Shodanfy.py使用Shodan获取任何IP的端口,漏洞信息,banner

Shodanfy.py使用Shodan获取任何IP的端口,漏洞信息,banner

使用Shodan获取任何IP的端口,漏洞,信息,横banner等..(没有apikey!没有速率限制!)
不要滥用此工具,因为shodan会封ip.

Shodanfy用法

# python3 shodanfy.py <ip> [OPTIONS] 
e.g:
    python3 shodanfy.py 111.111.111.111 
    python3 shodanfy.py 111.111.111.111 --getports
    python3 shodanfy.py 111.111.111.111 --getvuln
    python3 shodanfy.py 111.111.111.111 --getinfo
    python3 shodanfy.py 111.111.111.111 --getmoreinfo
    python3 shodanfy.py 111.111.111.111 --getbanner
    python3 shodanfy.py 111.111.111.111 --getports --getvuln
    python3 shodanfy.py 111.111.111.111 --proxy 127.0.0.1:8080
# support pipeline, --stdin option is required..
# echo "<ip>" or cat ips.txt | python3 shodanfy.py --stdin [OPTIONS]
e.g:
    echo "111.111.111.111"|python3 shodanfy.py --stdin 
    echo "111.111.111.111"|python3 shodanfy.py --stdin --proxy 127.0.0.1:8080
    echo "111.111.111.111"|python3 shodanfy.py --stdin --getvuln 
    cat ips.txt|python3 shodanfy.py --stdin --getports
    dig google.com +short A | grep -oi '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | python3 shodanfy.py --stdin --geports

项目地址:

https://github.com/m4ll0k/Shodanfy.py

shodanfy.py源码

#!/usr/bin/env python3
# -*- coding:utf-8 -*-
# coded by m4ll0k (@m4ll0k2) github.com/m4ll0k
# -------------------------------------------

''' **** USAGE **** 
# python3 shodanfy.py <ip> [OPTIONS] 
e.g:
    python3 shodanfy.py 111.111.111.111 
    python3 shodanfy.py 111.111.111.111 --getports
    python3 shodanfy.py 111.111.111.111 --getvuln
    python3 shodanfy.py 111.111.111.111 --getinfo
    python3 shodanfy.py 111.111.111.111 --getmoreinfo
    python3 shodanfy.py 111.111.111.111 --getbanner
    python3 shodanfy.py 111.111.111.111 --getports --getvuln
    python3 shodanfy.py 111.111.111.111 --getports --proxy 127.0.0.1:8080
# support pipeline the --stdin option is required for pipeline..
# echo "<ip>" or cat ips.txt | python3 shodanfy.py --stdin [OPTIONS]
e.g:
    echo "111.111.111.111"|python3 shodanfy.py --stdin 
    echo "111.111.111.111"|python3 shodanfy.py --stdin --getvuln 
    cat ips.txt|python3 shodanfy.py --stdin --getports
'''

import requests 
from lxml import html 
import sys
import re

def getContentFromShodan(ip:str,proxy:str)->str:
    try:
        return requests.get(
            'https://www.shodan.io/host/{}'.format(ip),
            headers = {
                'User-Agent' : 'Mozilla/5.0'
            },
            proxies = {
                'http' : proxy,
                'https' : proxy,
            }
        )
    except Exception as e:
        sys.exit(
            print(e)
        )

def main(args:dict) -> None:
    ip = args.get('ip')
    v = {}
    d = []
    proxy = args.get('proxy')
    getports = False if args.get('getports') == False else True
    getinfo = False if args.get('getinfo') == False else True
    getvuln = False if args.get('getvulns') == False else True
    getmoreinfo = False if args.get('getmoreinfo') == False else True
    getbanner = False if args.get('getbanner') == False else True
    getall = True
    if any([getports,getinfo,getvuln,getmoreinfo,getbanner]):
        getall = False
    else:
        getports=getinfo=getvuln=getmoreinfo=getbanner=True
    # --- 
    r = getContentFromShodan(ip,proxy=proxy)
    if r.status_code == 200:
        tree = html.fromstring(r.content)
        if tree.xpath('//ul[@class="ports"]/li/a/text()') != []:
            if getports:
                print('[+] Get ports.. ')
                for p in tree.xpath('//ul[@class="ports"]/li/a/text()'):
                    print('\t'+p)
        if tree.xpath('//table[@class="table"]/tbody/tr/td/text()') != []:
            co = tree.xpath('//table[@class="table"]/tbody/tr/td/text()')
            ro = tree.xpath('//table[@class="table"]/tbody/tr/th/text()')
            di = dict(zip(co,ro))
            if getinfo:
                print('[+] Get info...')
            for i in di.items():
                if 'CVE-' in str(i[1]):
                    v[i[1]] = i[0]
                else:
                    if getinfo:
                        print('\t'+i[0]+' -> '+i[1])
        if v != {}:
            if getvuln:
                print('[+] Get vulns...')
                print('-'*40)
                c = ['CVE','Description']
                cves = []
                for i in v.items():
                    print('CVE: '+i[0])
                    print('Description:\n'+i[1])
                    print('-'*40)
        if tree.xpath('//ul[@class="services"]//div[@class="service-details"]'):
            title = []
            banner = []
            port = tree.xpath('//ul[@class="services"]//div[@class="service-details"]//div[@class="port"]/text()')
            proto = tree.xpath('//ul[@class="services"]//div[@class="service-details"]//div[@class="protocol"]/text()')
            state = tree.xpath('//ul[@class="services"]//div[@class="service-details"]//div[@class="state"]/text()')
            if tree.xpath('//ul[@class="services"]//div[@class="service-main"]'):
                title=tree.xpath('//ul[@class="services"]//div[@class="service-main"]/h3/text()')
                if tree.xpath('//ul[@class="services"]//div[@class="service-main"]/h3/small'):
                    versions = tree.xpath('//ul[@class="services"]//div[@class="service-main"]/h3/small/text()')
                if tree.xpath('//ul[@class="services"]//div[@class="service-main"]/pre'):
                    banner=tree.xpath('//ul[@class="services"]//div[@class="service-main"]/pre/text()')
            for i in range(len(port)):
                po = port[i] 
                pr = proto[i]
                st = state[i]
                try:
                    vv = versions[i]
                except:
                    vv = "None"
                try: 
                    tt = title[i]
                except:
                    tt = "None"
                bb = banner[i]
                d.append((po,pr,st,tt,vv,bb))
            # proto 
            if getbanner or getmoreinfo:
                if getbanner:
                    print('[+] Get banner..')
                else:
                    print('[+] Get moreinfo..')
                for i in d:
                    if getmoreinfo:
                        print('\nPort: %s/%s\t%s\t%s (%s) '%(i[0],i[1],i[2],i[3],i[4]))
                    if getbanner:
                        print('Banner:\n%s'%i[5])
    else:
        print('Not information found for this ip..')

args = {
    'getports': False,
    'getbanner': False, 
    'getvulns': False,
    'getinfo': False,
    'getmoreinfo': False,
    'getall': True,
    'ip':  "",
    'stdin':False,
    'proxy': ""
}

if __name__ == "__main__":
    if len(sys.argv) == 1:
        print('Usage: python3 shodanfy.py <ip> [OPTIONS]\n')
        print('\t--stdin\t\tGet ips from stdin (required)')
        print('\t--proxy\t\tSet proxy (host:port)')
        print('\t--getall\tGet all informations,vulns,.. (Default)')
        print('\t--getvuln\tGet vulnerabilities for this ip (CVEs)')
        print('\t--getinfo\tGet basic info (hostname,ports,country..)')
        print('\t--getmoreinfo\tGet more info (port,protocol,state,version..)')
        print('\t--getports\tGet all ip ports..')
        print('\nCoded by @m4ll0k (github.com/m4ll0k)\n')
        sys.exit(0)
    for arg in sys.argv:
        if arg == '--getvuln':
            args['getvulns'] = True
        if arg == '--getinfo':
            args['getinfo'] = True 
        if arg == '--getbanner':
            args['getbanner'] = True 
        if arg == '--getmoreinfo':
            args['getmoreinfo'] = True 
        if arg == '--proxy':
            proxy = sys.argv[sys.argv.index('--proxy') + 1]
            if '--' in proxy:
                sys.exit(print(
                    'Please check your proxy, (host:port)'
                ))
            args.update({"proxy":str(proxy)})
        if arg == '--getports':
            args['getports'] = True
        if arg == '--stdin':
            args['stdin'] = True
        if re.search(r'\d+.\d+.\d+.\d+',arg):
            args['ip'] = re.search(r'\d+.\d+.\d+.\d+',arg).group(0)
            # ip checker
            for i in args['ip'].split('.'):
                if int(i) > 255:
                    sys.exit(print('Wrong ip!'))
            if len(args['ip'].split('.')) != 4:
                sys.exit(print("Wrong ip!!!"))
    if args['ip'] == "" and args['stdin'] == False:
        sys.exit(print('Wrong ip or ip not specified!!'))
    else:
        if args['stdin']:
            for i in sys.stdin.readlines():
                i = i.strip()
                if i != "":
                    print('[+] IP: %s'%i)
                    if re.search(r'[\d{3}\.]{4,15}',i):
                        args['ip'] = re.search(r'[\d{3}\.]{4,15}',i).group(0)
                    if args['ip'] == "":
                        sys.exit(print('Wrong ip or ip not specified!!'))
                    main(args)
        elif args['stdin'] is False:
            print("[+] IP: %s"%args['ip'])
            main(args)