Lecturer: Иo1lz Date: Apr. 5th, 2020
Why Shodan?
How to use Shodan?
Demo
Dark Google for Hackers
We always use Shodan in website or command line This time, I want to teach how to use the Shodan library when programming
if os == windows:
$ pip install shodan
elif (os == macos) of (os == linux):
$ sudo pip3 install shodan
The API key should always be initialized:
import shodan
SHODAN_API_KEY = "(API KEY Here)"
api = shodan.Shodan(SHODAN_API_KEY)
# Initialize the shodan API Key
try:
# Search Shodan
results = api.search('apache')
# Show results
print("Results found: {}".format(results['total']))
for result in results['matches']:
print("IP: {}".format(result['ip_str']))
print(result['data'])
print()
except shodan.APIError as e:
print("Error: {}".format(e))
# Initialize the shodan API Key
try:
# Lookup the host
host = api.host('140.136.152.180')
# Print general info
print("""
IP: {}
Organization: {}
Operating System:{}
""".format(host['ip_str'], host.get('org', 'n/a'), host.get('os', 'n/a')))
# Print all banners
for item in host['data']:
print("""
Port: {}
Banner: {}
""".format(item['port'], item['data']))
except shodan.APIError as e:
print("Error: {}".format(e))
# Initialize the shodan API Key
# The list of properties we want summary information on
FACETS = [
('org', 3),
'domain',
'port',
'asn',
('country', 10),
]
FACET_TITLES = {
'org': 'Top 3 Organizations',
'domain': 'Top 5 Domains',
'port': 'Top 5 Ports',
'asn': 'Top 5 Autonomous Systems',
'country': 'Top 10 Countries',
}
try:
query = 'apache 2.4'
# Count results
result = api.count(query, facets = FACETS)
print("Shodan Summary Information")
print("Query: %s" % query)
print("Total Results: %s\n" % result["total"])
# Print the summary info from the facets
for facet in result['facets']:
print(FACET_TITLES[facet])
for term in result['facets'][facet]:
print("%s: %s" % (term['value'], term['count']))
print()
except shodan.APIError as e:
print("Error: {}".format(e))
Get a list of subdomains for a domain
FTP server with anonymous authentication enabled
VNC servers without authentication
$ shodan domain fju.edu.tw
$ shodan search '230 login successful port:21'
$ shodan search '"authentication disabled" port:5900,5901'