## 3. Basic API Script

The goal of this activity is to learn how to use the Shodan API to perform queries and develop a report based on the information returned.

#### 3.1. Installation and Configuration

Before you begin, you need to install the **Shodan** or **Censys** library on your machine, if you haven’t already:

In [None]:
%pip install shodan
%pip install censys

Once installed, **import it into your archive** and enter your **API Key** to be able to use its features. In order to a query in Shodan, you should need these two functions:

In [None]:
import shodan 

api = shodan.Shodan('YOURAPIKEY') 
results = api.search('shodans_query', limit=X)

#### 3.1. Task description

Using the Shodan API, you need to perform a query that meets the following conditions: 

 - The HTTP title must say Login. 
 - The devices must have port 80 open. 
 - Limit the results to 1000.

The reason of scanning these types of devices it is because they often include web-based administration panels or interfaces that are publicly accessible. Identifying such devices with open HTTP ports and login pages is crucial because they can be easy targets for attackers if not properly secured. By analyzing them, we can assess the global exposure of potentially vulnerable systems, raise awareness about insecure configurations, and help prioritize mitigation efforts based on vulnerability presence and distribution. 

After making the query, I suggest that you save the results in a JSON file to preserve tokens. This will allow your partners to work and ensure they have enough tokens to make the query. 

Next, you need to start developing a report with the information extracted from the query and saved in the JSON file. Remember that you need to read the data from the previously saved file

The report must include the following topics: 

- A map where you mark the coordinates of all scanned devices with dots. The dots should have different colors depending on the number of devices at each location (1 device = light green, 2 devices = yellow, 3–5 devices = orange, 6–10 devices = red, more than 10 devices = black). You must use a legend to represent these differences. 

- A pie chart analyzing the distribution of devices by country. Since many countries may appear, you should display the top 8 countries with the most connected devices. The remaining countries should be grouped under a category named ”Others.” 

- Another pie chart showing the distribution of devices with and without vulnerabilities. 

- A barchart showing the number of vulnerabilities by CVSS rating. This should not be related to the countries.

- A bar chart showing the top 10 countries with the most vulnerable devices. 

- 3 stacked bar charts showing the top 10 ISPs, autonomous systems, and organizations. Each chart should display the difference between IPs with and without vulnerabilities.  

- Another bar chart showing the top 10 IPs with the most vulnerabilities. Essentially, you need to count the number of vulnerabilities per vulnerable IP. In this chart, you need to make a comment related with any of IPs with many vulnerabilities. 

- A dot chart showing the relationship between CVSS and EPSS.

Finally, as a last step, you must create a list that includes all the vulnerabilities found across the scanned devices. For each vulnerability, the list should display the following information: the IP address, the CVE identifier, the CVSS score, the EPSS score, whether the vulnerability is verified, a brief part of the summary, and the number of references associated with it.    

Below is an example of the expected format:

![List of vulns](listVulns.png)

All these charts and maps need to be included in a report where you analyze the scanned information and describe it in detail. 

To complete this task, it is recommended that you check the official Shodan API documentation: https://developer.shodan.io/api.