Building an HTTP Client That Interacts with Shodan

Shadon(URL:https://www.shodan.io/)  is the world's first search engine for Internet-connected devices.

Register and get the API key from Shadon, then set it as an environment variable.

Here is a high-level overview of the typical steps for preparing and building an API client:

1. Review the service's API documentation.

  https://developer.shodan.io/api

2. Design a logical structure for the code in order to reduce complexity and repetition.

Project Structure

main.go: Use primarily to interact with your client implementation.

3. Define request or response types, as necessary, in GO.

Cleaning Up API Calls in shodan.go.

package shodan

const BaseURL = "https://api.shodan.io"

type Client struct {

	apiKey string

}

func New(apiKey string) *Client {

	return &Client{apiKey: apiKey}

}

 

4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.

 Querying your Shodan Subscription

api.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Ref to shadon API doc: Sample Response

//{

//"query_credits": 56,

//"scan_credits": 0,

//"telnet": true,

//"plan": "edu",

//"https": true,

//"unlocked": true,

//}

type APIInfo struct {

	QueryCredits int    `json:"query_credits"`

	ScanCredits  int    `json:"scan_credits"`

	Telnet       bool   `json:"telnet"`

	Plan         string `json:"plan"`

	HTTPS        bool   `json:"https"`

	Unlocked     bool   `json:"unlocked"`

}

// Making an HTTP GET request and decoding the response

func (s *Client) APIInfo()(*APIInfo, error) {

	// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}

	res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret APIInfo

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  host.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Represents the location element within the host

type HostLocation struct {

	City         string   `json:"city"`

	RegionCode   string   `json:"region_code"`

	AreaCode     int      `json:"area_code"`

	Longitude    float32  `json:"longitude"`

	CountryCode3 string   `json:"country_code3"`

	CountryName  string   `json:"country_name"`

	PostalCode   string   `json:"postal_code"`

	DMACode      int      `json:"dma_code"`

	CountryCode  string   `json:"country_code"`

	Latitude     float32  `json:"latitude"`

}

// Represents a single matches element

type Host struct {

	OS        string         `json:"os"`

	Timestamp string         `json:"timestamp"`

	ISP       string         `json:"isp"`

	ASN       string         `json:"asn"`

	Hostnames []string       `json:"hostnames"`

	Location  HostLocation   `json:"location"`

	IP        int64          `json:"ip"`

	Domains   []string       `json:"domains"`

	Org       string         `json:"org"`

	Data      string         `json:"data"`

	Port      int            `json:"port"`

	IPString  string         `json:"ip_str"`

}

// Used for parsing the matches array

type HostSearch struct {

	Matches []Host `json:"matches"`

}

// Ref to shodan API Doc:  https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}

func (s *Client) HostSearch(q string) (*HostSearch, error) {

	res, err := http.Get(

		fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),

		)

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret HostSearch

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  

5. Build the client that interacts with the API consumer functions and types.

Create a Client- main.go

package main

import (

	"Shodan/src/shodan/shodan"

	"fmt"

	"log"

	"os"

)

func main() {

	if len(os.Args) != 2 {

		log.Fatalln("Usage: shodan searchterm")

	}

	apiKey := os.Getenv("SHODAN_API_KEY")

	s := shodan.New(apiKey)

	info, err := s.APIInfo()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Printf(

		"Query Credits: %d\nScan Credits: %d\n\n",

		info.QueryCredits,

		info.ScanCredits)

	hostSearch, err := s.HostSearch(os.Args[1])

	if err != nil {

		log.Panicln(err)

	}

	for _, host := range hostSearch.Matches {

		fmt.Printf("%18s%8d\n", host.IPString, host.Port)

	}

}

Run the Shodan search program.

SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(4)

    Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...

  4. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. 一文搞懂GitLab安装部署及服务配置

    GitLab安装部署 Git,GitHub,GitLab,这三个东东长得好像呀,都是个啥? Git是Linus Torvalds(如果不知道这位大神是谁,请出门左转,慢走不送~)为了帮助管理Linux ...

  2. 使用DragonFly进行智能镜像分发

    Dragonfly 是一款基于 P2P 的智能镜像和文件分发工具.它旨在提高文件传输的效率和速率,最大限度地利用网络带宽,尤其是在分发大量数据时,例如应用分发.缓存分发.日志分发和镜像分发. 在阿里巴 ...

  3. vue学习第二天:Vue跑马灯效果制作

    分析: 1. 给开始按钮绑定一个点击事件 2.在按钮的事件处理函数中,写相关的业务代码 3.拿到msg字符串 4.调用字符串的substring来进行字符串的截取操作 5.重新赋值利用vm实例的特性来 ...

  4. Java WebService学习笔记 - Axis进阶(二)

    上一篇  Java WebService学习笔记 - Axis(一) 前一篇博文中简单介绍了Axis的使用方法,这篇将介绍一些Axis的一些高级特性 Axis中Handler的使用 Handler ...

  5. Hystrix总结

    Hystrix 能使你的系统在出现依赖服务失效的时候,通过隔离系统所依赖的服务,防止服务级联失败,同时提供失败回退机制,更优雅地应对失效,并使你的系统能更快地从异常中恢复. Hystrix能做什么? ...

  6. JavaWeb网上图书商城完整项目--day02-18.修改密码页面处理

    1.用户登陆成功之后会显示 当点击修改密码的时候,会进入下面的页面 对应的是pwd.jsp这个文件 我们把对jsp页面前段的校验都封装在pwd.js中,在jsp中引入该js文件 <%@ page ...

  7. django drf插件(一)

    复习 """ 1.vue如果控制html 在html中设置挂载点.导入vue.js环境.创建Vue对象与挂载点绑定 2.vue是渐进式js框架 3.vue指令 {{ }} ...

  8. 浅谈MySQL多表操作

    字段操作 create table tf1( id int primary key auto_increment, x int, y int ); # 修改 alter table tf1 modif ...

  9. Centos7解压Zip文件

    一.安装支持ZIP的工具 yum install -y unzip zip 二.解压zip文件 unzip 文件名.zip 三.压缩一个zip文件 zip 文件名.zip 文件夹名称或文件名称

  10. 关于延迟段创建-P1

    文章目录 1 疑问点 2 环境创建 2.1 创建用户 2.2 创建表test 2.3 查看表的段信息 2.4 延迟段创建相关参数 1 疑问点 P1页有句话说道: 在Oracle 11.2.0.3.0以 ...