U @6^%@sTddlZddlZddlZddlZddlmZddlmZm Z m Z Gddde Z dS)N) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc@sneZdZdZddddZddddZd Zd Zefd d Z d dZ ddZ ddZ ddZ ddZddZd S) sfp_shodanzxSHODAN:Footprint,Investigate,Passive:Search Engines:apikey:Obtain information from SHODAN about identified IP addresses.T)api_keynetblocklookup maxnetblockzSHODAN API Key.zvLook up all IPs on netblocks deemed to be owned by your target for possible hosts on the same target subdomain/domain?zyIf looking up owned netblocks, the maximum netblock size to look up all IPs within (CIDR value, 24 = /24, 16 = /16, etc.)NFcCs4||_||_t|D]}|||j|<qdS)N)sf tempStorageresultslistkeysopts)selfsfcuserOptsoptr5/var/www/spiderfoot.crq.systems/modules/sfp_shodan.pysetup(s zsfp_shodan.setupcCs ddddgS)N IP_ADDRESSNETBLOCK_OWNER DOMAIN_NAMEWEB_ANALYTICS_IDrrrrr watchedEvents3szsfp_shodan.watchedEventscCsddddddddgS) NOPERATING_SYSTEM DEVICE_TYPE TCP_PORT_OPENTCP_PORT_OPEN_BANNERSEARCH_ENGINE_WEB_CONTENT RAW_RIR_DATAGEOINFO VULNERABILITYrrrrrproducedEvents7szsfp_shodan.producedEventsc Cs|jjd|d|jd|jddd}|ddkrJ|jd|dSzt|d}Wn6tk r}z|jd d WYdSd}~XYnX|S) Nz"https://api.shodan.io/shodan/host/z?key=r _fetchtimeoutrtimeout useragentcontentNo SHODAN info found for +Error processing JSON response from SHODAN.Fr fetchUrlrinfojsonloads Exceptionerrorrqryresr1errrquery=s"  zsfp_shodan.queryc Cs|jjd|d|jd|jddd}|ddkrJ|jd|dSzt|d}Wn6tk r}z|jd d WYdSd}~XYnX|S) Nz8https://api.shodan.io/shodan/host/search?query=hostname:z&key=r r(rr)r,r-r.Fr/r6rrr searchHostsMs"  zsfp_shodan.searchHostsc Csd|djdddd|jdd}|jjd tj||jd d d }|d dkrl|jd|dSzt |d }Wn6t k r}z|j ddWYdSd}~XYnX|S)Nz http.html:"raw_unicode_escapeasciireplace)errors"r )r:keyz)https://api.shodan.io/shodan/host/search?r(rr)r,r-r.F) encodedecoderr r0urllibparse urlencoder1r2r3r4r5)rr7paramsr8r1r9rrr searchHtml]s  zsfp_shodan.searchHtmlc Cs|j}|j}|j}|jrdS|jd|d||jddkrZ|jddd|_dS||jkr||jd|d dSd|j|<|d kr| |}|dkrdSt d t ||j |}| ||d krz |d d}|d d}WnLtk r8} z,|jd|dt | ddWYdSd} ~ XYnX|dkr\|jd|ddS||} | dkrtdSt d t | |j |}| |dS|dkr|jdsdSt|j|jdkr|jdt t|jdt |jddSt} |dr6t|D]"} | t | d|jt | <qn | || D]P} || } | dkrbqDt dt | |j |}| ||rdS| ddk rt d| dd| d|j |}| || ddk rt d| dd| d|j |}| || d dk rVd!d"d#| d$| d fD}t d%||j |}| |d&| krD|jd'|| d&D]}t |d(}|d)}|d*}|d+}|d,}|dk r| d-|}t d.||j |}| ||dk rt d/||j |}| ||dk r,t d0||j |}| ||dk rXt d1|d2d|j |}| ||dk rxt|D] }t d3||j |}| |qnqxqDdS)4NzReceived event, z, from r rz2You enabled sfp_shodan but did not set an API key!FTz Skipping z as already mapped.rr#rz: rz"Unable to parse WEB_ANALYTICS_ID: z ())zGoogle AdSensezGoogle AnalyticszGoogle Site Verificationz, as not supported.rr r z$Network size bigger than permitted: z > NETBLOCK_r$osrZdevtyper Z country_namez, cSsg|] }|r|qSrr).0_frrr sz*sfp_shodan.handleEvent..cityr%datazFound SHODAN data for portbannerasnproductvulns:r!r"Z SOFTWARE_USED BGP_AS_MEMBERZASr&) eventTypemodulerQ errorStater debugrr5rr;rstr__name__notifyListenerssplit BaseExceptionrHr prefixlenr startswithappendr: checkForStopgetjoinr1r>r)revent eventName srcModuleName eventDatahostsevtnetworkZ analytics_idr9recqrylistipaddraddrlocationrrRrSrTrUrVcpZvulnrrr handleEventrs                         $                zsfp_shodan.handleEvent)r^ __module__ __qualname____doc__roptdescsrr[dictrrr'r:r;rHrvrrrrrs$ r) r2urllib.requestrD urllib.parse urllib.errornetaddrrsflibrrrrrrrr s