Shodanz
A modern, async Ruby gem for Shodan, the world's first search engine for Internet-connected devices.
Installation
$ gem install shodanz
Usage
require "shodanz"
client = Shodanz.client.new(key: "YOUR_API_KEY")NOTE: You can also set the
SHODAN_API_KEYenvironment variable instead of passing the API key as an argument when creating a client.
Optional Async Support
Shodanz utilizes async to provide asyncronous IO. This doesn't break any existing scripts using Shodanz, but now offers even more flexibility to write more awesome things, like this asyncronous honeypot detector:
require 'async'
require 'shodanz'
client = Shodanz.client.new
# Asynchronously stream banner info from shodan and check any
# IP addresses against the experimental honeypot scoring service.
client.streaming_api.banners do |banner|
if ip = banner['ip_str']
Async do
score = client.rest_api.honeypot_score(ip).wait
puts "#{ip} has a #{score * 100}% chance of being a honeypot"
rescue Shodanz::Errors::RateLimited
sleep rand
retry
rescue # any other errors
next
end
end
endNote: To run any Shodanz method asyncronously, simply wrap it in a
Async { ... }block. To wait for any other async operation to finnish in the block, call.waiton it.
REST API
The REST API provides methods to search Shodan, look up hosts, get summary information on queries and a variety of utility methods to make developing easier. Refer to the REST API documentation for more ideas on how to use it.
Shodan Search Methods
Search'n for stuff, are 'ya?
Host Information
Returns all services that have been found on the given host IP.
client.host("8.8.8.8") # Default
client.host("8.8.8.8", history: true) # All historical banners should be returned.
client.host("8.8.8.8", minify: true) # Only return the list of ports and the general host information, no banners.Host Search
Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.
client.host_search("mongodb")
client.host_search("nginx")
client.host_search("apache", after: "1/12/16")
client.host_search("ssh", port: 22, page: 1)
client.host_search("ssh", port: 22, page: 2)
client.host_search("ftp", port: 21, facets: { link: "Ethernet or modem" })Search Shodan without Results
This method behaves identical to host_search with the only difference that this method does not return any host results, it only returns the total number of results that matched the query and any facet information that was requested. As a result this method does not consume query credits.
client.host_count("apache")
client.host_count("apache", country: "US")
client.host_count("apache", country: "US", state: "MI")
client.host_count("apache", country: "US", state: "MI", city: "Detroit")
client.host_count("nginx", facets: { country: 5 })
client.host_count("apache", facets: { country: 5 })Scan Targets
Use this method to request Shodan to crawl an IP or netblock.
client.scan("8.8.8.8")Crawl Internet for Port
Use this method to request Shodan to crawl the Internet for a specific port.
This method is restricted to security researchers and companies with a Shodan Data license. To apply for access to this method as a researcher, please email [email protected] with information about your project. Access is restricted to prevent abuse.
client.crawl_for(port: 80, protocol: "http")List Community Queries
Use this method to obtain a list of search queries that users have saved in Shodan.
client.community_queries
client.community_queries(page: 2)
client.community_queries(sort: "votes")
client.community_queries(sort: "votes", page: 2)
client.community_queries(order: "asc")
client.community_queries(order: "desc")Search Community Queries
Use this method to search the directory of search queries that users have saved in Shodan.
client.search_for_community_query("the best")
client.search_for_community_query("the best", page: 2)Popular Community Query Tags
Use this method to obtain a list of popular tags for the saved search queries in Shodan.
client.popular_query_tags
client.popular_query_tags(20)Protocols
This method returns an object containing all the protocols that can be used when launching an Internet scan.
client.protocolsPorts
This method returns a list of port numbers that the Shodan crawlers are looking for.
client.portsAccount Profile
Returns information about the Shodan account linked to this API key.
client.profileDNS Lookup
Look up the IP address for the provided list of hostnames.
client.resolve("google.com")
client.resolve("google.com", "bing.com")Reverse DNS Lookup
Look up the hostnames that have been defined for the given list of IP addresses.
client.reverse_lookup("74.125.227.230")
client.reverse_lookup("74.125.227.230", "204.79.197.200")HTTP Headers
Shows the HTTP headers that your client sends when connecting to a webserver.
client.http_headersYour IP Address
Get your current IP address as seen from the Internet.
client.my_ipHoneypot Score
Calculates a honeypot probability score ranging from 0 (not a honeypot) to 1.0 (is a honeypot).
client.honeypot_score('8.8.8.8')API Plan Information
client.infoStreaming API
The Streaming API is an HTTP-based service that returns a real-time stream of data collected by Shodan. Refer to the Streaming API documentation for more ideas on how to use it.
Banners
This stream provides ALL of the data that Shodan collects. Use this stream if you need access to everything and/ or want to store your own Shodan database locally. If you only care about specific ports, please use the Ports stream.
client.banners do |data|
# do something with banner data
puts data
endBanners Filtered by ASN
This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain ASNs.
client.banners_within_asns(3303, 32475) do |data|
# do something with banner data
puts data
endBanners Filtered by Country
This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain countries.
client.banners_within_countries("DE", "US", "JP") do |data|
# do something with banner data
puts data
endBanners Filtered by Ports
Only returns banner data for the list of specified ports. This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in a specific list of ports.
client.banners_on_ports(21, 22, 80) do |data|
# do something with banner data
puts data
endBanners by Network Alerts
Subscribe to banners discovered on all IP ranges described in the network alerts.
client.alerts do |data|
# do something with banner data
puts data
endBanner Filtered by Alert ID
Subscribe to banners discovered on the IP range defined in a specific network alert.
client.alert("HKVGAIRWD79Z7W2T") do |data|
# do something with banner data
puts data
endExploits API
The Exploits API provides access to several exploit/ vulnerability data sources. Refer to the Exploits API documentation for more ideas on how to use it.
Search
Search across a variety of data sources for exploits and use facets to get summary information.
client.exploits_api.search("python") # Search for python vulns.
client.exploits_api.search(port: 22) # Port number for the affected service if the exploit is remote.
client.exploits_api.search(type: "shellcode") # A category of exploit to search for.
client.exploits_api.search(osvdb: "100007") # Open Source Vulnerability Database ID for the exploit.Count
This method behaves identical to the Exploits API search method with the difference that it doesn't return any results.
client.exploits_api.count("python") # Count python vulns.
client.exploits_api.count(port: 22) # Port number for the affected service if the exploit is remote.
client.exploits_api.count(type: "shellcode") # A category of exploit to search for.
client.exploits_api.count(osvdb: "100007") # Open Source Vulnerability Database ID for the exploit.License
The gem is available as open source under the terms of the MIT License.