Go Pentester - HTTP CLIENTS(2)
Building an HTTP Client That Interacts with Shodan
Shadon(URL:https://www.shodan.io/) is the world's first search engine for Internet-connected devices.
Register and get the API key from Shadon, then set it as an environment variable.


Here is a high-level overview of the typical steps for preparing and building an API client:
1. Review the service's API documentation.
https://developer.shodan.io/api
2. Design a logical structure for the code in order to reduce complexity and repetition.
Project Structure

main.go: Use primarily to interact with your client implementation.
3. Define request or response types, as necessary, in GO.
Cleaning Up API Calls in shodan.go.
package shodan
const BaseURL = "https://api.shodan.io"
type Client struct {
apiKey string
}
func New(apiKey string) *Client {
return &Client{apiKey: apiKey}
}
4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.
Querying your Shodan Subscription
api.go
package shodan import (
"encoding/json"
"fmt"
"net/http"
) // Ref to shadon API doc: Sample Response
//{
//"query_credits": 56,
//"scan_credits": 0,
//"telnet": true,
//"plan": "edu",
//"https": true,
//"unlocked": true,
//}
type APIInfo struct {
QueryCredits int `json:"query_credits"`
ScanCredits int `json:"scan_credits"`
Telnet bool `json:"telnet"`
Plan string `json:"plan"`
HTTPS bool `json:"https"`
Unlocked bool `json:"unlocked"`
} // Making an HTTP GET request and decoding the response
func (s *Client) APIInfo()(*APIInfo, error) {
// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}
res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))
if err != nil {
return nil, err
}
defer res.Body.Close() var ret APIInfo
if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {
return nil, err
}
return &ret, nil
}
host.go
package shodan import (
"encoding/json"
"fmt"
"net/http"
) // Represents the location element within the host
type HostLocation struct {
City string `json:"city"`
RegionCode string `json:"region_code"`
AreaCode int `json:"area_code"`
Longitude float32 `json:"longitude"`
CountryCode3 string `json:"country_code3"`
CountryName string `json:"country_name"`
PostalCode string `json:"postal_code"`
DMACode int `json:"dma_code"`
CountryCode string `json:"country_code"`
Latitude float32 `json:"latitude"`
} // Represents a single matches element
type Host struct {
OS string `json:"os"`
Timestamp string `json:"timestamp"`
ISP string `json:"isp"`
ASN string `json:"asn"`
Hostnames []string `json:"hostnames"`
Location HostLocation `json:"location"`
IP int64 `json:"ip"`
Domains []string `json:"domains"`
Org string `json:"org"`
Data string `json:"data"`
Port int `json:"port"`
IPString string `json:"ip_str"`
} // Used for parsing the matches array
type HostSearch struct {
Matches []Host `json:"matches"`
} // Ref to shodan API Doc: https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}
func (s *Client) HostSearch(q string) (*HostSearch, error) {
res, err := http.Get(
fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),
)
if err != nil {
return nil, err
}
defer res.Body.Close() var ret HostSearch
if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {
return nil, err
} return &ret, nil
}
5. Build the client that interacts with the API consumer functions and types.
Create a Client- main.go
package main import (
"Shodan/src/shodan/shodan"
"fmt"
"log"
"os"
) func main() {
if len(os.Args) != 2 {
log.Fatalln("Usage: shodan searchterm")
}
apiKey := os.Getenv("SHODAN_API_KEY")
s := shodan.New(apiKey)
info, err := s.APIInfo()
if err != nil {
log.Panicln(err)
}
fmt.Printf(
"Query Credits: %d\nScan Credits: %d\n\n",
info.QueryCredits,
info.ScanCredits) hostSearch, err := s.HostSearch(os.Args[1])
if err != nil {
log.Panicln(err)
} for _, host := range hostSearch.Matches {
fmt.Printf("%18s%8d\n", host.IPString, host.Port)
}
}
Run the Shodan search program.
SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章
- Go Pentester - HTTP CLIENTS(1)
Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...
- Go Pentester - HTTP CLIENTS(5)
Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...
- Go Pentester - HTTP CLIENTS(4)
Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...
- Go Pentester - HTTP CLIENTS(3)
Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...
- Creating a radius based VPN with support for Windows clients
This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...
- Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)
In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...
- ZK 使用Clients.response
参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...
- MySQL之aborted connections和aborted clients
影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...
- 【渗透测试学习平台】 web for pentester -2.SQL注入
Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...
随机推荐
- JavaScript中的事件委托(转至大佬)
转至:https://www.cnblogs.com/liugang-vip/p/5616484.html 起因: 1.这是前端面试的经典题型,要去找工作的小伙伴看看还是有帮助的: 2.其实我一直都没 ...
- Mysql表结构转成Oracle
Navicat数据库连接工具
- JSP新闻显示
MYSQL数据库创建新闻表,用户登陆时使用SERVLET获取用户名,效验通过后直接跳转新闻列表页面,JSP使用EL显示新闻列表 1.首先创建数据库及用户.新闻表 CREATE DATABASE /*! ...
- 这一次搞懂SpringBoot核心原理(自动配置、事件驱动、Condition)
@ 目录 前言 正文 启动原理 事件驱动 自动配置原理 Condition注解原理 总结 前言 SpringBoot是Spring的包装,通过自动配置使得SpringBoot可以做到开箱即用,上手成本 ...
- linux环境搭建单机kafka
准备工作: jdk-8u191-linux-x64.rpm | zookeeper-3.4.6.tar.gz | kafka_2.11-2.2.0.tgz 对应的地址 zookeeper: ...
- Python实用笔记 (7)高级特性——切片
列表L = ['Michael', 'Sarah', 'Tracy', 'Bob', 'Jack'] 取前3个元素 >>> L[0:3] ['Michael', 'Sarah', ' ...
- SpringBoot2.x的依赖管理
前提 这篇文章是<SpringBoot2.x入门>专辑的第1篇文章,使用的SpringBoot版本为2.3.1.RELEASE,JDK版本为1.8. 主要梳理一下SpringBoot2.x ...
- 抓包工具-Charles基础使用
正在整理,等待编辑过后更新....... 竟然字少不能发不出去 那..... 现..... 在..... 够..... 了..... 吗?????? 不..... 够..... 我..... 在... ...
- 拿2k的前端开发都会做些什么?
坐标珠海,前端程序媛一枚 实习时候做的是测试,2.5k+600餐补: 后来觉得对前端更有兴趣所以重新找工作,但是苦于没有经验,毕业第一年在一个传统行业的公司找到了一个前端岗位,薪酬4k,公司主要是接政 ...
- 'printf' Function
printf is not part of the C language; there is no input or output defined in C itself. printf is jus ...