A shodan library written in ruby
$ gem install rbshodan
require "rbshodan"
client = rbshodan.client.new(key: "YOUR_API_KEY")
-
shodan search methods
-
host search
client.host_search("mongodb")
client.host_search("nginx")
client.host_search("apache", after: "1/12/16")
client.host_search("ssh", port: 22, page: 1)
client.host_search("ssh", port: 22, page: 2)
client.host_search("ftp", port: 21, facets: { link: "Ethernet or modem" })
Returns all services that have been found on the given host IP.
client.host("0.0.0.0")
client.host("0.0.0.0", history: true)
client.host("0.0.0.0", minify: true)
Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.
client.host_search("mongodb")
client.host_search("nginx")
client.host_search("apache", after: "1/12/16")
client.host_search("ssh", port: 22, page: 1)
client.host_search("ssh", port: 22, page: 2)
client.host_search("ftp", port: 21, facets: { link: "Ethernet or modem" })
Use this method to request Shodan to crawl an IP or netblock.
client.scan("0.0.0.0")
Use this method to request Shodan to crawl the Internet for a specific port.
This method is restricted to security researchers and companies with a Shodan Data license. To apply for access to this method as a researcher, please email jmath@shodan.io
with information about your project. Access is restricted to prevent abuse.
client.crawl_for(port: 80, protocol: "http")
Use this method to obtain a list of search queries that users have saved in Shodan.
client.community_queries
client.community_queries(page: 2)
client.community_queries(sort: "votes")
client.community_queries(sort: "votes", page: 2)
client.community_queries(order: "asc")
client.community_queries(order: "desc")
Look up the IP address for the provided list of hostnames.
client.resolve("google.com")
client.resolve("google.com", "bing.com")
Look up the hostnames that have been defined for the given list of IP addresses.
client.reverse_lookup("74.125.227.230")
client.reverse_lookup("74.125.227.230", "204.79.197.200")
Shows the HTTP headers that your client sends when connecting to a webserver.
client.http_headers
Get your current IP address as seen from the Internet.
client.my_ip
Calculates a honeypot probability score ranging from 0 (not a honeypot) to 1.0 (is a honeypot).
client.honeypot_score('0.0.0.0')
This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain ASNs.
client.banners_within_asns(3303, 32475) do |data|
# do something with banner data
puts data
end
This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in devices located in certain countries.
client.banners_within_countries("DE", "US", "JP") do |data|
# do something with banner data
puts data
end
Only returns banner data for the list of specified ports. This stream provides a filtered, bandwidth-saving view of the Banners stream in case you are only interested in a specific list of ports.
client.banners_on_ports(21, 22, 80) do |data|
# do something with banner data
puts data
end
Subscribe to banners discovered on all IP ranges described in the network alerts.
client.alerts do |data|
# do something with banner data
puts data
end
Subscribe to banners discovered on the IP range defined in a specific network alert.
client.alert("HKVGAIRWD79Z7W2T") do |data|
# do something with banner data
puts data
end
Search across a variety of data sources for exploits and use facets to get summary information.
client.exploits_api.search("python") # Search for python vulns.
client.exploits_api.search(port: 22) # Port number for the affected service if the exploit is remote.
client.exploits_api.search(type: "shellcode") # A category of exploit to search for.
client.exploits_api.search(osvdb: "100007") # Open Source Vulnerability Database ID for the exploit.
This method behaves identical to the Exploits API search
method with the difference that it doesn't return any results.
client.exploits_api.count("python") # Count python vulns.
client.exploits_api.count(port: 22) # Port number for the affected service if the exploit is remote.
client.exploits_api.count(type: "shellcode") # A category of exploit to search for.
client.exploits_api.count(osvdb: "100007") # Open Source Vulnerability Database ID for the exploit.