Security Advisor | jessefmoore on LinkedIn, X, and GitHub
jfm@kali:~/posts/2019-12-01$

Shodan CLI — Python

2019-12-01  ·  OSINT   Recon

Using the Shodan CLI and Python library for attack surface reconnaissance. Shodan is a search engine for internet-connected devices — essential for external footprinting during a red team or pentest engagement.

Install

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python-setuptools python2.7 python-pip
sudo pip install shodan

Python API

Shodan search using the Python library:

import shodan

SHODAN_API_KEY = "putyourownapikeyhereFROMSHODANwebsite"
api = shodan.Shodan(SHODAN_API_KEY)

try:
    results = api.search('net:69.91.192.0/24,69.91.193.0/24,69.91.194.0/24')

    for result in results['matches']:
        print '%s' % result['ip_str']

except shodan.APIError, e:
    print 'Error: %s' % e

Shodan CLI

Initialize

shodan init <YOUR_SHODAN_API_KEY>

Download Results

shodan download --limit 400 uwbPublic \
  net:69.91.192.0/24,69.91.193.0/24,69.91.194.0/24,69.91.195.0/24,69.91.196.0/24,\
  69.91.197.0/24,69.91.198.0/24,69.91.199.0/24,69.91.200.0/24,69.91.201.0/24,\
  69.91.202.0/24,69.91.203.0/24,69.91.204.0/24
Search query:           net:69.91.192.0/24,...
Total number of results:    224
Query credits left:     199998
Output file:            COMPPublic.json.gz

  [###################################-]   99%  00:00:02
Saved 224 results into file COMPPublic.json.gz

Search by Hostname

shodan download --limit 400 HostnameUWB \
  'hostname:uwb org:"University of Washington"'

Shodan Host Lookup

Get detailed info about a specific host:

shodan host 69.91.197.32
69.91.197.32
Hostnames:               MAC-30239442.uwb.edu
City:                    Kenmore
Country:                 United States
Organization:            University of Washington
Updated:                 2019-12-11T20:20:48.380125
Number of open ports:    1

Ports:
   3283/udp Apple Remote Desktop

Parsing Results

Parse Downloaded JSON

shodan parse --fields ip_str,port --separator , uwbPublic.json.gz
69.91.197.32,3283
69.91.197.18,3283
69.91.193.117,500
69.91.202.11,3283

Rich Field Parse

shodan parse --fields ip_str,port,product,org,os --separator , UWB1.json.gz
69.91.197.32,3283,Apple Remote Desktop,University of Washington,
69.91.197.18,3283,Apple Remote Desktop,University of Washington,
69.91.193.117,500,Microsoft,University of Washington,Windows 8

Search with Field Output

shodan search --fields ip_str,port,hostname,org,os,product \
  net:69.91.192.0/24,69.91.193.0/24,69.91.194.0/24
69.91.197.32    3283    University of Washington    Apple Remote Desktop
69.91.197.18    3283    University of Washington    Apple Remote Desktop
69.91.193.117   500     University of Washington    Windows 8    Microsoft

Grep Filtered Results

shodan parse --fields ip_str,port,product,os --separator , UWB1.json.gz | grep "Windows 8"

← Back to posts