Building an HTTP Client That Interacts with Shodan

Shadon(URL:https://www.shodan.io/)  is the world's first search engine for Internet-connected devices.

Register and get the API key from Shadon, then set it as an environment variable.

Here is a high-level overview of the typical steps for preparing and building an API client:

1. Review the service's API documentation.

  https://developer.shodan.io/api

2. Design a logical structure for the code in order to reduce complexity and repetition.

Project Structure

main.go: Use primarily to interact with your client implementation.

3. Define request or response types, as necessary, in GO.

Cleaning Up API Calls in shodan.go.

package shodan

const BaseURL = "https://api.shodan.io"

type Client struct {

	apiKey string

}

func New(apiKey string) *Client {

	return &Client{apiKey: apiKey}

}

 

4. Create helper functions and types to facilitate simple initialization, authentication, and communication to reduce verbose or repetitive logic.

 Querying your Shodan Subscription

api.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Ref to shadon API doc: Sample Response

//{

//"query_credits": 56,

//"scan_credits": 0,

//"telnet": true,

//"plan": "edu",

//"https": true,

//"unlocked": true,

//}

type APIInfo struct {

	QueryCredits int    `json:"query_credits"`

	ScanCredits  int    `json:"scan_credits"`

	Telnet       bool   `json:"telnet"`

	Plan         string `json:"plan"`

	HTTPS        bool   `json:"https"`

	Unlocked     bool   `json:"unlocked"`

}

// Making an HTTP GET request and decoding the response

func (s *Client) APIInfo()(*APIInfo, error) {

	// Ref to shodan API Doc: https://api.shodan.io/api-info?key={YOUR_API_KEY}

	res, err := http.Get(fmt.Sprintf("%s/api-info?key=%s", BaseURL, s.apiKey))

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret APIInfo

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  host.go

package shodan

import (

	"encoding/json"

	"fmt"

	"net/http"

)

// Represents the location element within the host

type HostLocation struct {

	City         string   `json:"city"`

	RegionCode   string   `json:"region_code"`

	AreaCode     int      `json:"area_code"`

	Longitude    float32  `json:"longitude"`

	CountryCode3 string   `json:"country_code3"`

	CountryName  string   `json:"country_name"`

	PostalCode   string   `json:"postal_code"`

	DMACode      int      `json:"dma_code"`

	CountryCode  string   `json:"country_code"`

	Latitude     float32  `json:"latitude"`

}

// Represents a single matches element

type Host struct {

	OS        string         `json:"os"`

	Timestamp string         `json:"timestamp"`

	ISP       string         `json:"isp"`

	ASN       string         `json:"asn"`

	Hostnames []string       `json:"hostnames"`

	Location  HostLocation   `json:"location"`

	IP        int64          `json:"ip"`

	Domains   []string       `json:"domains"`

	Org       string         `json:"org"`

	Data      string         `json:"data"`

	Port      int            `json:"port"`

	IPString  string         `json:"ip_str"`

}

// Used for parsing the matches array

type HostSearch struct {

	Matches []Host `json:"matches"`

}

// Ref to shodan API Doc:  https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}&facets={facets}

func (s *Client) HostSearch(q string) (*HostSearch, error) {

	res, err := http.Get(

		fmt.Sprintf("%s/shodan/host/search?key=%s&query=%s", BaseURL, s.apiKey, q),

		)

	if err != nil {

		return nil, err

	}

	defer res.Body.Close()

	var ret HostSearch

	if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {

		return nil, err

	}

	return &ret, nil

}

  

5. Build the client that interacts with the API consumer functions and types.

Create a Client- main.go

package main

import (

	"Shodan/src/shodan/shodan"

	"fmt"

	"log"

	"os"

)

func main() {

	if len(os.Args) != 2 {

		log.Fatalln("Usage: shodan searchterm")

	}

	apiKey := os.Getenv("SHODAN_API_KEY")

	s := shodan.New(apiKey)

	info, err := s.APIInfo()

	if err != nil {

		log.Panicln(err)

	}

	fmt.Printf(

		"Query Credits: %d\nScan Credits: %d\n\n",

		info.QueryCredits,

		info.ScanCredits)

	hostSearch, err := s.HostSearch(os.Args[1])

	if err != nil {

		log.Panicln(err)

	}

	for _, host := range hostSearch.Matches {

		fmt.Printf("%18s%8d\n", host.IPString, host.Port)

	}

}

Run the Shodan search program.

SHODAN_API_KEY=XXXX go run main.go tomcat

Go Pentester - HTTP CLIENTS(2)的更多相关文章

  1. Go Pentester - HTTP CLIENTS(1)

    Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparatio ...

  2. Go Pentester - HTTP CLIENTS(5)

    Parsing Document Metadata with Bing Scaping Set up the environment - install goquery package. https: ...

  3. Go Pentester - HTTP CLIENTS(4)

    Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopk ...

  4. Go Pentester - HTTP CLIENTS(3)

    Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metaspl ...

  5. Creating a radius based VPN with support for Windows clients

    This article discusses setting up up an integrated IPSec/L2TP VPN using Radius and integrating it wi ...

  6. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  7. ZK 使用Clients.response

    参考: http://stackoverflow.com/questions/11416386/how-to-access-au-response-sent-from-server-side-at-c ...

  8. MySQL之aborted connections和aborted clients

    影响Aborted_clients 值的可能是客户端连接异常关闭,或wait_timeout值过小. 最近线上遇到一个问题,接口日志发现有很多超时报错,根据日志定位到数据库实例之后发现一切正常,一般来 ...

  9. 【渗透测试学习平台】 web for pentester -2.SQL注入

    Example 1 字符类型的注入,无过滤 http://192.168.91.139/sqli/example1.php?name=root http://192.168.91.139/sqli/e ...

随机推荐

  1. ca77a_c++__一个打开并检查文件输入的程序_流对象_操作文件

    /*ca77a_c++__一个打开并检查文件输入的程序 习题:8.13 8.14*/ /*ca77a_c++__一个打开并检查文件输入的程序 习题:8.13 8.14 */ #include < ...

  2. 05.DRF-Django REST framework 简介

    一.明确REST接口开发的核心任务 分析一下上节的案例,可以发现,在开发REST API接口时,视图中做的最主要有三件事: 将请求的数据(如JSON格式)转换为模型类对象 操作数据库 将模型类对象转换 ...

  3. java中的excel操作

    导入jxl.jar包: 下载个jxl.jar包,然后这个包放在什么位置都行,在你的项目中导入这个包就可以.   具体做法: 项目上右键,点击“属性”, 类别那里选择”库“,点击"添加jar文 ...

  4. WeChair项目Alpha冲刺(10/10)

    团队项目进行情况 1.昨日进展    Alpha冲刺第十天 昨日进展: 前端:安排页面美化,设计实名认证 后端:更新dao层代码 数据库:修改数据表属性,与后端部署数据库交互 2.今日安排 前端:继续 ...

  5. Spring Boot入门系列(十五)Spring Boot 开发环境热部署

    在实际的项目开发过中,当我们修改了某个java类文件时,需要手动重新编译.然后重新启动程序的,整个过程比较麻烦,特别是项目启动慢的时候,更是影响开发效率.其实Spring Boot的项目碰到这种情况, ...

  6. .NET Core请求控制器Action方法正确匹配,但为何404?

    前言 有些时候我们会发现方法名称都正确匹配,但就是找不到对应请求接口,所以本文我们来深入了解下何时会出现接口请求404的情况. 匹配控制器Action方法(404) 首先我们创建一个web api应用 ...

  7. Spring Boot是什么?

    背景 最近因公司需要,开始研究java相关的开发,之前一直从事.net相关开发,所以写的或者理解的不对的地方呢,希望大家批评指正. 首先开发框架吧,就像.net很早之前有asp.net webForm ...

  8. IndentationError: unindent does not match any outer indentation level解决策略

    [亲测有效]Nodepad++/Sublime Text3中Python脚本运行出现语法错误:IndentationError: unindent does not match any outer i ...

  9. 高可用服务注册中心(Eureka-Cluster)

    在实际生产中,我们需要高可用的集群方案,本章就是基于SpringBoot1.5.4 Cloud(Dalston.SR2) 的高可用Eureka Cluster,以及生产中需要注意的事项… - Eure ...

  10. 猿灯塔:疫情冲击,去体验远程面试被怼10分钟,今年Java开发找工作真难

    网行业,美团王兴曾说:“2019年可能会是过去十年里最差的一年,却是未来十年里最好的一年”.没想到预言竟然快成真了? 年前很多企业一波裁员,2020年又受疫情影响,延长了假期,各大企业复工时间拉长,招 ...