Building an HTTP Client That Interacts with Shodan

Shadon(URL:https://www.shodan.io/)  is the world's first search engine for Internet-connected devices.

Register and get the API key from Shadon, then set it as an environment variable.

Here is a high-level overview of the typical steps for preparing and building an API client:

1. Review the service's API documentation.

  https://developer.shodan.io/api

2. Design a logical structure for the code in order to reduce complexity and repetition.

Project Structure

main.go: Use primarily to interact with your client implementation.

3. Define request or response types, as necessary, in GO.

Cleaning Up API Calls in shodan.go.

package shodan

const BaseURL = "https://api.shodan.io"

type Client struct {

	apiKey string

}

func New(apiKey string) *Client {

	return &Client{apiKey: apiKey}

}

 

4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.

 Querying your Shodan Subscription

api.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Ref to shadon API doc: Sample Response

//{

//"query_credits": 56,

//"scan_credits": 0,

//"telnet": true,

//"plan": "edu",

//"https": true,

//"unlocked": true,

//}

type APIInfo struct {

	QueryCredits int    `json:"query_credits"`

	ScanCredits  int    `json:"scan_credits"`

	Telnet       bool   `json:"telnet"`

	Plan         string `json:"plan"`

	HTTPS        bool   `json:"https"`

	Unlocked     bool   `json:"unlocked"`

}

// Making an HTTP GET request and decoding the response

func (s *Client) APIInfo()(*APIInfo, error) {

	// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}

	res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret APIInfo

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  host.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Represents the location element within the host

type HostLocation struct {

	City         string   `json:"city"`

	RegionCode   string   `json:"region_code"`

	AreaCode     int      `json:"area_code"`

	Longitude    float32  `json:"longitude"`

	CountryCode3 string   `json:"country_code3"`

	CountryName  string   `json:"country_name"`

	PostalCode   string   `json:"postal_code"`

	DMACode      int      `json:"dma_code"`

	CountryCode  string   `json:"country_code"`

	Latitude     float32  `json:"latitude"`

}

// Represents a single matches element

type Host struct {

	OS        string         `json:"os"`

	Timestamp string         `json:"timestamp"`

	ISP       string         `json:"isp"`

	ASN       string         `json:"asn"`

	Hostnames []string       `json:"hostnames"`

	Location  HostLocation   `json:"location"`

	IP        int64          `json:"ip"`

	Domains   []string       `json:"domains"`

	Org       string         `json:"org"`

	Data      string         `json:"data"`

	Port      int            `json:"port"`

	IPString  string         `json:"ip_str"`

}

// Used for parsing the matches array

type HostSearch struct {

	Matches []Host `json:"matches"`

}

// Ref to shodan API Doc:  https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}

func (s *Client) HostSearch(q string) (*HostSearch, error) {

	res, err := http.Get(

		fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),

		)

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret HostSearch

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  

5. Build the client that interacts with the API consumer functions and types.

Create a Client- main.go

package main

import (

	"Shodan/src/shodan/shodan"

	"fmt"

	"log"

	"os"

)

func main() {

	if len(os.Args) != 2 {

		log.Fatalln("Usage: shodan searchterm")

	}

	apiKey := os.Getenv("SHODAN_API_KEY")

	s := shodan.New(apiKey)

	info, err := s.APIInfo()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Printf(

		"Query Credits: %d\nScan Credits: %d\n\n",

		info.QueryCredits,

		info.ScanCredits)

	hostSearch, err := s.HostSearch(os.Args[1])

	if err != nil {

		log.Panicln(err)

	}

	for _, host := range hostSearch.Matches {

		fmt.Printf("%18s%8d\n", host.IPString, host.Port)

	}

}

Run the Shodan search program.

SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(4)

    Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...

  4. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. SLAM:使用EVO测评ORBSLAM2

    SLAM:使用EVO测评ORBSLAM2 EVO是用来评估SLAM系统测量数据以及输出估计优劣的Python工具,详细说明请参照: https://github.com/MichaelGrupp/ev ...

  2. Windows7/10实现ICMP(ping命令)

    如果觉得本文如果帮到你或者你想转载都可以,只需要标注出处即可.谢谢 利用ICMP数据包.C语言实现Ping命令程序,能实现基本的Ping操作,发送ICMP回显请求报文,用于测试—个主机到只一个主机之间 ...

  3. 黎活明8天快速掌握android视频教程--25_网络通信之资讯客户端

    1 该项目的主要功能是:后台通过xml或者json格式返回后台的视频资讯,然后Android客户端界面显示出来 首先后台新建立一个java web后台 采用mvc的框架 所以的servlet都放在se ...

  4. android activity状态的保存

    今天接到一个电面,途中面试官问到一个问题,如果一个activity在后台的时候,因为内存不足可能被杀死,在这之前如果想保存其中的状态数据,比如说客户填的一些信息之类的,该在哪个方法中进行. onSav ...

  5. CentOS 7 Zookeeper 和 Kafka 集群搭建

    环境 CentOS 7.4 Zookeeper-3.6.1 Kafka_2.13-2.4.1 Kafka-manager-2.0.0.2 本次安装的软件全部在 /home/javateam 目录下. ...

  6. web 基础(一) HTML

    web 基础(一) HTML 与 XHTML 一.HTML介绍 HTML( Hyper Text Markup Language)指的是超文本标记语言,是用来描述网页的一种语言.它包括一系列标签.通过 ...

  7. Redis五种数据类型应用场景

    目录 1.1 回顾 2.1 应用场景 2.1.1 String 2.1.2 Hash 2.1.3 List 2.1.4 Zet 2.1.5 zset 3.1 小结 1.1 回顾 Redis的五种数据类 ...

  8. IDEA 2020.1 插件市场无法找到官方的汉化包解决办法

    问题: idea 终于更新了2020.1版本,新增了好多的特性,官方也终于支持了中文语言包,但是下载后在插件市场无法找到官方的汉化包 解决: 去IDEA插件中心 (https://plugins.je ...

  9. Typography convention

    1 h1 Chapter title centered,number three in bold,used ##. 1.1 h2 The chapter is a section, and the s ...

  10. crm项目开发之架构设计

    CRM customer relationship management 客户管理系统 1. 干什么用的? 管理客户 维护客户关系 2. 谁去使用? 销售 班主任 项目经理 3. 需求: 1. 登录 ...