Building an HTTP Client That Interacts with Shodan

Shadon(URL:https://www.shodan.io/)  is the world's first search engine for Internet-connected devices.

Register and get the API key from Shadon, then set it as an environment variable.

Here is a high-level overview of the typical steps for preparing and building an API client:

1. Review the service's API documentation.

  https://developer.shodan.io/api

2. Design a logical structure for the code in order to reduce complexity and repetition.

Project Structure

main.go: Use primarily to interact with your client implementation.

3. Define request or response types, as necessary, in GO.

Cleaning Up API Calls in shodan.go.

package shodan

const BaseURL = "https://api.shodan.io"

type Client struct {

	apiKey string

}

func New(apiKey string) *Client {

	return &Client{apiKey: apiKey}

}

 

4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.

 Querying your Shodan Subscription

api.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Ref to shadon API doc: Sample Response

//{

//"query_credits": 56,

//"scan_credits": 0,

//"telnet": true,

//"plan": "edu",

//"https": true,

//"unlocked": true,

//}

type APIInfo struct {

	QueryCredits int    `json:"query_credits"`

	ScanCredits  int    `json:"scan_credits"`

	Telnet       bool   `json:"telnet"`

	Plan         string `json:"plan"`

	HTTPS        bool   `json:"https"`

	Unlocked     bool   `json:"unlocked"`

}

// Making an HTTP GET request and decoding the response

func (s *Client) APIInfo()(*APIInfo, error) {

	// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}

	res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret APIInfo

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  host.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Represents the location element within the host

type HostLocation struct {

	City         string   `json:"city"`

	RegionCode   string   `json:"region_code"`

	AreaCode     int      `json:"area_code"`

	Longitude    float32  `json:"longitude"`

	CountryCode3 string   `json:"country_code3"`

	CountryName  string   `json:"country_name"`

	PostalCode   string   `json:"postal_code"`

	DMACode      int      `json:"dma_code"`

	CountryCode  string   `json:"country_code"`

	Latitude     float32  `json:"latitude"`

}

// Represents a single matches element

type Host struct {

	OS        string         `json:"os"`

	Timestamp string         `json:"timestamp"`

	ISP       string         `json:"isp"`

	ASN       string         `json:"asn"`

	Hostnames []string       `json:"hostnames"`

	Location  HostLocation   `json:"location"`

	IP        int64          `json:"ip"`

	Domains   []string       `json:"domains"`

	Org       string         `json:"org"`

	Data      string         `json:"data"`

	Port      int            `json:"port"`

	IPString  string         `json:"ip_str"`

}

// Used for parsing the matches array

type HostSearch struct {

	Matches []Host `json:"matches"`

}

// Ref to shodan API Doc:  https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}

func (s *Client) HostSearch(q string) (*HostSearch, error) {

	res, err := http.Get(

		fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),

		)

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret HostSearch

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  

5. Build the client that interacts with the API consumer functions and types.

Create a Client- main.go

package main

import (

	"Shodan/src/shodan/shodan"

	"fmt"

	"log"

	"os"

)

func main() {

	if len(os.Args) != 2 {

		log.Fatalln("Usage: shodan searchterm")

	}

	apiKey := os.Getenv("SHODAN_API_KEY")

	s := shodan.New(apiKey)

	info, err := s.APIInfo()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Printf(

		"Query Credits: %d\nScan Credits: %d\n\n",

		info.QueryCredits,

		info.ScanCredits)

	hostSearch, err := s.HostSearch(os.Args[1])

	if err != nil {

		log.Panicln(err)

	}

	for _, host := range hostSearch.Matches {

		fmt.Printf("%18s%8d\n", host.IPString, host.Port)

	}

}

Run the Shodan search program.

SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(4)

    Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...

  4. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. VS Code WebApi系列——3、发布

    上两篇已经实现了WebApi及基于jwt的Token设置,那么功能做完了,该发布WebApi了.为什么要对发布进行一下说明呢,因为是基于vscode和.netcore的发布,所以可能会遇到莫名奇妙的问 ...

  2. Linux环境下操作Oracle数据库命令

    A增量备份 在Oracle用户下进行: 1.su – oracle, pwd to make sure. 2.脚本位置more /home/oracle/arch.sh 3.运行脚本 ./arch.s ...

  3. Jenkins中agent的使用

    [前言] 很多小伙伴都已经会搭建Jenkins环境了,都想要用Jenkins来运行自动化接口,可我们的Jenkins在linux服务器上.服务器上默认的python包是2.6的这样不是很好,那么这边就 ...

  4. Java Jar 包加密 -- XJar

    Java Jar 包加密 一.缘由 Java的 Jar包中的.class文件可以通过反汇编得到源码.这样一款应用的安全性就很难得到保证,别人只要得到你的应用,不需花费什么力气,就可以得到源码. 这时候 ...

  5. asp.net Core依赖注入(自带的IOC容器)

    今天我们主要讲讲如何使用自带IOC容器,虽然自带的功能不是那么强大,但是胜在轻量级..而且..不用引用别的库. 在新的ASP.NET Core中,大量的采用了依赖注入的方式来编写代码. 比如,在我们的 ...

  6. Oracle 导出、导入某用户所有数据(包括表、视图、存储过程...)

    Oracle 导出.导入某用户所有数据(包括表.视图.存储过程...)前提:在CMD 命令下 导出命令:exp 用户名/密码@数据库 owner=用户名 file=文件存储路径(如:F:\abcd.d ...

  7. 序列推荐(transformer)

    目录 Attention演进(RNN&LSTM&GRU&Seq2Seq + Attention机制) LSTM GRU Seq2Seq + Attention机制 Attent ...

  8. 浅谈auth模块

    目录 auth模块 什么是Auth模块 auth模块的常用方法 用户注册 扩展默认的auth_user表 auth模块 什么是Auth模块 ​ auth模块是对注册登录认证注销修改密码等方法的一种封装 ...

  9. 主流App自动化测试框架对比

        1.主流App自动化测试框架对比 2.Appium自动化测试框架 官方网址:http://appium.io/ 跨架构:支持原生.混合以及web移动应用 跨平台:Android & I ...

  10. css3 自定义字体_使用@font-face方式实现个性化字体

    当我们在浏览一些网站时发现,里面含有一些十分个性的字体,这些字体并不是我们电脑上安装的字体.那么css是如何实现自定义字体的呢? 资源网站大全https://55wd.com 在css3中可以通过@f ...