什么是shodan?
Shodan是一个让你探索互联网的工具;发现连接设备或网络服务、监控网络安全、进行全局统计等。
shodan接口
可以通过著名的网站、官方的python命令行界面工具和库、多种语言的各种社区驱动库以及官方的REST API与Shodan进行交互。
CLI工具
官方的shodan命令行界面(CLI)是用python编写的,以便在您的终端中快速使用。
安装
安装在像pyenv这样的虚拟python环境中
代码语言:javascript复制
$ easy_install shodan
一旦你安装了shodan CLI工具,要设置你的API令牌只需做:
代码语言:javascript复制
$ shodan init <YOUR_API_KEY>
命令解释
有十几个简单的命令:
help: 常见的帮助命令
info: 如果你已经设置了你的API令牌,你可以检查你还剩多少credits(QueryCredit用于搜索Shodan,Scan Credits用于扫描ip)
一个搜索请求消耗1个QueryCredit,而扫描1个IP消耗1个ScanCredit。
count: 返回搜索查询的结果数目。
download: 搜索Shodan并将结果下载到一个文件中,其中每一行都是JSON格式。
默认情况下,它将只下载1000个结果,如果你想下载更多,看看-limit标志。下载命令允许您保存结果,然后使用parse命令处理它们。Export credits是用来下载数据从网站的速度:1个export credit让你下载多达10000个结果。它们是一次性的,这意味着一旦你使用它们,它们不会在月初自动更新。但是如果你没有export credit,你可以使用一个query credit来保存100个结果。
host: 查看有关主机的信息,如主机位于何处、打开了哪些端口以及哪个组织拥有IP。
myip: 返回您的面向internet的IP地址。
parse: 使用parse来分析使用download命令生成的文件。
它允许您过滤出感兴趣的字段,将JSON转换为CSV,并且对于通过管道传输到其他脚本非常友好。
search: 这个命令允许您搜索Shodan并以一种终端友好的方式查看结果。
默认情况下,它将显示IP、端口、主机名和数据。您可以使用-fields参数打印您感兴趣的任何横幅字段。
一个简单的查询不会消耗任何积分,但如果你使用搜索过滤器或请求页面2和更多,积分将被消耗.
- 不需要积分的查询示例:
shodan search --fields ip_str,port,os smb
- 查询的例子,将花费1个积分(因为使用过滤器):
$ shodan search --fields ip_str,port,org,info product:mongodb
scan: 使用Shodan扫描一个IP/网络块。
- 启动扫描将花费积分: 1个scan credit让你扫描一个IP
默认情况下,扫描结果将显示在stdout中,但是您可以将其保存到一个文件中,以便以后能够解析它。
代码语言:javascript复制
$ shodan scan submit --filename 104.27.154.244_scan.json.gz 104.27.154.244
$ shodan scan list 列出scan列表
$ shodan scan internet 8080 wemo-http 可用的协议和模块可以用shodan扫描协议列出。
stats: 提供关于搜索查询的摘要信息
默认情况下,你只会得到前10名,而不是所有的:
但是我们可以自定义这个行为:
Shodan网站
主页面
Shodan的主要界面是搜索引擎。
它显示每个主机的摘要、匹配查询的主机总数(如CLI的count命令)和一些统计信息(如stats命令)。
一旦您选择了一个主机,您将能够看到一个列表,影响主机的漏洞,开放端口和开放端口的信息。
下载数据
在你进行搜索后,会有一个下载结果按钮:
然后,您将能够下载JSON、CSV或XML格式的搜索结果。
生成报告
该网站允许您根据搜索查询生成报告。
该报告包含图形/图表,为您提供了如何在Internet上分布结果的大图视图。这个功能是免费的,任何人都可以使用。
要生成报告,请单击搜索结果页面中的Create report按钮:
Maps
https://maps.shodan.io/
搜索Shodan数据库的map接口的工作方式类似于CLI的stats命令,但是根据主机的物理位置将结果显示在交互式映射中。
由于它不会显示超过1000个结果,您将不得不放大和缩小或移动来显示其他结果。
Exploits
exploit是一个搜索引擎,它可以同时在各种漏洞数据库中查找exploit。
Developer dashboard
您的开发人员仪表板显示您的credits消费和API计划。
网络监控
https://monitor.shodan.io/dashboard
跟踪你暴露在互联网上的设备。设置通知,启动扫描,并获得你所连接的完全可见性。
monitor仪表板允许您跟踪您的设备,在检测到可疑内容时向您发出警报,启动扫描并显示在合成仪表板上发现的内容。
首先,添加一个IP、一个范围或一个域来监视和选择一个通知服务。
然后你可以管理你的资产,从这里你可以启动扫描或修改触发规则。
您可以选择哪种事件将触发警报。
然后指示板显示公开的服务。
ICS Radar
https://ics-radar.shodan.io/
Honeypot score
https://honeyscore.shodan.io/ 将一个蜜糖评分的IP地址
它只是一个抽象的API像honeyscore命令的CLI:
代码语言:javascript复制
$ shodan honeyscore 46.244.103.227
Shodan 2000
Sodan 2000是一个类似于tron的接口,它随机显示一个主机。
Community queries
您可以研究由社区的其他用户导出和共享的查询。
共享查询有一个标题、一个描述和标记,因此您可以轻松地浏览它们。
Restful API
Shodan附带了一个REST API,它可以用于构建基于Shodan的web应用程序服务。
API的基本URL是:https://api.shodan。io和所有API方法的速率限制为1 req/sec。该API是经过身份验证的,因此如果您忘记提供您的API密钥,您将得到一个HTTP 401错误。
这里是一个例子:
代码语言:javascript复制
curl -s https://api.shodan.io/api-info?key={YOUR_API_KEY} | jq
curl -s https://api.shodan.io/shodan/host/1.1.1.1?key={YOUR_API_KEY} | jq
详细的API文档在这里:https://developer.shodan.io/api
Libraries
要将您的工具与Shodan API连接起来,您可以使用其中一个libraries。
官方版本是用Python编写的,但是也有Ruby、PHP、Haskell、Rust、Perl、Nodejs, Go, PowerShell, Java和c#
的社区库。
Python – shodan-python
Ruby – shodanz
Node.js – shodan-client
Python – shodan-python
安装
代码语言:javascript复制
$ easy_install shodan
下面我们来初始化shodan api key
代码语言:javascript复制
import shodan
SHODAN_API_KEY = 'API key here'
api = shodan.Shodan(SHODAN_API_KEY)
例子1: 查询sample
代码语言:javascript复制
try:
# Search Shodan
results = api.search('apache')
## Show results
print('Results found: {}'.format(results['total']))
for result in results['matches']:
print('IP: {}'.format(result['ip_str']))
print(result['data'])
print('')
except shodan.APIError as e:
print('Error: {}'.format(e))
输出
代码语言:javascript复制
IP: 65.99.237.196
HTTP/1.1 200 OK
Date: Sat, 25 Jan 2020 16:07:19 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
IP: 212.72.184.58
HTTP/1.1 200 OK
Date: Sat, 25 Jan 2020 16:07:29 GMT
Server: Apache/2.2.22 (Debian) mod_python/3.3.1 Python/2.7.3 mod_ssl/2.2.22 OpenSSL/1.0.1t
X-Powered-By: PHP/5.4.45-0 deb7u14
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 25 Jan 2020 16:07:29 GMT
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html
例子2: 主机的可用端口:
代码语言:javascript复制
try:
# Lookup the host
host = api.host('1.1.1.1')
# Print general info
print("""
IP: {}
Organization: {}
Operating System: {}
""".format(host['ip_str'], host.get('org', 'n/a'), host.get('os', 'n/a')))
# Print all banners
for item in host['data']:
print("""
Port: {}
Banner: {}
""".format(item['port'], item['data']))
except shodan.APIError as e:
print('Error: {}'.format(e))
输出
代码语言:javascript复制
IP: 1.1.1.1
Organization: Mountain View Communications
Operating System: None
Port: 80
Banner: HTTP/1.1 409 Conflict
Date: Sat, 25 Jan 2020 15:55:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=d6241813d879cf2a39d03f5d6ce5a1abc1579967754; expires=Mon, 24-Feb-20 15:55:54 GMT; path=/; domain=.www.1yhaoduo.com; HttpOnly; SameSite=Lax
Cache-Control: max-age=6
Expires: Sat, 25 Jan 2020 15:56:00 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 55ab6f23aee09cbd-AMS
Port: 443
Banner: HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Jan 2020 15:47:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Jan 2020 16:47:19 GMT
Location: https://get.vitalsource.com/
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 55ab628f3b05acca-OTP
Port: 53
Banner: x00x00x80x83x00x01x00x00x00x01x00x00t_servicesx07_dns-sdx04_udpx05localx00x00x0cx00x01x00x00x06x00x01x00x00(xacx00@x01ax0croot-serversx03netx00x05nstldx0cverisign-grsx03comx00xfxf1xd4x00x00x07x08x00x00x03x84x00t:x80x00x01Qx80
例子3: 显示状态
代码语言:javascript复制
# The list of properties we want summary information on
FACETS = [
('org', 3),
'domain',
'port',
'asn',
('country', 10),
]
FACET_TITLES = {
'org': 'Top 3 Organizations',
'domain': 'Top 5 Domains',
'port': 'Top 5 Ports',
'asn': 'Top 5 Autonomous Systems',
'country': 'Top 10 Countries',
}
try:
# Query
query = 'apache 2.4'
# Count results
result = api.count(query, facets=FACETS)
print('Shodan Summary Information')
print('Query: %s' % query)
print('Total Results: %sn' % result['total'])
# Print the summary info from the facets
for facet in result['facets']:
print(FACET_TITLES[facet])
for term in result['facets'][facet]:
print('%s: %s' % (term['value'], term['count']))
# Print an empty line between summary info
print('')
except shodan.APIError as e:
print('Error: {}'.format(e))
输出:
代码语言:javascript复制
Shodan Summary Information
Query: apache 2.4
Total Results: 64678
Top 3 Organizations
Liquid Web, L.L.C: 23199
Amazon.com: 7588
Hetzner Online GmbH: 1818
Top 5 Domains
amazonaws.com: 10679
telecom.net.ar: 1661
your-server.de: 1243
t-ipconnect.de: 664
vultr.com: 443
Top 5 Ports
80: 21212
443: 19890
8080: 3024
10000: 1723
8081: 1366
Top 5 Autonomous Systems
as53824: 13848
as32244: 9351
as16509: 6294
as24940: 1759
as7303: 1453
Top 10 Countries
US: 31090
DE: 5833
CN: 4554
BR: 3010
AR: 1809
JP: 1475
GB: 1168
IN: 1009
FR: 756
CA: 613
官方参考手册:https://shodan.readthedocs.io/en/latest/
Ruby – shodanz
略
Node.js – shodan-client
略
Plugins
Firefox
Shodan.io
此附加组件检索Shodan收集的数据。你正在浏览的当前网站的io。它不仅显示组织等一般信息,还显示开放的端口。
Chromium
Shodan
Shodan插件告诉你网站的主机在哪里(国家、城市),谁拥有IP,还有其他哪些服务/端口是开放的。
Chrome的Shodan插件会自动检查Shodan是否有当前网站的任何信息。网站是否也运行FTP, DNS, SSH或一些不寻常的服务?有了这个插件,你可以看到所有的信息,Shodan已经收集了一个给定的网站/域。
Shodan搜索查询语法
Banner and properties
在Shodan的词汇表中,banner是包含服务信息的对象。
在官方文件中,下面的例子是一个简化的banner:
代码语言:javascript复制
{
"data": "Moxa Nport Device
Status: Authentication disabled
Name: NP5232I_4728
MAC: 00:90:e8:47:10:2d",
"ip_str": "46.252.132.235",
"port": 4800,
"org": "Starhub Mobile",
"location": {
"country_code": "SG"
}
}
字典中的每个键都被称为一个属性(data、ip_str、port等)。每个属性存储关于服务的不同类型的信息。默认情况下,如果没有提供过滤器,Shodan只查看data属性。
过滤条件
要使用其他属性搜索数据,我们必须使用过滤器。
搜索过滤器是特殊的关键字,用来告诉Shodan您希望搜索特定的属性。过滤器的格式是key:value。
一些例子:
- 要搜索位于Starhub移动网络中的设备,请执行以下操作:
org:”Starhub Mobile”
- 搜寻位于新加坡的装置:
country:SG
- 当然它们可以结合起来:
org:”Starhub Mobile” country:SG
Properties/filters说明书
这里是banner的完整属性列表(来源: 官方文档)
常用的参数:
Property | [Type] Description |
|---|---|
asn | [String] The autonomous system number (ex. “AS4837”). |
data | [String] Contains the banner information for the service. |
ip | [Integer] The IP address of the host as an integer. |
ip_str | [String] The IP address of the host as a string. |
ipv6 | [String] The IPv6 address of the host as a string. If this is present then the “ip” and “ip_str” fields wont be. |
port | [Integer] The port number that the service is operating on. |
timestamp | [String] The timestamp for when the banner was fetched from the device in the UTC timezone. Example: “2014-01-15T05:49:56.283713” |
hostnames | [String[]] An array of strings containing all of the hostnames that have been assigned to the IP address for this device. |
domains | [String[]] An array of strings containing the top-level domains for the hostnames of the device. This is a utility property in case you want to filter by TLD instead of subdomain. It is smart enough to handle global TLDs with several dots in the domain (ex. “co.uk”) |
location | [Object] An object containing all of the location information for the device. |
location.area_code | [Integer]The area code for the device’s location. Only available for the US. |
location.city | [String] The name of the city where the device is located. |
location.country_code | [String] The 2-letter country code for the device location. |
location.country_code3 | [String] The 3-letter country code for the device location. |
location.country_name | [String] The name of the country where the device is located. |
location.dma_code | [Integer] The designated market area code for the area where the device is located. Only available for the US. |
location.latitude | [Double] The latitude for the geolocation of the device. |
location.longitude | [Double] The longitude for the geolocation of the device. |
location.postal_code | [String] The postal code for the device’s location. |
location.region_code | [String] The name of the region where the device is located. |
opts | [Object] Contains experimental and supplemental data for the service. This can include the SSL certificate, robots.txt and other raw information that hasn’t yet been formalized into the Banner Specification. |
org | [String] The name of the organization that is assigned the IP space for this device. |
isp | [String] The ISP that is providing the organization with the IP space for this device. Consider this the “parent” of the organization in terms of IP ownership. |
os | [String] The operating system that powers the device. |
transport | [String] Either “udp” or “tcp” to indicate which IP transport protocol was used to fetch the information |
Optional Properties
Property | [Type] Description |
|---|---|
uptime | [Integer] The number of minutes that the device has been online. |
link | [String] The network link type. Possible values are: “Ethernet or modem”, “generic tunnel or V**”, “DSL”, “IPIP or SIT”, “SLIP”, “IPSec or GRE”, “VLAN”, “jumbo Ethernet”, “Google”, “GIF”, “PPTP”, “loopback”, “AX.25 radio modem”. |
title | [String] The title of the website as extracted from the HTML source. |
html | [String] The raw HTML source for the website. |
product | [String] The name of the product that generated the banner. |
version | [String] The version of the product that generated the banner. |
devicetype | [String] The type of device (webcam, router, etc.). |
info | [String] Miscellaneous information that was extracted about the product. |
cpe | [String] The relevant Common Platform Enumeration for the product or known vulnerabilities if available. For more information on CPE and the official dictionary of values visit the CPE Dictionary. |
SSL Properties
Property | [Type] Description |
|---|---|
ssl.cert | [Object] The parsed certificate properties that includes information such as when it was issued, the SSL extensions, the issuer, subject etc. |
ssl.cipher | [Object] Preferred cipher for the SSL connection |
ssl.chain | [Array] An array of certificates, where each string is a PEM-encoded SSL certificate. This includes the user SSL certificate up to its root certificate. |
ssl.dhparams | [Object] The Diffie-Hellman parameters if available: “prime”, “public_key”, “bits”, “generator” and an optional “fingerprint” if we know which program generated these parameters. |
ssl.versions | [Array] A list of SSL versions that are supported by the server. If a version isnt supported the value is prefixed with a “-”. Example: [“TLSv1”, “-SSLv2”] means that the server supports TLSv1 but doesnt support SSLv2. |
Miscellaneous
网站的测试版提供了两个有用的网页:
- Filters – 过滤器/属性备忘单列表
- Examples – A list of search query examples
Shodan使用例子
以下是CLI的例子:
代码语言:javascript复制
容易发生心脏出血的设备数量
$ shodan count vuln:cve-2014-0160
80467
获取域的子域列表
$ shodan domain cnn.com
CNN.COM
A 151.101.193.67
A 151.101.129.67
A 151.101.65.67
A 151.101.1.67
...
newsroom.blogs CNAME cnnnewsroom.wordpress.com
newsstream.blogs CNAME cnninewsstream.wordpress.com
now CNAME www.cnn.com
ntm.blogs CNAME ntm.blogs.cnn.com.edgesuite.net
olympics.blogs CNAME olympics.blogs.cnn.com.edgesuite.net
olympics.edition CNAME cnn.site.scribblelive.com
on A 157.166.224.172
outfront.blogs CNAME cnnoutfront.wordpress.com
pagingdrgupta.blogs CNAME cnnpagingdrgupta.wordpress.com
parkerspitzer.blogs CNAME cnnparkerspitzer.wordpress.com
...
为您的网络创建一个私有的firehose并订阅它
代码语言:javascript复制
$ shodan alert create mynetwork 198.20.58.0/24 && shodan stream --alerts=all
找出中国最常见的十大漏洞
继续使用一些常见的查询方式:
D-Link Internet Camera DCS-5300 series, without authentication
代码语言:javascript复制
$ shodan search 'd-Link Internet Camera, 200 OK'
FTP server with anonymous authentication enabled
代码语言:javascript复制
$ shodan search '230 login successful port:21'
Databases
代码语言:javascript复制
# MySQL
$ shodan search 'product:MySQL'
# MongoDB
$ shodan search 'product:MongoDB'
# elastic
$ shodan search 'port:9200 json'
# Memcached
$ shodan search 'product:Memcached'
# CouchDB
$ shodan search 'product:CouchDB'
# PostgreSQL
$ shodan search 'port:5432 PostgreSQL'
# Riak
$ shodan search 'port:8087 Riak'
# Redis
$ shodan search 'product:Redis'
# Cassandra
$ shodan search 'product:Cassandra'
Games
代码语言:javascript复制
# Minecraft
$ shodan search 'Minecraft Server port:25565'
# Counter-Strike: Global Offensive
$ shodan search 'product:"Counter-Strike Global Offensive"'
# Starbound
$ shodan search 'product:Starbound'
# ARK: Survival Evolved
$ shodan search 'product:"ARK Survival Evolved"'
工业控制系统
代码语言:javascript复制
# XZERES Wind Turbine
$ shodan search 'title:"xzeres wind"'
# PIPS Automated License Plate Reader
$ shodan search 'html:"PIPS Technology ALPR Processors"'
# Modbus
$ shodan search 'port:502'
# Niagara Fox
$ shodan search 'port:1911,4911 product:Niagara'
# GE-SRTP
$ shodan search 'port:18245,18246 product:"general electric"'
# MELSEC-Q
$ shodan search 'port:5006,5007 product:mitsubishi'
# CODESYS
$ shodan search 'port:2455 operating system'
# S7
$ shodan search 'port:102'
# BACnet
$ shodan search 'port:47808'
# HART-IP
$ shodan search 'port:5094 hart-ip'
# Omron FINS
$ shodan search 'port:9600 response code'
# IEC 60870-5-104
$ shodan search 'port:2404 asdu address'
# DNP3
$ shodan search 'port:20000 source address'
# EtherNet/IP
$ shodan search 'port:44818'
# PCWorx
$ shodan search 'port:1962 PLC'
# Crimson v3.0
$ shodan search 'port:789 product:"Red Lion Controls"'
# ProConOS
$ shodan search 'port:20547 PLC'
And now, some dorks from dalmoz:
ASCII video examples
Shodan on asciinema.org
Hacked Ubiquiti Networks Device
代码语言:javascript复制
$ shodan search 'hacked-router-help-sos'
Surveillance cameras, user: admin, no password
代码语言:javascript复制
$ shodan search 'hacked-router-help-sos'
Home routers’ storage/attached USB storage
代码语言:javascript复制
$ shodan search 'IPC$ all storage devices'
PBX phone gateways without authentication
代码语言:javascript复制
$ shodan search 'port:23 console gateway -password'
Lantronix ethernet adapter’s admin interface without password
代码语言:javascript复制
$ shodan search 'Press Enter for Setup Mode port:9999'
Polycom video-conference system no-auth shell
代码语言:javascript复制
$ shodan search '"polycom command shell"'
VNC servers without authentication
代码语言:javascript复制
$ shodan search '"authentication disabled" port:5900,5901'
NPort serial-to-eth / MoCA devices without password
代码语言:javascript复制
$ shodan search 'nport -keyin port:23'
Some PenTestIT queries:
Default Jenkins installations
代码语言:javascript复制
$ shodan search 'http.favicon.hash:81586312'
SonarQube installations
代码语言:javascript复制
$ shodan search 'http.favicon.hash:1485257654'
IBM WebSphere version disclosure
代码语言:javascript复制
$ shodan search 'WASRemoteRuntimeVersion'
使用Shodan的安全工具
- https://developer.shodan.io/apps
- https://github.com/BullsEye0/shodan-eye
- https://www.rapid7.com/db/modules/auxiliary/gather/shodan_search
- https://github.com/s0md3v/Striker
- https://github.com/lanmaster53/recon-ng
- https://github.com/smicallef/spiderfoot
- https://github.com/DefensePointSecurity/threat_note
- https://github.com/OWASP/Amass
- https://github.com/woj-ciech/Kamerka-GUI
- https://github.com/random-robbie/My-Shodan-Scripts
- https://github.com/jakejarvis/awesome-shodan-queries
- https://github.com/pielco11/fav-up
ShodanSploit
它允许您在终端上使用所有Shodan调用并进行详细查询。
Github repository: https://github.com/shodansploit/shodansploit
安装:
代码语言:javascript复制
git clone https://github.com/ismailtasdelen/shodansploit.git
cd shodansploit
python shodansploit.py
docker run -t ismailtasdelen/shodansploit
Menu:
代码语言:javascript复制
[1] GET > /shodan/host/{ip}
[2] GET > /shodan/host/count
[3] GET > /shodan/host/search
[4] GET > /shodan/host/search/tokens
[5] GET > /shodan/ports
[6] GET > /shodan/exploit/author
[7] GET > /shodan/exploit/cve
[8] GET > /shodan/exploit/msb
[9] GET > /shodan/exploit/bugtraq-id
[10] GET > /shodan/exploit/osvdb
[11] GET > /shodan/exploit/title
[12] GET > /shodan/exploit/description
[13] GET > /shodan/exploit/date
[14] GET > /shodan/exploit/code
[15] GET > /shodan/exploit/platform
[16] GET > /shodan/exploit/port
[17] GET > /dns/resolve
[18] GET > /dns/reverse
[19] GET > /labs/honeyscore/{ip}
[20] GET > /account/profile
[21] GET > /tools/myip
[22] GET > /tools/httpheaders
[23] GET > /api-info
[24] Exit
Fav-Up
使用Shodan通过favicon查找真正的IP
安装:
代码语言:javascript复制
At least python3.6 is required due to spicy syntax.
git clone https://github.com/pielco11/fav-up.git
pip3 install -r requirements.txt
Command overview:
Favicon-file:
python3 favUp.py –favicon-file favicon.ico -sc
Favicon-url
python3 favUp.py –favicon-url https://domain.behind.cloudflare/assets/favicon.ico -sc
Web
python3 favUp.py –web domain.behind.cloudflare -sc
Module
代码语言:javascript复制
from favUp import FavUp
f = FavUp()
f.shodanCLI = True
f.web = "domain.behind.cloudflare"
f.show = True
f.run()
for result in f.faviconsList:
print(f"Real-IP: {result['found_ips']}")
print(f"Hash: {result['favhash']}")
相关信息:https://pielco11.ovh/posts/cloud-hunting/
Articles of advanced uses
- Pivoting with Property Hashes
- Working with Shodan Data Files
- Create a GIF from an IP Image History
福利API Key: PB2X9cub5LhLxOIdsomKVqtlxjSIdi3Y
