john.doe Posted February 5, 2016 Report Share Posted February 5, 2016 (edited) Background -------------- Shodan is basically a search engine which helps to find devices (mainly vulnerable systems) on the internet. It is widely known as Google for hackers. For more info please see https://en.wikipedia.org/wiki/Shodan_(website). =========================== Requirements ---------------- Before running the script you will need to install Python, Shodan library for Python and create an account at https://www.shodan.io. The code is tested on Python 3.4. For installing Shodan library for Python: easy_install shodan or easy_install -U shodan to upgrade it. You will need to use the API_KEY from Shodan account previously created and integrate it into the script (line 14). Usage: python [path_to_script] [ip_address|string] =========================== Python Script --------------- import shodan import sys from sys import exit import os #import argparse try: import shodan except: print ('You need the Shodan Python module') sys.exit() ## Connect to SHODAN SHODAN_API_KEY = "YOUR_API_KEY_GOES_HERE" shodan_object = shodan.Shodan(SHODAN_API_KEY) ## Prints title, version, contact info, etc. def banner(): title = "App.py" version = "Version 1.0" contact = "me@me.com" print ("-" * 45) print (title.center(45)) print (version.center(45)) print (contact.center(45)) print ("-" * 45) # Input validation if len(sys.argv) == 1: print ('Usage: %s ' % sys.argv[0]) sys.exit(1) ## Wrap the request in a try/ except block to catch errors try: ## Show the banner banner() # Generate a query string out of the command-line arguments query = ' '.join(sys.argv[1:]) ## Setup Shodan the api and perform the search #results = shodan_object.search('apache') results = shodan_object.search(query) # Show the results. Loop through the matches and print each IP print ('Results found: %s' % results['total']) for result in results['matches']: print ('IP: %s' % result['ip_str']) print (result['data']) print ('') except (shodan.APIError, e): print ('Error: %s ' % e) #except Exception as e: # print ('Error: %s' % e) # sys.exit(1) =========================== Useful links ------------- Shodan-Python Documentation [https://media.readthedocs.org/pdf/shodan/latest/shodan.pdf] SHODAN for Penetration Testers [https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf] Searching Shodan For Fun And Profit [https://www.exploit-db.com/docs/33859.pdf] Edited February 5, 2016 by john.doe Quote Link to comment Share on other sites More sharing options...
