for users and passwords. Use -u and -f options"
)
except Queue.Empty:
log.info("Worker %d exiting... " % self.tid)
finally:
log.info("Releasing the Lock in the Thread %d " % self.tid)
lock.release()
self.queue.task_done()
def ftpBrute(self):
log.info("Starting FTP BruteForce mode on Thread: %d " % self.tid)
#log.info("Reading the Users File: %s "%self.cli.)
def sshBrute(self):
log.info("Starting SSH BruteForce mode on Thread: %d " % self.tid)
def recordShodanResults(self, host, results):
entryFile = 'shodanScan-%s.txt' % (host)
shodanFileResults = open(entryFile, 'a')
entry = '------- SHODAN REPORT START FOR %s ------- \n' % (host)
recursiveInfo(entry, results)
entry = '------- SHODAN REPORT END FOR %s ------- \n' % (host)
shodanFileResults.write(entry)
shodanFileResults.close()
def recursiveInfo(self, entry, data):
if type(data) == dict:
for key in results.keys():
if type(key) == dict:
entry += recursiveInfo(entry, key)
elif type(key) == list:
for element in key:
if type(key) == dict:
entry += recursiveInfo(entry, key)
else:
entry += '[+]%s : %s \n' % (key, results[key])
print entry
class WorkerThread(threading.Thread):
'''
Worker Thread to information gathering and attack the exit nodes found.
'''
def __init__(self, queue, tid, cli) :
threading.Thread.__init__(self)
self.queue = queue
self.tid = tid
self.cli = cli
self.bruteForcePorts ={'ftpBrute':21, 'sshBrute':22}
if self.cli.useShodan == True:
#Using Shodan to search information about this machine in shodan database.
log.info("[+] Shodan Activated. About to read the Development Key. ")
if self.cli.shodanKey == None:
#If the key is None, we can't use shodan.
log.warn("[-] Shodan Key's File has not been specified. We can't use shodan without a valid key")
else:
#Read the shodan key and create the WebAPI object.
shodanKey = open(self.cli.shodanKey).readline().rstrip('\n')
self.shodanApi = WebAPI(shodanKey)
log.info("[+] Connected to Shodan. ")
def run(self) :
lock = threading.Lock()
while True :
lock.acquire()
host = None
try:
ip, port = self.queue.get(timeout=1)
if hasattr(self, 'shodanApi'):
log.info("[+] Using Shodan against %s " %(ip))
try:
shodanResults = self.shodanApi.host(ip)
recordShodanResults(self, ip, shodanResults)
except WebAPIError:
log.error("[-] There's no information about %s in the Shodan Database." %(ip))
pass
if self.cli.brute == True:
if self.cli.usersFile != None and self.cli.passFile != None:
for method in self.bruteForcePorts.keys():
if self.bruteForcePorts[method] == port:
#Open port detected for a service supported in the "Brute-Forcer"
#Calling the method using reflection.
attr(service)
else:
log.warn("[-] BruteForce mode specified but there's no files for users and passwords. Use -u and -f options")
except Queue.Empty :
log.info("Worker %d exiting... "%self.tid)
finally:
log.info("Releasing the Lock in the Thread %d "%self.tid)
lock.release()
self.queue.task_done()
def ftpBrute(self):
log.info("Starting FTP BruteForce mode on Thread: %d "%self.tid)
#log.info("Reading the Users File: %s "%self.cli.)
def sshBrute(self):
log.info("Starting SSH BruteForce mode on Thread: %d "%self.tid)
def recordShodanResults(self, host, results):
entryFile = 'shodanScan-%s.txt' %(host)
shodanFileResults = open(entryFile, 'a')
entry = '------- SHODAN REPORT START FOR %s ------- \n' %(host)
recursiveInfo(entry, results)
entry = '------- SHODAN REPORT END FOR %s ------- \n' %(host)
shodanFileResults.write(entry)
shodanFileResults.close()
def recursiveInfo(self, entry, data):
if type(data) == dict:
for key in results.keys():
if type(key) == dict:
entry += recursiveInfo(entry, key)
elif type(key) == list:
for element in key:
if type(key) == dict:
entry += recursiveInfo(entry, key)
else:
entry += '[+]%s : %s \n' %(key, results[key])
print entry
print 'The number of vulnerable ip addresses are %s' % len(vulnerable_Ip)
# Count the number of vulnerable port:32764 in each country
country_details = {}
for vul in vul_Country:
if vul not in country_details:
country_details[vul] = 1
else:
country_details[vul] += 1
print 'The distribution of vulnerable addresses: %s' % country_details
# Get the ip addresses and the number of devices that could be intruded into right now.
ipbreak = set()
ipbreaklocation = set()
for ip in vulnerable_Ip:
host = api.host(ip)
for port in host['data']:
if port['port'] == 80:
ipbreak.add(host['ip'])
if host['latitude'] != None and host['longitude'] != None:
ipbreaklocation.add((host['latitude'],host['longitude']))
print 'The ip addresses of devices that could be intruded are in this %s' % ipbreak
print 'The number of devices that could be intruded are %s out of 100' % len(ipbreak)
print 'The locations of devices that could be identified are in this %s' % ipbreaklocation
print 'The number of locations of devices that could be identified are %s' % len(ipbreaklocation)
except Exception, e:
print 'Error: %s' % e
