# Custom ShodanAPI Class :) # The pre-built option is broken and doesn't work in several places.... # So we re-wrote it! class ShodanAPI # Initialize ShodanAPI via passed API Key def initialize(apikey) @url="http://www.shodanhq.com/api/" if shodan_connect(apikey) @key=apikey end end # Check API Key against API Info Query # Return True on success, False on Error or Failure def shodan_connect(apikey) url = @url + "info?key=#{apikey}" begin c = Curl::Easy.perform(url) if c.body_str =~ /"unlocked_left": \d+, "telnet": .+, "plan": ".+", "https": .+, "unlocked": .+/i results = JSON.parse(c.body_str) @plan = results['plan'] @unlocked = results['unlocked'] @unlocks = results['unlocked_left'] @https = results['https'] @telnet = results['telnet'] return true elsif c.body_str =~ /"error": "API access denied"/i puts "Access Denied using API Key '#{apikey}'".light_red + "!".white puts "Check Key & Try Again".light_red + "....".white return false else puts "Unknown Problem with Connection to Shodan API".light_green + "!".white return false end rescue => e puts "Problem with Connection to Shodan API".light_red + "!".white puts "\t=> #{e}" return false end end # Just checks our key is working (re-using shodan_connect so updates @unlocks) # Returns True or False def connected? if shodan_connect(@key) return true else return false end end # Return the number of unlocks remaining def unlocks if shodan_connect(@key) return @unlocks.to_i else return nil end end # Check if HTTPS is Enabled def https? if shodan_connect(@key) if @https return true else return false end else return false end end # Check if Telnet is Enabled def telnet? if shodan_connect(@key) if @telnet return true else return false end else return false end end # Actually display Basic Info for current API Key def info url = @url + 'info?key=' + @key begin c = Curl::Easy.perform(url) results = JSON.parse(c.body_str) puts puts "Shodan API Key Confirmed".light_green + "!".white puts "API Key".light_green + ": #{@key}".white puts "Plan Type".light_green + ": #{results['plan']}".white puts "Unlocked".light_green + ": #{results['unlocked']}".white puts "Unlocks Remaining".light_green + ": #{results['unlocked_left']}".white puts "HTTPS Enabled".light_green + ": #{results['https']}".white puts "Telnet Enabled".light_green + ": #{results['telnet']}".white return true rescue => e puts "Problem with Connection to Shodan API".light_red + "!".white puts "\t=> #{e}".white return false end end # Lookup all available information for a specific IP address # Returns results hash or nil def host(ip) url = @url + 'host?ip=' + ip + '&key=' + @key begin c = Curl::Easy.perform(url) results = JSON.parse(c.body_str) return results rescue => e puts "Problem running Host Search".light_red + "!".white puts "\t=> #{e}".white return nil end end # Returns the number of devices that a search query found # Unrestricted usage of all advanced filters # Return results count or nil on failure def count(string) url = @url + 'count?q=' + string + '&key=' + @key begin c = Curl::Easy.perform(url) results = JSON.parse(c.body_str) return results['total'] rescue => e puts "Problem grabbing results count".light_red + "!".white puts "\t=> #{e}".white return nil end end # Search Shodan for devices using a search query # Returns results hash or nil def search(string, filters={}) prem_filters = [ 'city', 'country', 'geo', 'net', 'before', 'after', 'org', 'isp', 'title', 'html' ] cheap_filters = [ 'hostname', 'os', 'port' ] url = @url + 'search?q=' + string if not filters.empty? filters.each do |k, v| if cheap_filters.include?(k) url += ' ' + k + ":\"#{v}\"" end if prem_filters.include?(k) if @unlocks.to_i > 1 url += ' ' + k + ":\"#{v}\"" @unlocks = @unlocks.to_i - 1 # Remove an unlock for use of filter else puts "Not Enough Unlocks Left to run Premium Filter Search".light_red + "!".white puts "Try removing '#{k}' filter and trying again".light_red + "....".white return nil end end end end url += '&key=' + @key begin c = Curl::Easy.perform(url) results = JSON.parse(c.body_str) return results rescue => e puts "Problem running Shodan Search".light_red + "!".white puts "\t=> #{e}".white return nil end end # Quick Search Shodan for devices using a search query # Results are limited to only the IP addresses # Returns results array or nil def quick_search(string, filters={}) prem_filters = [ 'city', 'country', 'geo', 'net', 'before', 'after', 'org', 'isp', 'title', 'html' ] cheap_filters = [ 'hostname', 'os', 'port' ] url = @url + 'search?q=' + string if not filters.empty? filters.each do |k, v| if cheap_filters.include?(k) url += ' ' + k + ":\"#{v}\"" end if prem_filters.include?(k) if @unlocks.to_i > 1 url += ' ' + k + ":\"#{v}\"" @unlocks = @unlocks.to_i - 1 else puts "Not Enough Unlocks Left to run Premium Filter Search".light_red + "!".white puts "Try removing '#{k}' filter and trying again".light_red + "....".white return nil end end end end url += '&key=' + @key begin ips=[] c = Curl::Easy.perform(url) results = JSON.parse(c.body_str) results['matches'].each do |host| ips << host['ip'] end return ips rescue => e puts "Problem running Shodan Quick Search".light_red + "!".white puts "\t=> #{e}".white return nil end end # Perform Shodan Exploit Search as done on Web # Provide Search String and source # Source can be: metasploit, exploitdb, or cve # Returns results hash array on success: { downloadID => { link => description } } # Returns nil on failure def sploit_search(string, source) sources = [ "metasploit", "exploitdb", "cve" ] if sources.include?(source.downcase) sploits = 'https://exploits.shodan.io/?q=' + string + ' source:"' + source.downcase + '"' begin results={} c = Curl::Easy.perform(sploits) page = Nokogiri::HTML(c.body_str) # Parsable doc object now # Enumerate target section, parse out link & description page.css('div[class="search-result well"]').each do |linematch| if linematch.to_s =~ /
\s+(.+)\s+<\/a>/ desc=$1.gsub('', '').gsub('', '') end case source.downcase when 'cve' dl_id = 'N/A for CVE Search' when 'exploitdb' dl_id = link.split('/')[-1] unless link.nil? when 'metasploit' dl_id = link.sub('http://www.metasploit.com/', '').sub(/\/$/, '') unless link.nil? end results.store(dl_id, { link => desc}) unless (link.nil? or link == '') or (desc.nil? or desc == '') or (dl_id.nil? or dl_id == 'N/A for CVE Search') end return results rescue Curl::Err::ConnectionFailedError => e puts "Shitty connection yo".light_red + ".....".white return nil rescue => e puts "Unknown connection problem".light_red + ".....".white puts "\t=> #{e}".white return nil end else puts "Invalid Search Source Requested".light_red + "!".white return nil end end # Download Exploit Code from Exploit-DB or MSF Github Page # By passing in the Download ID (which can be seen in sploit_search() results) # Return { 'Download' => dl_link, 'Viewing' => v_link, 'Exploit' => c.body_str } # or nil on failure def sploit_download(id, source) sources = [ "metasploit", "exploitdb" ] if sources.include?(source.downcase) case source.downcase when 'exploitdb' dl_link = "http://www.exploit-db.com/download/#{id}/" v_link = "http://www.exploit-db.com/exploits/#{id}/" when 'metasploit' dl_link = "https://raw.github.com/rapid7/metasploit-framework/master/#{id.sub('/exploit/', '/exploits/')}.rb" v_link = "http://www.rapid7.com/db/#{id}/" end begin c = Curl::Easy.perform(dl_link) page = Nokogiri::HTML(c.body_str) # Parsable doc object now results = { 'Download' => dl_link, 'Viewing' => v_link, 'Exploit' => c.body_str } return results rescue Curl::Err::ConnectionFailedError => e puts "Shitty connection yo".light_red + ".....".white return false rescue => e puts "Unknown connection problem".light_red + ".....".white puts "#{e}".light_red return false end else puts "Invalid Download Source Requested".light_red + "!".white return false end end end