Building an HTTP Client That Interacts with Shodan

Shadon(URL:https://www.shodan.io/)  is the world's first search engine for Internet-connected devices.

Register and get the API key from Shadon, then set it as an environment variable.

Here is a high-level overview of the typical steps for preparing and building an API client:

1. Review the service's API documentation.

  https://developer.shodan.io/api

2. Design a logical structure for the code in order to reduce complexity and repetition.

Project Structure

main.go: Use primarily to interact with your client implementation.

3. Define request or response types, as necessary, in GO.

Cleaning Up API Calls in shodan.go.

package shodan

const BaseURL = "https://api.shodan.io"

type Client struct {

	apiKey string

}

func New(apiKey string) *Client {

	return &Client{apiKey: apiKey}

}

 

4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.

 Querying your Shodan Subscription

api.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Ref to shadon API doc: Sample Response

//{

//"query_credits": 56,

//"scan_credits": 0,

//"telnet": true,

//"plan": "edu",

//"https": true,

//"unlocked": true,

//}

type APIInfo struct {

	QueryCredits int    `json:"query_credits"`

	ScanCredits  int    `json:"scan_credits"`

	Telnet       bool   `json:"telnet"`

	Plan         string `json:"plan"`

	HTTPS        bool   `json:"https"`

	Unlocked     bool   `json:"unlocked"`

}

// Making an HTTP GET request and decoding the response

func (s *Client) APIInfo()(*APIInfo, error) {

	// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}

	res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret APIInfo

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  host.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Represents the location element within the host

type HostLocation struct {

	City         string   `json:"city"`

	RegionCode   string   `json:"region_code"`

	AreaCode     int      `json:"area_code"`

	Longitude    float32  `json:"longitude"`

	CountryCode3 string   `json:"country_code3"`

	CountryName  string   `json:"country_name"`

	PostalCode   string   `json:"postal_code"`

	DMACode      int      `json:"dma_code"`

	CountryCode  string   `json:"country_code"`

	Latitude     float32  `json:"latitude"`

}

// Represents a single matches element

type Host struct {

	OS        string         `json:"os"`

	Timestamp string         `json:"timestamp"`

	ISP       string         `json:"isp"`

	ASN       string         `json:"asn"`

	Hostnames []string       `json:"hostnames"`

	Location  HostLocation   `json:"location"`

	IP        int64          `json:"ip"`

	Domains   []string       `json:"domains"`

	Org       string         `json:"org"`

	Data      string         `json:"data"`

	Port      int            `json:"port"`

	IPString  string         `json:"ip_str"`

}

// Used for parsing the matches array

type HostSearch struct {

	Matches []Host `json:"matches"`

}

// Ref to shodan API Doc:  https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}

func (s *Client) HostSearch(q string) (*HostSearch, error) {

	res, err := http.Get(

		fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),

		)

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret HostSearch

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  

5. Build the client that interacts with the API consumer functions and types.

Create a Client- main.go

package main

import (

	"Shodan/src/shodan/shodan"

	"fmt"

	"log"

	"os"

)

func main() {

	if len(os.Args) != 2 {

		log.Fatalln("Usage: shodan searchterm")

	}

	apiKey := os.Getenv("SHODAN_API_KEY")

	s := shodan.New(apiKey)

	info, err := s.APIInfo()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Printf(

		"Query Credits: %d\nScan Credits: %d\n\n",

		info.QueryCredits,

		info.ScanCredits)

	hostSearch, err := s.HostSearch(os.Args[1])

	if err != nil {

		log.Panicln(err)

	}

	for _, host := range hostSearch.Matches {

		fmt.Printf("%18s%8d\n", host.IPString, host.Port)

	}

}

Run the Shodan search program.

SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(4)

    Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...

  4. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. WeChair项目Beta冲刺(3/10)

    团队项目进行情况 1.昨日进展    Beta冲刺第三天 昨日进展: 昨天工作开始有条不紊地进行着,大家积极交流 2.今日安排 前端:扫码占座功能和预约功能并行开发 后端:扫码占座后端逻辑和预约功能逻 ...

  2. ODBC 常见数据源配置整理

    目录 1. 简介 1.1 ODBC和JDBC 1.2 ODBC配置工具 1.3 ODBC 数据源连接配置 2. MySQL 数据源配置 2.1 配置步骤 2.2 链接参数配置 3. SQLServer ...

  3. Java是如何实现Future模式的?万字详解!

    JDK1.8源码分析项目(中文注释)Github地址: https://github.com/yuanmabiji/jdk1.8-sourcecode-blogs 1 Future是什么? 先举个例子 ...

  4. Web安全之暴力破解

    暴力破解,顾名思义简单粗暴直接,我理解为将所有的“答案”都进行尝试直到找到正确的“答案", 当然我们不可能将所有的“答案”都进行尝试,所以我们只能将所有最有可能是正确的“答案”进行尝试即可 ...

  5. python之浅谈计算机基础

    目录 一.计算机基础之编程 什么是编程语言 什么是编程 为什么要编程 二.计算机组成原理 1. 计算机五大组成 CPU 存储器 输入设备 输出设备 2.计算机五大部分补充 CPU相关 应用程序启动流程 ...

  6. P2136 拉近距离

    我也想有这样的爱情故事,可惜我单身 其实这道题就是一个比较裸的最短路问题.对于一个三元组 (S,W,T) ,S其实就是一个端点,而W就是到达的端点,连接两个端点的边长为-T,注意要取一个相反数,这样才 ...

  7. node 模块正确暴露方法

    一个node模块,为了能够服用,就需要将其暴露,那么如何正确写呢?(参考:https://developer.mozilla.org/zh-CN/docs/Learn/Server-side/Expr ...

  8. Python-发送邮件验证码

    前言 ​ 关于 Python 这个栏目,咕了几个月了,今天讲讲如何发送验证码并验证. ​ 因为部分原因,写这篇文章的时候心情是不太好的,播放首歌吧. 代码 导入 导入yagmail,random和ti ...

  9. 这样基于Netty重构RPC框架你不可能知道

    原创申明:本文由公众号[猿灯塔]原创,转载请说明出处标注 今天是猿灯塔“365天原创计划”第5天. 今天呢!灯塔君跟大家讲: 基于Netty重构RPC框架 一.CyclicBarrier方法说明 1. ...

  10. 每日一题 - 剑指 Offer 48. 最长不含重复字符的子字符串

    题目信息 时间: 2019-07-02 题目链接:Leetcode tag: 动态规划 哈希表 难易程度:中等 题目描述: 请从字符串中找出一个最长的不包含重复字符的子字符串,计算该最长子字符串的长度 ...