Пример #1
0
def devices_nearby(lat, lon, id, query):
    SHODAN_API_KEY = keys['keys']['shodan']

    device = Device.objects.get(id=id)

    api = Shodan(SHODAN_API_KEY)
    fail = 0
    # Shodan sometimes fails with no reason, sleeping when it happens and it prevents rate limitation
    try:
        # Search Shodan
        results = api.search("geo:" + lat + "," + lon + ",15 " + query)
    except:
        fail = 1
        print('fail1')

    if fail == 1:
        try:
            results = api.search("geo:" + lat + "," + lon + ",15 " + query)
        except Exception as e:
            print(e)

    try:  # Show the results
        total = len(results['matches'])
        for counter, result in enumerate(results['matches']):
            if 'product' in result:
                product = result['product']
            else:
                product = ""
            current_task.update_state(state='PROGRESS',
                                      meta={
                                          'current':
                                          counter,
                                          'total':
                                          total,
                                          'percent':
                                          int((float(counter) / total) * 100)
                                      })
            device1 = DeviceNearby(device=device,
                                   ip=result['ip_str'],
                                   product=product,
                                   org=result['org'],
                                   port=str(result['port']),
                                   lat=str(result['location']['latitude']),
                                   lon=str(result['location']['longitude']))
            device1.save()

        return {'current': total, 'total': total, 'percent': 100}
    except Exception as e:
        print(e)
Пример #2
0
    def info_domains(self, domain):
        results = Shodan.search(self, 'hostname:%s' % domain)

        if 'matches' in results:
            all_domains = list(
                set([
                    item for r in results['matches'] for item in r['hostnames']
                ]))
            ips = list(set([r['ip_str'] for r in results['matches']]))
            ports = list(set([r['port'] for r in results['matches']]))
            transports = list(set([r['transport']
                                   for r in results['matches']]))
            isp = list(
                set([r['isp'] for r in results['matches'] if 'isp' in r]))
            asn = list(
                set([r['asn'] for r in results['matches'] if 'asn' in r]))
            orgs = list(
                set([r['org'] for r in results['matches'] if 'org' in r]))

            return {
                'all_domains': all_domains,
                'ips': ips,
                'ports': ports,
                'transports': transports,
                'isp': isp,
                'asn': asn,
                'orgs': orgs
            }
Пример #3
0
    def Shodan_start(self, text, page):
        try:
            data = ''
            self.Ui.action_start.setEnabled(False)
            self.Ui.pushButton_start.setEnabled(False)
            api = Shodan(self.shodan_key)
            self.Ui.textEdit_log.append(self.getTime() + '正在查询数据,请稍等...')
            eventlet.monkey_patch(thread=False)
            try:
                timeout = int(self.Ui.comboBox_timeout.currentText())
                with eventlet.Timeout(timeout, True):
                    search = api.search(text, int(page))
            except:
                self.Ui.textEdit_log.append(self.getTime() + '获取数据超时')
                self.Ui.action_start.setEnabled(True)
                self.Ui.pushButton_start.setEnabled(True)
                return

            for result in search['matches']:
                # print(result)
                ip = result['ip_str'].strip()
                port = result['port']
                data += 'http://' + str(ip) + ':' + str(port) + '\n'
            self.Ui.textEdit_result.append(data.strip())
            self.Ui.textEdit_log.append(self.getTime() + "查询结束!")
        except Exception as e:
            self.Ui.textEdit_log.append(self.getTime() + str(e))
            self.Ui.action_start.setEnabled(True)
            self.Ui.pushButton_start.setEnabled(True)
        self.Ui.action_start.setEnabled(True)
        self.Ui.pushButton_start.setEnabled(True)
Пример #4
0
def main():
    API_KEY = getpass.getpass("输入你的APIKEY:")

    try:
        os.system("clear")
        api = Shodan(API_KEY)
        results = api.search("port:3389 os:windows", limit=None, page=10)
    except:
        os.system('clear')
        print("\nWDNMD,别搞事啊!!")
        exit(0)
    print("共有:{}个结果".format(results['total']))
    FINAL = get_results(results).get_result()
    try:
        id = int(input('1.存入数据库\n2.存入文件\n你的选择:'))
    except:
        os.system('clear')
        print("\nWDNMD,别搞事啊!!")
        exit(0)
    if id ==1:
        db_action(FINAL)
    elif id == 2:
        save_to_file(FINAL)
    else:
        os.system('clear')
        print("\nWDNMD,别搞事啊!!")
        exit(0)
Пример #5
0
def shodan_search(term):
    """ Search in shodan using the dork received as parameter and return a list of IPs. """
    from shodan import Shodan 
    api = Shodan(SHODAN_API_KEY)
    try:
        results = api.search(term)
    except Exception, e:
        print 'Error: %s' % e
Пример #6
0
def shodan_search(fav_hash):
    ip = None
    shodan = Shodan(get_api_key())
    try:
        search = shodan.search(f"http.favicon.hash:{fav_hash}")
        for result in search["matches"]:
            ip = result['ip_str']
    except:
        print("Shodan Search Error")
    return ip
Пример #7
0
def apicheck():
    api = Shodan('key')
    try:
        # Search Shodan
        results = api.search('thinkphp')
        # Show the results
        print('Results found: {}'.format(results['total']))
        for result in results['matches']:
            url = "http://" + result['ip_str']
            checkall(url)
    except:
        pass
Пример #8
0
def query_shodan(crtsh_results, args):
    """ check shodan for infra using certificate serial number 
    
    Params:
        crtsh_results - list of ssl cert serials to query shodan
        shodan_key - a string representing a Shodan API token
    """
    # for each certifcate returned from crt.sh, query Shodan using the serial
    # number and return IP addresses for hosts that match
    shodan_key = args.token
    api = Shodan(shodan_key)
    shodan_results = []

    print("[+] Querying Shodan for certificate serial numbers")

    for cert in crtsh_results:
        shodan_result = {}
        serial_num = cert['serial_number']
        common_name = cert['common_name']
        query = f'ssl.cert.serial:{serial_num}'

        shodan_result['cert_serial'] = serial_num
        shodan_result['cert_common_name'] = common_name
        shodan_result['ips'] = []
        shodan_result['hostnames'] = []

        print(f'[+] Checking serial {serial_num}')
        try:
            result = api.search(query)
        except Exception as e:
            print(f'Error: {e}')
            sys.exit(1)
        else:
            time.sleep(1)
            if result['total'] != 0:
                print(
                    f'[!] Found infrastructure for serial: {serial_num} and common name: {common_name}'
                )
                for service in result['matches']:
                    print(service['ip_str'])
                    shodan_result['ips'].append(service['ip_str'])
                    for hostname in service['hostnames']:
                        print(hostname)
                        shodan_result['hostnames'].append(hostname)

            else:
                if global_verbose == True:
                    print(f'[+] No results found for serial: {serial_num}')
                continue

        shodan_results.append(shodan_result)
    return shodan_results
Пример #9
0
 def sd(self):  #shodan
     conf = configparser.ConfigParser()
     conf.read("config.ini")
     API_KEY = conf.get("shodan", "key")
     api = Shodan(API_KEY)
     sdsearch = self.lineEdit_3.text()  #搜索
     pages = self.lineEdit_4.text()  #页数
     for mun in range(1, int(pages) + int(1)):
         results = api.search(sdsearch, page=mun)
         for result in results['matches']:
             ip = result['ip_str']
             port = result['port']
             self.textEdit_3.append(str(ip) + ':' + str(port))
Пример #10
0
def main():
    if parser.query and parser.api:
        api = Shodan(parser.api)
        try:
            b = api.search(parser.query)
            print('Total targets: {}'.format(b['total']))
            for i in b['matches']:
                print('Target found: {}'.format(i['ip_str']))
        except:
            print('An error has occurred')

    else:
        print('Both params (query and api) are required')
def extend_cert_list():
    with open('config.json', 'r') as config:
        data = json.load(config)
        shodan_key = data['shodan_key']

    if not shodan_key:
        return

    shodan_api = Shodan(shodan_key)

    http_banners = []
    mmh3_hashes = set()

    with open('cert_list.txt', 'r') as cert_list:
        for _, target in enumerate(cert_list):
            try:
                target = target.strip()
                print(target)
                s = socket.socket()
                tport = 80
                s.connect((target, tport))
                head_request = str.encode('HEAD / HEAD/1.1\nHost: ' + target + '\n\n')
                s.send(head_request)
                http_banner = s.recv(1024).decode()
                http_banners.append(http_banner)
                s.close()
            except socket.error as socketerror:
                print("Error: ", socketerror)
                print('Continuing to next entry on cert list')
                s.close()
                continue
            

    for http_banner in http_banners:
        h = mmh3.hash(http_banner)
        mmh3_hashes.add(h)

    mmh3_hashes.remove(0)

    with open('extended_cert_list.txt', 'w+') as extended_cert_list:
        try:
            for h in mmh3_hashes:
                query = f'hash:{h}'
                results = shodan_api.search(query)
                print(f'Total for hash {h}: {results["total"]}')
                for result in results['matches']:
                    hostnames = result['hostnames']
                    for hostname in hostnames:
                        extended_cert_list.write(f'{hostname}\n')
        except:
            print('Potential API Error. Please upgrade your shodan account to support filter/paging')
Пример #12
0
def get_ip_data_from_shodan(api_key):
    api = Shodan(api_key)
    # https://developer.shodan.io/api

    # search = 'scada country:"DE"'
    # search = "s7-300 country:'DE'"  ## Siemens SIMATIC S7-300 (maybe Honeypots)
    search = "Wasserwerk"
    # search = "flowChief"
    # search = "http.title:'Secure Access SSL VPN' country:'DE'"  ## PulseSecure, maybe CVE-2021-2289

    print("Query shodan ...")
    data = api.search(query=search)
    for d in tqdm.tqdm(data["matches"]):
        yield d
Пример #13
0
def main():
    if parser.query:
        if parser.api:
            api = Shodan(parser.api)
            try:
                b = api.search(parser.query)
                print("Total de Objetivos: {}".format(b['total']))
                for i in b['matches']:
                    print("Target encontrado: {}".format(i['ip_str']))
            except:
                print("Error en la consulta")
        else:
            print("Introduce tu api key")
    else:
        print("Introduce un caracter de busqueda")
Пример #14
0
    def info_domains(self, domain):
        results = Shodan.search(self, 'hostname:%s' % domain)

        if 'matches' in results:
            all_domains = list(set([item for r in results['matches'] for item in r['hostnames']]))
            ips = list(set([r['ip_str'] for r in results['matches']]))
            ports = list(set([r['port'] for r in results['matches']]))
            transports = list(set([r['transport'] for r in results['matches']]))
            isp = list(set([r['isp'] for r in results['matches'] if 'isp' in r]))
            asn = list(set([r['asn'] for r in results['matches'] if 'asn' in r]))
            orgs = list(set([r['org'] for r in results['matches'] if 'org' in r]))

            return {'all_domains': all_domains, 'ips': ips, 'ports': ports, 'transports': transports,
                    'isp': isp, 'asn': asn, 'orgs': orgs
                    }
def sudanFunction(ip):
    ip = ip.strip()
    lines = []
    api = Shodan(shodanAPIKey.getAPIKey())

    if isAnIP(ip) != 1:
        return "545"
    else:
        # Perform the search
        query = ' '.join(ip)
        result = api.search(query)
        print(type(result))
    for service in result['matches']:
        lines.append(service['ip_str'])
    return lines
Пример #16
0
    def api_query(self):
        try:
            api = Shodan(self.api_key)
            result = api.search(query=self.query,
                                offset=self.offset,
                                limit=self.limit)
        except APIError as e:
            outputscreen.error(e)
            sys.exit()

        if 'matches' in result:
            for match in result.get('matches'):
                conf.target.put(
                    match.get('ip_str') + ':' + str(match.get('port')))
        else:
            pass
Пример #17
0
def prepare_lists():
    from shodan import Shodan
    import configparser

    config = configparser.ConfigParser()
    config.read(RootDir + "/config.txt")
    shodan_key = config['credentials']['SHODAN_API_KEY']
    pages = config['configuration']['PAGES']
    dork = config['configuration']['DORK']

    api = Shodan(shodan_key)
    IPs = []

    for i in pages:
        results = ([l['ip_str'] for l in api.search(dork)['matches']])
        IPs += results
    with open(RootDir + "/sources.txt", mode="w") as sourcelist:
        for IP in IPs:
            sourcelist.write("ftp://{}\n".format(IP))
Пример #18
0
    def search(self, query):
        try:
            success("Shodan'daki {}. sayfadan bot aranıyor!".format(
                self.last_page))
            api = Shodan(self.api_key)
            tmp = api.search(query, page=self.last_page)
            self.last_page = self.last_page + 1
            success("Liste indirildi")
            real_ips = []
            for zombie in tmp["matches"]:
                ip = IPAddress(zombie["ip_str"])
                if (str(ip.version) == "4"):
                    real_ips.append(zombie)

            self.last_search = {
                "matches": self.last_search["matches"] + real_ips,
                "total": self.last_search["total"] + len(real_ips)
            }

            return self.last_search
        except APIError as e:
            error(str(e))
            return False
Пример #19
0
    if not args.silent:
        sys.stdout.write('%s[-] invalid favicon%s\n' % (fg('red'), attr(0)))
    exit()

favhash = faviconHash(data, web_src)
if not args.silent:
    sys.stdout.write('%s[+] hash calculated: %s%s\n' %
                     (fg('green'), str(favhash), attr(0)))

if shokey:
    shodan = Shodan(shokey)
    search = 'http.favicon.hash:' + str(favhash)
    if not args.silent:
        sys.stdout.write('[+] searching: %s\n' % search)
    try:
        t_results = shodan.search(search)
        # print(t_results)
    except Exception as e:
        sys.stdout.write("%s[-] error occurred: %s%s\n" %
                         (fg('red'), e, attr(0)))
        exit()
    if not args.silent:
        sys.stdout.write('%s[+] %d results found%s\n' %
                         (fg('green'), len(t_results['matches']), attr(0)))
    for result in t_results['matches']:
        tmp = []
        for v in t_values:
            if v in result:
                tmp.append(str(result[v]))
            else:
                tmp.append('')
Пример #20
0
def shodan_search_worker(fk,
                         query,
                         search_type,
                         category,
                         country=None,
                         coordinates=None,
                         all_results=False):
    results = True
    page = 1
    SHODAN_API_KEY = keys['keys']['shodan']
    pages = 0
    screenshot = ""
    print(query)

    while results:
        if pages == page:
            results = False
            break

        # Shodan sometimes fails with no reason, sleeping when it happens and it prevents rate limitation
        search = Search.objects.get(id=fk)
        api = Shodan(SHODAN_API_KEY)
        fail = 0

        try:
            time.sleep(5)
            if coordinates:
                results = api.search("geo:" + coordinates + ",20 " + query,
                                     page)
            if country:
                results = api.search("country:" + country + " " + query, page)
        except:
            fail = 1
            print('fail1, sleeping...')

        if fail == 1:
            try:
                time.sleep(10)
                if coordinates:
                    results = api.search("geo:" + coordinates + ",20 " + query,
                                         page)
                if country:
                    results = api.search("country:" + country + " " + query,
                                         page)
            except Exception as e:
                results = False
                print(e)
        try:
            total = results['total']

            if total == 0:
                print("no results")
                break
        except Exception as e:
            print(e)
            break

        pages = math.ceil(total / 100) + 1
        print(pages)

        for counter, result in enumerate(results['matches']):
            lat = str(result['location']['latitude'])
            lon = str(result['location']['longitude'])
            city = ""
            indicator = []
            # print(counter)
            # time.sleep(20)

            try:
                product = result['product']
            except:
                product = ""

            if 'vulns' in result:
                vulns = [*result['vulns']]
            else:
                vulns = ""

            if result['location']['city'] != None:
                city = result['location']['city']

            hostnames = ""
            try:
                if 'hostnames' in result:
                    hostnames = result['hostnames'][0]
            except:
                pass

            try:
                if 'SAILOR' in result['http']['title']:
                    html = result['http']['html']
                    soup = BeautifulSoup(html)
                    for gps in soup.find_all("span", {"id": "gnss_position"}):
                        coordinates = gps.contents[0]
                        space = coordinates.split(' ')
                        if "W" in space:
                            lon = "-" + space[2][:-1]
                        else:
                            lon = space[2][:-1]
                        lat = space[0][:-1]
            except Exception as e:
                pass

            if 'opts' in result:
                try:
                    screenshot = result['opts']['screenshot']['data']

                    with open(
                            "app_kamerka/static/images/screens/" +
                            result['ip_str'] + ".jpg", "wb") as fh:
                        fh.write(base64.b64decode(screenshot))
                        fh.close()
                        for i in result['opts']['screenshot']['labels']:
                            indicator.append(i)
                except Exception as e:
                    pass

            if query == "Niagara Web Server":
                try:
                    soup = BeautifulSoup(result['http']['html'],
                                         features="html.parser")
                    nws = soup.find("div", {"class": "top"})
                    indicator.append(nws.contents[0])
                except:
                    pass

            # get indicator from niagara fox
            if result['port'] == 1911 or result['port'] == 4911:
                try:
                    fox_data_splitted = result['data'].split("\n")
                    for i in fox_data_splitted:
                        if "station.name" in i:
                            splitted = i.split(":")
                            indicator.append(splitted[1])
                except:
                    pass

            # get indicator from tank
            if result['port'] == 10001:
                try:
                    tank_info = result['data'].split("\r\n\r\n")
                    indicator.append(tank_info[1])
                except:
                    pass

            if result['port'] == 2000:
                try:
                    ta_data = result['data'].split("\\n")
                    indicator.append(ta_data[1][:-3])
                except Exception as e:
                    pass

            if result['port'] == 502:
                try:
                    sch_el = result['data'].split('\n')
                    if sch_el[4].startswith("-- Project"):
                        indicator.append(sch_el[4].split(": ")[1])
                except:
                    pass

            if "GPGGA" in result['data']:
                try:
                    splitted_data = result['data'].split('\n')
                    for i in splitted_data:
                        if "GPGGA" in i:
                            msg = pynmea2.parse(i)
                            lat = msg.latitude
                            lon = msg.longitude
                            break
                except Exception as e:
                    print(e)

            if result['port'] == 102:
                try:
                    s7_data = result['data'].split("\n")
                    for i in s7_data:
                        if i.startswith("Plant"):
                            indicator.append(i.split(":")[1])
                        if i.startswith("PLC"):
                            indicator.append(i.split(":")[1])
                        if i.startswith("Module name"):
                            indicator.append(i.split(":")[1])
                except:
                    pass
            # get indicator from bacnet
            if result['port'] == 47808:
                try:
                    bacnet_data_splitted = result['data'].split("\n")
                    for i in bacnet_data_splitted:
                        if "Description" in i:
                            splitted1 = i.split(":")
                            indicator.append(splitted1[1])
                        if "Object Name" in i:
                            splitted2 = i.split(":")
                            indicator.append(splitted2[1])

                        if "Location" in i:
                            splitted3 = i.split(":")
                            indicator.append(splitted3[1])
                except:
                    pass

            device = Device(search=search,
                            ip=result['ip_str'],
                            product=product,
                            org=result['org'],
                            data=result['data'],
                            port=str(result['port']),
                            type=search_type,
                            city=city,
                            lat=lat,
                            lon=lon,
                            country_code=result['location']['country_code'],
                            query=search_type,
                            category=category,
                            vulns=vulns,
                            indicator=indicator,
                            hostnames=hostnames,
                            screenshot=screenshot)
            device.save()

        page = page + 1
        if not all_results:
            results = False
Пример #21
0
class FavUp(object):
    def __init__(self, *args, **kwargs):
        """ Parse the arguments
        """
        self.show = None
        self._iterator = None
        self.shodan = None

        self.key = None
        self.keyFile = None
        self.shodanCLI = None

        self.faviconFile = []
        self.faviconURL = []
        self.web = []

        self.fileList = []
        self.urlList = []
        self.webList = []

        self.faviconsList = []

        self.current_work_dir = os.getcwd()
        self.ua_json_location = "{}/data/ua.json".format(self.current_work_dir)
        self.ua = UserAgent(path=self.ua_json_location)

        self.output = ""
        self._output = None

        if kwargs.get('show'):
            self.show = True
            ap = argparse.ArgumentParser(prog="favup",
                                         usage="python3 %(prog)s [options]")

            ap.add_argument(
                '-kf',
                '--key-file',
                help="Specify the file which contains the API key.")
            ap.add_argument('-k', '--key', help="Specify the API key.")
            ap.add_argument('-sc',
                            '--shodan-cli',
                            help="Load the API key from Shodan CLI.",
                            action="store_true")

            ap.add_argument('-ff',
                            '--favicon-file',
                            help="Load the favicon icon from a local file.")
            ap.add_argument('-fu',
                            '--favicon-url',
                            help="Load the favicon icon from an URL.")
            ap.add_argument(
                '-w',
                '--web',
                help="Extracts the favicon location from the page.")

            ap.add_argument(
                '-fl',
                '--favicon-list',
                help=
                "Iterate over a file that contains the full path of all the icons which you want to lookup."
            )
            ap.add_argument(
                '-ul',
                '--url-list',
                help=
                "Iterate over a file that contains the full URL of all the icons which you want to lookup."
            )
            ap.add_argument(
                '-wl',
                '--web-list',
                help=
                "Iterate over a file that contains all the domains which you want to lookup."
            )

            ap.add_argument(
                '-o',
                '--output',
                help=
                "Specify output file, currently supported formats are CSV and JSON."
            )

            args = self._argsCheck(ap.parse_args())
            self.key = args.key
            self.keyFile = args.key_file
            self.shodanCLI = args.shodan_cli
            self.faviconFile = [args.favicon_file] if args.favicon_file else []
            self.faviconURL = [args.favicon_url] if args.favicon_url else []
            self.web = [args.web] if args.web else []
            self.fileList = self._serializeListFile(
                args.favicon_list) if args.favicon_list else []
            self.urlList = self._serializeListFile(
                args.url_list) if args.url_list else []
            self.webList = self._serializeListFile(
                args.web_list) if args.web_list else []
            self.output = args.output

            self._iterator = tqdm(total=len(self.fileList) +
                                  len(self.urlList) + len(self.webList))

            if self.output:
                self._output = {
                    'type': self.output.split('.')[1],
                    'file': open(self.output, 'w')
                }

            self.run()

            if self.output:
                self._output['file'].close()

    def _argsCheck(self, args):
        if not (args.key_file or args.key or args.shodan_cli):
            print(
                '[x] Please specify the key with --key, --key-file or --shodan-cli.'
            )
            exit(1)

        if not (args.favicon_file or args.favicon_url or args.web
                or args.favicon_list or args.url_list or args.web_list):
            print(
                '[x] Please specify the source of the favicon with --favicon-file, --favicon-url, --web'
                + ', --favicon-list, --url-list or --web-list.')
            exit(1)

        return args

    def _serializeListFile(self, inputFile):
        """ Remove whitespace chars and lines
        """
        _output = []
        with open(inputFile, 'r') as inFile:
            for _l in inFile:
                if _l.strip():
                    _output.append(_l.strip())
        return _output

    def run(self):
        if self.keyFile:
            self.shodan = Shodan(open(self.keyFile, "r").readline().strip())
        elif self.key:
            self.shodan = Shodan(self.key)
        elif self.shodanCLI:
            self.shodan = Shodan(get_api_key())
        else:
            print('[x] Wrong input API key type.')
            exit(1)

        if self.faviconFile or self.fileList:
            self.fileList.extend(self.faviconFile)
            for fav in self.fileList:
                self._iterator.set_description(
                    f"[+] iterating over favicon files | processing {fav}")
                self._iterator.update(1)
                data = open(fav, 'rb').read()
                _fH = self.faviconHash(data)
                self.faviconsList.append({
                    'favhash': _fH,
                    'file': fav,
                    '_origin': fav
                })
        if self.faviconURL or self.urlList:
            self.urlList.extend(self.faviconURL)
            for fav in self.urlList:
                self._iterator.set_description(
                    f"[+] iterating over favicon URLs | processing {fav}")
                self._iterator.update(1)
                headers = {
                    'User-Agent': self.get_user_agent(),
                }
                data = requests.get(fav, stream=True, headers=headers)
                _dcL = self.deepConnectionLens(data)
                data = data.content
                _fH = self.faviconHash(data)
                self.faviconsList.append({
                    'favhash': _fH,
                    'url': self.faviconURL,
                    'domain': fav,
                    'maskIP': _dcL['mIP'],
                    'maskISP': _dcL['mISP'],
                    '_origin': fav
                })
        if self.web or self.webList:
            self.webList.extend(self.web)
            for w in self.webList:
                self._iterator.set_description(
                    f"[+] iterating over domains | processing {w}")
                self._iterator.update(1)
                try:
                    headers = {
                        'User-Agent': self.get_user_agent(),
                    }
                    data = requests.get(f"https://{w}",
                                        stream=True,
                                        headers=headers)
                    _dcL = self.deepConnectionLens(data)
                    data = self.searchFaviconHTML(f"https://{w}")
                    if not isinstance(data, str):
                        _fH = self.faviconHash(data.content, web_source=True)
                    else:
                        _fH = "not-found"
                except requests.exceptions.ConnectionError:
                    self._iterator.write(f"[x] Connection refused by {w}.")
                    if len(self.webList) == 1:
                        exit(1)
                self.faviconsList.append({
                    'favhash': _fH,
                    'domain': f"https://{w}",
                    'maskIP': _dcL['mIP'],
                    'maskISP': _dcL['mISP'],
                    '_origin': w
                })
        _alreadyScanned = {}

        _aF = set([f for i in self.faviconsList for f in i])
        _aF.remove('_origin')
        _aF.add('found_ips')

        _cObj = {}
        for f in _aF:
            _cObj.update({f: ''})

        if self.output:
            if self._output['type'].lower() == 'csv':
                self._output['file'].write(','.join(f for f in _aF) + '\n')

        self._iterator.reset(total=len(self.faviconsList))
        for _fObject in self.faviconsList:
            self._iterator.set_description(
                f"[+] lookup for {_fObject['favhash']}")
            self._iterator.update(1)
            try:
                _ = _alreadyScanned[_fObject['favhash']]
            except KeyError:
                found_ips = "not-found"
                if _fObject['favhash'] != "not-found":
                    found_ips = self.shodanSearch(_fObject['favhash'])
                _alreadyScanned.update({_fObject['favhash']: found_ips})
            found_ips = _alreadyScanned[_fObject['favhash']]
            _fObject.update({'found_ips': found_ips})

            if self.show:
                self._iterator.write("-" * 25)
                self._iterator.write(f"[{_fObject['_origin']}]")
                del _fObject['_origin']
                for _atr in _fObject:
                    self._iterator.write(f"--> {_atr:<10} :: {_fObject[_atr]}")

            if self.output:
                _tcObj = _cObj
                _tcObj.update(_fObject)
                _t = self._output['type']
                if _t.lower() == 'csv':
                    self._output['file'].write(','.join(
                        str(_tcObj[k]) for k in _tcObj) + '\n')
                elif _t.lower() == 'json':
                    self._output['file'].write(json.dumps(_tcObj) + '\n')
                else:
                    self._iterator.write(
                        "[x] Output format not supported, closing.")
                    exit(1)

    def faviconHash(self, data, web_source=None):
        if web_source:
            b64data = base64.encodebytes(data).decode()
        else:
            b64data = base64.encodebytes(data)
        return mmh3.hash(b64data)

    def searchFaviconHTML(self, link):
        data = requests.get(link, stream=True)
        soup = BeautifulSoup(data.content, 'html.parser')
        searchIcon = soup.find('link', rel='icon')
        if searchIcon:
            iconLink = searchIcon.get("href")
            if not iconLink.startswith("http"):
                iconLink = link + "/" + iconLink
            return requests.get(iconLink)
        return "not-found"

    def shodanSearch(self, favhash):
        time.sleep(1)
        results = self.shodan.search(f"http.favicon.hash:{favhash}")
        return '|'.join([s['ip_str'] for s in results["matches"]])

    def deepConnectionLens(self, response):
        mIP = 'not-found'
        mISP = 'not-found'
        if response.status_code == 200:
            try:
                mIP = list(response.raw._connection.sock.getpeername())[0]
                mISP = IPWhois(mIP).lookup_whois()['nets'][0]['name']
            except AttributeError:
                try:
                    mIP = list(
                        response.raw._connection.sock.socket.getpeername())[0]
                    mISP = IPWhois(mIP).lookup_whois()['nets'][0]['name']
                except AttributeError:
                    pass
        if mIP == 'not-found':
            self._iterator.write(
                f"[x] There's problem when getting icon for {response.url.split('/')[2]} with status code: {response.status_code}"
            )
        return {'mIP': mIP, 'mISP': mISP}

    def get_user_agent(self):
        try:
            return self.ua.random
        except FakeUserAgentError:
            return "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
Пример #22
0
# coding=utf-8
from shodan import Shodan
import requests

api = Shodan('PSKINdQe1GyxGgecYz2191H2JoS9qvgD')

for i in range(1, 20):
    print('开始第:{}页'.format(i))
    results = api.search('port:"888"', i)
    if len(results['matches']) > 0:
        for result in results['matches']:
            try:
                url = "http://" + result['ip_str'] + ":888/pma"
                res = requests.get(url)
                if res.status_code == 200:
                    print('接口状态:{} 地址:{}'.format(200, url))
            except:
                pass
    else:
        print '结束'
        break
Пример #23
0
def query_shodan(list_id_domain, con, lazy_rating=1):
    ret_list = []
    with open('../config/shodan.key', 'r') as f:
        key = f.read().replace('\n', '')
    api = Shodan(key)

    for domain_id, domain in list_id_domain:
        print("domain: " + domain)
        ipaddr = socket.gethostbyname(domain)
        res = {}
        for i in range(0, 5):
            try:
                honeypot_score = query_honeypot_score(ipaddr, key)
                break
            except:
                time.sleep(1)
        if str(honeypot_score)[0] != "{":
            res["honeypot_score"] = honeypot_score

        query_base = "https://www.shodan.io/search?query="
        query_malware = 'category:malware ip:' + ipaddr
        for i in range(0, 5):
            try:
                result_malware = api.search(query_malware)
                break
            except:
                time.sleep(1)

        try:
            if len(result_malware["matches"]) == 0:
                res["shodan_malware"] = 0
                res["shodan_malware_query"] = ""
            else:
                res["shodan_malware"] = 1
                res["shodan_malware_query"] = base64.b64encode(
                    (query_base + query_malware).encode('ascii'))
        except:
            pass

        query_default_creds = '"default password" ip:' + ipaddr
        for i in range(0, 5):
            try:
                result_creds = api.search(query_default_creds)
                break
            except:
                time.sleep(1)

        try:
            if len(result_creds["matches"]) == 0:
                res["shodan_creds"] = 0
                res["shodan_creds_query"] = ""
            else:
                res["shodan_creds"] = 1
                res["shodan_creds_query"] = base64.b64encode(
                    (query_base + query_default_creds).encode('ascii'))
        except:
            pass
        res = {k: v for k, v in res.items() if v is not None}
        update_query = 'UPDATE urls SET {} WHERE idUrl=%s'.format(', '.join(
            '{}=%s'.format(k) for k in res))

        cur = con.cursor()
        changed = cur.execute(update_query,
                              tuple(list(res.values())) + (domain_id, ))
        con.commit()
        if lazy_rating == 0 or changed != 0:
            if update_score(con, domain_id) != 0:
                ret_list.append(domain_id)
    return ret_list
Пример #24
0
def shodan_search_worker(fk,
                         query,
                         search_type,
                         category,
                         country=None,
                         coordinates=None,
                         all_results=False):
    results = True
    page = 1
    SHODAN_API_KEY = keys['keys']['shodan']
    pages = 0
    while results:
        if pages == page:
            results = False
            break

        search = Search.objects.get(id=fk)
        api = Shodan(SHODAN_API_KEY)
        fail = 0

        try:
            time.sleep(5)
            if coordinates:
                results = api.search("geo:" + coordinates + ",20 " + query,
                                     page)
            if country:
                results = api.search("country:" + country + " " + query, page)
        except:
            fail = 1
            print('fail1, sleeping...')

        if fail == 1:
            try:
                time.sleep(10)
                if coordinates:
                    results = api.search("geo:" + coordinates + ",20 " + query,
                                         page)
                if country:
                    results = api.search("country:" + country + " " + query,
                                         page)
            except Exception as e:
                results = False
                print(e)

        total = results['total']
        if total == 0:
            print("no results")
            break

        pages = math.ceil(total / 100) + 1
        print(pages)

        for counter, result in enumerate(results['matches']):
            city = ""
            indicator = []
            print(counter)
            # time.sleep(20)

            try:
                product = result['product']
            except:
                product = ""

            if 'vulns' in result:
                vulns = [*result['vulns']]
            else:
                vulns = ""

            if result['location']['city'] != None:
                city = result['location']['city']

            hostnames = ""
            try:
                if 'hostnames' in result:
                    hostnames = result['hostnames'][0]
            except:
                pass

            if result['port'] == 1911 or result['port'] == 4911:
                try:
                    fox_data_splitted = result['data'].split("\n")
                    for i in fox_data_splitted:
                        if "station.name" in i:
                            splitted = i.split(":")
                            indicator.append(splitted[1])
                except:
                    pass

            elif result['port'] == 10001:
                try:
                    tank_info = result['data'].split("\r\n\r\n")
                    indicator.append(tank_info[1])
                except:
                    pass

            elif result['port'] == 47808:
                try:
                    bacnet_data_splitted = result['data'].split("\n")
                    for i in bacnet_data_splitted:
                        if "Description" in i:
                            splitted1 = i.split(":")
                            indicator.append(splitted1[1])
                        if "Object Name" in i:
                            splitted2 = i.split(":")
                            indicator.append(splitted2[1])

                        if "Location" in i:
                            splitted3 = i.split(":")
                            indicator.append(splitted3[1])
                except:
                    pass
            else:
                indicator = ""

            device = Device(search=search,
                            ip=result['ip_str'],
                            product=product,
                            org=result['org'],
                            data=result['data'],
                            port=str(result['port']),
                            type=search_type,
                            city=city,
                            lat=str(result['location']['latitude']),
                            lon=str(result['location']['longitude']),
                            country_code=result['location']['country_code'],
                            query=search_type,
                            category=category,
                            vulns=vulns,
                            indicator=indicator,
                            hostnames=hostnames)
            device.save()

        page = page + 1
        if not all_results:
            results = False
Пример #25
0
 def search(self, query, page=1):
     results = Shodan.search(self, query, page=page)
     return results
from shodan import Shodan
import sys

domain = sys.argv[1]
hosts=[]
api = Shodan('YOUR_API_KEY')

results=api.search('hostname:.{}'.format(domain))
try:
	for res in results['matches']:
		hosts.append(''.join(res['hostnames']))
except KeyError:
	pass

with open('shodan_subdomains.txt', 'w') as f:
    for item in hosts:
        f.write("%s\n" % item)
#return hosts
Пример #27
0
from shodan import Shodan
import requests
import subprocess

IP = ""
api = Shodan('')

def url_ok(url):
    r = requests.head("http://" + url)
    return r.status_code == 200

def check_page(url):
    r = requests.get("http://" + url + "/admin/")
    return "Pi-hole" in r.text

def pruneIPS(vulnerableIPs):
    for i in vulnerableIPs:
        if not url_ok(i):
            if not check_page(i):
                vulnerableIPs.remove(i)
    return vulnerableIPs

result = api.search("pi-hole")

VulnerableIP = []
for service in result['matches']:
    if service['ip_str'] == IP:
       ulnerableIP.append(service['ip_str'])
        print("Yes")
Пример #28
0
 def search(self, query, page=1):
     results = Shodan.search(self, query, page=page)
     return results
Пример #29
0
    def Search(self):

        try:
            Data_to_Cache = []
            Directory = General.Make_Directory(self.Plugin_Name.lower())
            logger = logging.getLogger()
            logger.setLevel(logging.INFO)
            Log_File = General.Logging(Directory, self.Plugin_Name.lower())
            handler = logging.FileHandler(os.path.join(Directory, Log_File),
                                          "w")
            handler.setLevel(logging.DEBUG)
            formatter = logging.Formatter("%(levelname)s - %(message)s")
            handler.setFormatter(formatter)
            logger.addHandler(handler)
            Shodan_API_Key = self.Load_Configuration()
            API_Session = Shodan(Shodan_API_Key)
            Cached_Data_Object = General.Cache(Directory, self.Plugin_Name)
            Cached_Data = Cached_Data_Object.Get_Cache()

            for Query in self.Query_List:

                try:

                    if self.Type == "Search":
                        Local_Plugin_Name = self.Plugin_Name + "-Search"

                        try:
                            API_Response = API_Session.search(Query)

                        except Exception as e:
                            logging.error(
                                f"{Common.Date()} - {self.Logging_Plugin_Name} - {str(e)}."
                            )
                            break

                        JSON_Output_Response = Common.JSON_Handler(
                            API_Response).Dump_JSON()
                        Main_File = General.Main_File_Create(
                            Directory, Local_Plugin_Name, JSON_Output_Response,
                            Query, self.The_File_Extensions["Main"])
                        Output_Connections = General.Connections(
                            Query, Local_Plugin_Name, self.Domain,
                            self.Result_Type, self.Task_ID,
                            self.Plugin_Name.lower())
                        Current_Step = 0

                        for Shodan_Item in API_Response["matches"]:
                            Shodan_Item_Module = Shodan_Item['_shodan'][
                                'module']
                            Shodan_Item_Module = Shodan_Item_Module.replace(
                                '-simple-new', '')

                            if Shodan_Item_Module.startswith("http"):
                                Shodan_Item_Host = ""
                                Shodan_Item_Port = 0

                                if 'http' in Shodan_Item:
                                    Shodan_Item_Host = Shodan_Item['http'][
                                        'host']
                                    Shodan_Item_Response = Shodan_Item['http'][
                                        'html']

                                elif 'ip_str' in Shodan_Item and 'domains' in Shodan_Item and len(
                                        Shodan_Item['domains']) > 0:
                                    Shodan_Item_Host = Shodan_Item['domains'][
                                        0]
                                    Shodan_Item_Response = Shodan_Item['data']

                                elif 'ip_str' in Shodan_Item and 'domains' not in Shodan_Item:
                                    Shodan_Item_Host = Shodan_Item['ip_str']
                                    Shodan_Item_Response = Shodan_Item['data']

                                if Shodan_Item_Host:

                                    if 'port' in Shodan_Item_Host:

                                        if int(Shodan_Item['port']) not in [
                                                80, 443
                                        ]:
                                            Shodan_Item_Port = Shodan_Item[
                                                'port']

                                    if Shodan_Item_Port != 0:
                                        Shodan_Item_URL = f"{Shodan_Item_Module}://{Shodan_Item_Host}:{str(Shodan_Item_Port)}"

                                    else:
                                        Shodan_Item_URL = f"{Shodan_Item_Module}://{Shodan_Item_Host}"

                                    Title = f"Shodan | {str(Shodan_Item_Host)}"

                                    if Shodan_Item_URL not in Cached_Data and Shodan_Item_URL not in Data_to_Cache and Current_Step < int(
                                            self.Limit):
                                        Output_file = General.Create_Query_Results_Output_File(
                                            Directory, Query,
                                            Local_Plugin_Name,
                                            Shodan_Item_Response,
                                            Shodan_Item_Host,
                                            self.The_File_Extensions["Query"])

                                        if Output_file:
                                            Output_Connections.Output(
                                                [Main_File, Output_file],
                                                Shodan_Item_URL, Title,
                                                self.Plugin_Name.lower())
                                            Data_to_Cache.append(
                                                Shodan_Item_URL)

                                        else:
                                            logging.warning(
                                                f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist."
                                            )

                                        Current_Step += 1

                    elif self.Type == "Host":
                        Local_Plugin_Name = self.Plugin_Name + "-Host"

                        try:
                            API_Response = API_Session.host(Query)

                        except Exception as e:
                            logging.error(
                                f"{Common.Date()} - {self.Logging_Plugin_Name} - {str(e)}."
                            )
                            break

                        JSON_Output_Response = Common.JSON_Handler(
                            API_Response).Dump_JSON()
                        Main_File = General.Main_File_Create(
                            Directory, Local_Plugin_Name, JSON_Output_Response,
                            Query, self.The_File_Extensions["Main"])
                        Output_Connections = General.Connections(
                            Query, Local_Plugin_Name, self.Domain,
                            self.Result_Type, self.Task_ID,
                            self.Plugin_Name.lower())
                        Shodan_URL = f"https://www.{self.Domain}/host/{Query}"
                        Title = f"Shodan | {Query}"

                        if Shodan_URL not in Cached_Data and Shodan_URL not in Data_to_Cache:
                            Shodan_Responses = Common.Request_Handler(
                                Shodan_URL,
                                Application_JSON_CT=True,
                                Accept_XML=True,
                                Accept_Language_EN_US=True,
                                Filter=True,
                                Host=f"https://www.{self.Domain}")
                            Shodan_Response = Shodan_Responses["Filtered"]
                            Output_file = General.Create_Query_Results_Output_File(
                                Directory, Query, self.Plugin_Name,
                                Shodan_Response, Query,
                                self.The_File_Extensions["Query"])

                            if Output_file:
                                Output_Connections.Output(
                                    [Main_File, Output_file], Shodan_URL,
                                    Title, self.Plugin_Name.lower())
                                Data_to_Cache.append(Shodan_URL)

                            else:
                                logging.warning(
                                    f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to create output file. File may already exist."
                                )

                        else:
                            logging.warning(
                                f"{Common.Date()} - {self.Logging_Plugin_Name} - No results found."
                            )

                except:
                    logging.warning(
                        f"{Common.Date()} - {self.Logging_Plugin_Name} - Failed to complete task."
                    )

            Cached_Data_Object.Write_Cache(Data_to_Cache)

        except Exception as e:
            logging.warning(
                f"{Common.Date()} - {self.Logging_Plugin_Name} - {str(e)}")
	    print("\n{}".format(host.get('ip_str')))
	    print("\nHostnames:				{}".format(', '.join(host.get('hostnames'))))
	    print("City:					{}".format(host.get('city')))
	    print("Country:				{}".format(host.get('country_name')))
	    print("Organization:				{}".format(host.get('org')))
	    print("Number of open ports:	{}".format(len(host.get('ports'))))
	    print("Ports:")
	    portsvisited=[]
	    for i in host['data']:
	    	if 'product' in i:
	    		if i.get('port') not in portsvisited:
	    			print("	{} 		{}".format(i['port'], i['product']))
	    			portsvisited.append(i.get('port'))
	    		else:
	    			continue
	    	if 'port' in i:
	    		if i.get('port') not in portsvisited:
	    			print("	{} ".format(i['port']))
	    			portsvisited.append(i.get('port'))
	    		else:
	    			continue
	    	else:
	    		continue
	if selection == 3:
	    print("\nInput your query to search: \n")
	    strinng = input()
	    results = api.search(strinng)
	    print('\nResults found: {}\n'.format(results['total']))
	    for result in results['matches']:
	    	print('{}	{}	{}	{}'.format(result.get('ip_str',"Not Found"), result.get('port',"Not Found"), result.get('org',"Not Found"), ', '.join(result.get('hostnames',"Not Found"))))
ip_to_vulnerabilities = defaultdict(set)
if debug_flag == "debug":
    # Query an IP address using the Shodan REST API
    r = requests.get("https://api.shodan.io/shodan/host/{}?key={}".format(
        ip, SHODAN_API_KEY))
    # The response from the REST API is returned as JSON array
    data = r.json()

    for d in data["data"]:
        if "vulns" in d and len(d["vulns"]) > 0:
            for vulnerability_id in d["vulns"]:
                ip_to_vulnerabilities[ip].add(vulnerability_id)

api = Shodan(SHODAN_API_KEY)

results = api.search('apache')
print('Results found: {}'.format(results['total']))
print('Results found: {}'.format(len(results['matches'])))

mydoc = minidom.parse('official-cpe-dictionary_v2.3.xml')
items = mydoc.getElementsByTagName('cpe-item')
#total amount of items
print(len(items))

# dom = parseString('official-cpe-dictionary_v2.3.xml')
for s in mydoc.getElementsByTagName('cpe-item'):
    if s.getAttribute('name') == 'cpe:/a:10-strike:network_monitor:1.1':
        print(s.childNodes[0].data)

    #cpeData = mydoc.getElementsByName("cpe:/a:10-strike:network_monitor:1.1")
    #"cpe:/a:10-strike:network_monitor:1.0"
Пример #32
0
class CamScan:
    def __init__(self,
                 dirname='Images',
                 search=None,
                 path=None,
                 timeout=4,
                 pages=0,
                 verbose=False):

        self.search = search
        self.path = path
        self.dirname = dirname
        self.timeout = timeout
        self.pages = pages
        self.verbose = verbose
        self.api = None

        try:

            keyfile = open('shodan_api_key', 'r')
            key = keyfile.readline()
            keyfile.close()
            self.api = Shodan(key)

        except FileNotFoundError:

            print('Key file not found')

        DIR_NUMBER = 2
        while os.path.exists(self.dirname):
            self.dirname = self.dirname.strip('0987654321') + str(DIR_NUMBER)
            DIR_NUMBER += 1

    def initShodan(self, key):

        with open('shodan_api_key', 'w') as file:
            file.write(key)

        self.api = Shodan(key)

    def chooseFromCSV(self, file):

        if os.path.exists(file):

            f = open(file, newline='')
            data = csv.DictReader(f)

            searches = {}

            for x in data:
                searches[x['searchQuery']] = x['imagePath']

            f.close()

            print('CSV file input. Select search from below:\n')

            y = 0
            for search in searches:
                print(str(y) + ') ' + search)
                y += 1

            choice = int(input('\nChoose search: '))
            self.search = list(searches.keys())[choice]
            self.path = list(searches.values())[choice]

        else:

            raise FileNotFoundError

    def pagesCount(self):

        hosts = self.api.count(self.search)['total']

        return int(hosts / 100) + 1

    def setPages(self, pages):

        if type(pages) in [int, range, type(None)]:
            self.pages = pages

        else:
            raise Exception(
                'Wrong type. pages value can be set to int, range, or None')

    def requestAndDownload(self, url):

        try:

            r = requests.get(url, timeout=self.timeout)

            if r.status_code == 200:

                if self.verbose:
                    print(url, ' - Success')

                filename = urlparse(url).netloc.replace(':', '-') + '.png'

                with open(filename, 'wb') as img:
                    img.write(r.content)

            else:
                if self.verbose:
                    print(url, r.status_code, 'Error')

        except requests.exceptions.ReadTimeout:
            if self.verbose:
                print(url, '- Timed out')

        except Exception as e:
            #print(e)
            if self.verbose:
                print(url, '- Connection Error')

    def runOnPage(self, pagenumber):

        results = None
        tries = 0

        while results is None and tries < 10:

            try:
                results = self.api.search(self.search, page=pagenumber)

            except Exception as e:
                tries += 1
                print('Shodan error')
                if tries == 10:
                    print('Giving up')
                    raise Exception(e.args[0])

        threads = []

        for result in results['matches']:

            url = 'http://' + str(result['ip_str']) + ':' + str(
                result['port']) + self.path
            x = threading.Thread(target=self.requestAndDownload, args=(url, ))
            threads.append(x)
            x.start()

        for thread in threads:
            thread.join()

    def run(self):

        if self.api == None:
            raise Exception('No Shodan key')

        os.mkdir(self.dirname)
        os.chdir(self.dirname)

        print('Saving images to', os.getcwd(), '\n')

        if self.pages is None:

            print('Running every page')

            for page in range(self.pagesCount()):
                print('Starting page:', page)
                self.runOnPage(page)

        elif type(self.pages) is int:

            print('Running page', self.pages)

            self.runOnPage(self.pages)

        elif type(self.pages) is range:

            for page in self.pages:
                print('Starting page:', page)
                self.runOnPage(page)

    def generatePage(self):

        html = '''
<!DOCTYPE html>
<html>
<head>
    <title>Saved Images</title>
    <script>
        let emptyImages = [];

    	function removeEmpty() {
    		let images = document.getElementsByTagName('img');

    		for (let i = 0; i < images.length; i++) {
    			
    			if (images[i].naturalHeight == 0) {
    				emptyImages.push(images[i]);
    			}
    		}

    		for (let i = 0; i < emptyImages.length; i++) {
    			emptyImages[i].remove();
    		}
    	}
    </script>
</head>
<body style="background-color:black">
    <button onclick="removeEmpty()">Remove Empty Images</button>
    <p style="color:white;">Click on an image to open stream</p>
'''

        with open('images.html', 'w') as page:

            page.write(html)

            for name_of_file in os.listdir():

                if '.png' in name_of_file:

                    link = 'http://' + name_of_file.replace('-',
                                                            ':').strip('.png')

                    page.write(
                        '\n\t<a href="{}" target="_blank">'.format(link))
                    page.write(
                        '\n\t\t<img src="{}" height="480" width="720">'.format(
                            name_of_file))
                    page.write('\n\t</a>')

            page.write('\n</body>\n</html>')

    def showImages(self):
        webbrowser.open('images.html')

    def info(self):

        print('search:', self.search)
        print('path:', self.path)
        print('dirname', self.dirname)
        print('timeout:', self.timeout)
        print('pages:', self.pages)
Пример #33
0
#!/usr/bin/env python
#_*_ coding: utf8 _*_

import sys
from shodan import Shodan

reload(sys)
sys.setdefaultencoding('utf8')
key = "shXLINeBiCP4FLh4IhvFiT2Ypbnh5PjK"

motor = Shodan(key)
try:
	query = motor.search("struts")
	print("Total de resultados: {}".format(query['total']))
	for host in query['matches']:
		print("IP: {}".format(host['ip_str']))
		print("Puerto: {}".format(host['port']))
		print("ORG: {}".format(host['org']))
		try:
			print("ASN: {}".format(host['asn']))
		except:
			pass
		for l in host['location']:
			print(l + " : " + str(host['location'][l]))

		print(host['data'])
except:
	print("Ocurrio un error")
Пример #34
0
    def run(self, args, lookup, report_directory, api_key_directory):
        """main function"""
        self.shodan_query_result = []
        self.shodan_api_key = None
        self.api_key_value = None
        #first if  https://shodan.readthedocs.io/en/latest/tutorial.html#connect-to-the-api
        #else https://shodan.readthedocs.io/en/latest/tutorial.html#looking-up-a-host

        #check for a stored api key, if missing ask for it and if it should be saved
        if not os.path.exists(api_key_directory + 'shodan.key'):
            print('[!] You are missing {}shodan.key'.format(api_key_directory))
            self.api_key_value = getpass.getpass('[i] Please provide an API Key: ')
            response = raw_input('[i] Would you like to save this key to a plaintext file? (y/n): ')
            
            if 'y' in response.lower():
                with open(api_key_directory + 'shodan.key', 'w') as api_key_file:
                    api_key_file.writelines(self.api_key_value)
            else:
                pass

        with open(api_key_directory + 'shodan.key') as f:
            self.api_key_value = f.readlines()[0]

        #invoke api with api key provided
        shodanApi = Shodan(self.api_key_value)

        #roll through the lookup list from -i or -d
        for i, l in enumerate(lookup):
            #open output file
            shodan_text_output=open(report_directory+l+'/'+l+'_shodan.txt','w')
            #user notification that something is happening
            print('[+] Querying Shodan via API search for {}'.format(l))
            try:
                #set results to api search of current lookup value
                #https://shodan.readthedocs.io/en/latest/examples/basic-search.html
                result = shodanApi.search(query="hostname:"+l)
                print('[+] Shodan found: {} hosts'.format(str(result['total'])))
                #for each result
                for service in result['matches']:
                    if args.verbose is True:
                        print(str(service['ip_str'].encode('utf-8')+\
                            ' ISP: '+service['isp'].encode('utf-8')+\
                            ' Last seen: '+service['timestamp'].encode('utf-8')))
                    if args.verbose is True:
                        #print and encode if there are non-us chars
                        print(service['data'].encode('utf-8'))
                    #append to shodanResult list
                    self.shodan_query_result.append(str(\
                        service['ip_str'].encode('utf-8')+\
                        '\nISP:'+service['isp'].encode('utf-8')+\
                        '\nLast seen:'+service['timestamp'].encode('utf-8'))+\
                        '\n'+service['data'].encode('utf-8'))               

            #catch exceptions       
            except Exception as e:
                #print excepted error
                print('[-] Shodan Error: {} '.format(e))
                print('[!] You may need to specify an API key with -s <api key>')
                return
                
        #write contents of shodanResult list. this needs formatted
        shodan_text_output.writelines('[+] Shodan found: {} hosts\n\n'.format(str(result['total'])))
        shodan_text_output.writelines(self.shodan_query_result)

        return self.shodan_query_result