3 @6^%@sTddlZddlZddlZddlZddlmZddlmZm Z m Z Gddde Z dS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc@sneZdZdZddddZddddZd Zd Zefd d Z d dZ ddZ ddZ ddZ ddZddZd S) sfp_shodanzxSHODAN:Footprint,Investigate,Passive:Search Engines:apikey:Obtain information from SHODAN about identified IP addresses.T)api_keynetblocklookup maxnetblockzSHODAN API Key.zvLook up all IPs on netblocks deemed to be owned by your target for possible hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)NFcCs8||_|j|_x"t|jD]}|||j|<qWdS)N)sf tempStorageresultslistkeysopts)selfsfcuserOptsoptr5/var/www/spiderfoot.crq.systems/modules/sfp_shodan.pysetup(s zsfp_shodan.setupcCs ddddgS)N IP_ADDRESSNETBLOCK_OWNER DOMAIN_NAMEWEB_ANALYTICS_IDr)rrrr watchedEvents3szsfp_shodan.watchedEventscCsddddddddgS) NOPERATING_SYSTEM DEVICE_TYPE TCP_PORT_OPENTCP_PORT_OPEN_BANNERSEARCH_ENGINE_WEB_CONTENT RAW_RIR_DATAGEOINFO VULNERABILITYr)rrrrproducedEvents7szsfp_shodan.producedEventscCs|jjd|d|jd|jddd}|ddkrJ|jjd|dSytj|d}Wn.tk r}z|jjd d dSd}~XnX|S) Nz"https://api.shodan.io/shodan/host/z?key=r _fetchtimeoutr)timeout useragentcontentzNo SHODAN info found for z+Error processing JSON response from SHODAN.F)r fetchUrlrinfojsonloads Exceptionerror)rqryresr,errrquery=s zsfp_shodan.querycCs|jjd|d|jd|jddd}|ddkrJ|jjd|dSytj|d}Wn.tk r}z|jjd d dSd}~XnX|S) Nz8https://api.shodan.io/shodan/host/search?query=hostname:z&key=r r'r)r(r)r*zNo SHODAN info found for z+Error processing JSON response from SHODAN.F)r r+rr,r-r.r/r0)rr1r2r,r3rrr searchHostsMs zsfp_shodan.searchHostscCsd|jdjdddd|jdd}|jjd tjj||jd d d }|d dkrl|jjd|dSyt j |d }Wn.t k r}z|jj dddSd}~XnX|S)Nz http.html:"raw_unicode_escapeasciireplace)errors"r )r4keyz)https://api.shodan.io/shodan/host/search?r'r)r(r)r*zNo SHODAN info found for z+Error processing JSON response from SHODAN.F) encodedecoderr r+urllibparse urlencoder,r-r.r/r0)rr1paramsr2r,r3rrr searchHtml]s zsfp_shodan.searchHtmlcCs|j}|j}|j}|jrdS|jjd|d||jddkrZ|jjddd|_dS||jkr||jjd|d dSd|j|<|d kr|j |}|dkrdSt d t ||j |}|j ||d kry |jd d}|jd d}WnDtk r0} z&|jjd|dt | dddSd} ~ XnX|d6krT|jjd|ddS|j|} | dkrldSt d t | |j |}|j |dS|dkr|jdsdSt|j|jdkr|jjdt t|jdt |jddSt} |jdr2x:t|D]"} | jt | d|jt | <q Wn | j|xb| D]X} |j| } | dkrbqDt dt | |j |}|j ||jrdS| jddk rt d| jdd| d|j |}|j || jd dk rt d!| jd d| d|j |}|j || jd"dk rTd#jd$d%| jd&| jd"gD}t d'||j |}|j |d(| krD|jjd)|x*| d(D]}t |jd*}|jd+}|jd,}|jd-}|jd.}|dk r| d/|}t d0||j |}|j ||dk r t d1||j |}|j ||dk r.t d2||j |}|j ||dk rZt d3|jd4d|j |}|j ||dk rzx0t|jD] }t d5||j |}|j |qrWqzWqDWdS)7NzReceived event, z, from r rz2You enabled sfp_shodan but did not set an API key!FTz Skipping z as already mapped.rr"rz: rz"Unable to parse WEB_ANALYTICS_ID: z ()Google AdSenseGoogle AnalyticsGoogle Site Verificationz, as not supported.rr r z$Network size bigger than permitted: z > NETBLOCK_r#osrZdevtyperZ country_namez, cSsg|] }|r|qSrr).0_frrr sz*sfp_shodan.handleEvent..cityr$datazFound SHODAN data for portbannerasnproductvulns:r r!Z SOFTWARE_USED BGP_AS_MEMBERZASr%)rErFrG) eventTypemodulerN errorStater debugrr0rr5rstr__name__notifyListenerssplit BaseExceptionrBr prefixlenr startswithappendr4 checkForStopgetjoinr,r8r)revent eventName srcModuleName eventDatahostsevtnetworkZ analytics_idr3recqrylistipaddraddrlocationrrOrPrQrRrScpZvulnrrr handleEventrs                   $                     zsfp_shodan.handleEvent)r[ __module__ __qualname____doc__roptdescsrrXdictrrr&r4r5rBrsrrrrrs  r) r-urllib.requestr> urllib.parse urllib.errornetaddrrsflibrrrrrrrr s