forked from Te-k/analyst-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshodanhistory.py
executable file
·65 lines (59 loc) · 2.09 KB
/
shodanhistory.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env python3
import shodan
import argparse
import os
import sys
import json
from dateutil.parser import parse
from datetime import datetime, timedelta
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Fingerprint a system based on Shodan information')
parser.add_argument('IP', help='IP')
parser.add_argument('--key', '-k', help='Shodan API key')
args = parser.parse_args()
# Deal with the key first
if args.key:
key = args.key
else:
cpath = os.path.expanduser('~/.shodan/api_key')
if os.path.isfile(cpath):
with open(cpath, 'r') as f:
key = f.read().strip()
else:
print("No API key found")
sys.exit(1)
api = shodan.Shodan(key)
try:
res = api.host(args.IP, history=True)
except shodan.exception.APIError:
print("IP not found in Shodan")
else:
for d in res['data']:
if d['port'] == 22:
print("%s - port 22 ssh - %s\n" % (
d['timestamp'],
d['data'].split("\n")[0]
)
)
elif d['port'] == 80:
print("%s - port 80 http - Server \"%s\"\n" % (
d['timestamp'],
d['http']['server']
)
)
elif d['port'] == 443:
if 'cert' in d['ssl']:
print("%s - port 443 https - Cert \"%s\" \"%s\" %s - Server \"%s\"\n" % (
d['timestamp'],
d['ssl']['cert']['subject']['CN'],
d['ssl']['cert']['issuer']['CN'],
d['ssl']['cert']['fingerprint']['sha1'],
d['http']['server']
)
)
else:
print("%s - port 443 https - Cert Unknown- Server \"%s\"\n" % (
d['timestamp'],
d['http']['server']
)
)