pydan - tool to interface with Shodan API
pydan.py [OPTION]... (-q STRING | --host IP | -e STRING) -o FILE
pydan is a tool that provides a way to easily use the Shodan API (using your own API key) and try to perform some analysis to find interesting and possibly vulnerable devices.
To use pydan you will need to download and install the Shodan Python API. The last time I checked PyPI didn't have the latest version of the api, so I suggest cloning/downloading the api from the Github page and installing via:
python setup.py install
- Name of file to read line-separated arguments from. If an argument is supplied in FILE and at the command line, the value at the command line is used.
<dt> -h, --help</dt> <dd> Shows help message.</dd> <dt> -k KEY, --key KEY</dt> <dd> Shodan API key.</dd> <dt> -o FILE, --output FILE</dt> <dd> (REQUIRED) Write output to FILE. Pydan outputs all its data to this file in XML format.</dd> <dt> -x FILE, --xml FILE</dt> <dd> Name of XML file to import and perform operations on locally. If this option isn't given then an api key must be supplied. This option allows pydan to perform some analysis on results exported from Shodan's website (to save your api query count).</dd> <dt> --fingerprint</dt> <dd> (EXPERIMENTAL) Attempt to fingerprint devices based on their banner's. This option will use the Shodan API to try to figure out what type of device something is based on its banner response. (incompatible with -e option)</dd> <dt> --xlookup</dt> <dd> Attempt to find exploits on the types of devices found. This option will try to find possible exploits for the various types of servers found from a query. (incompatible with -e option)</dd> <dt> -v, --verbose</dt> <dd> Verbose mode.</dd>
###### ACTIONS The following are the main actions pydan can perform. These are mutually exclusive and at least one must be chosen.
- -q STRING, --query STRING
- String used to query Shodan. This is the same as what you would type into the search bar on Shodan's web interface.
<dt> -f File Name, --file File Name</dt> <dd> File name of list of queries to run</dd> <dt> --host IP</dt> <dd> IP of single host to lookup. This will check if Shodan has scanned this IP before, and (if so) it will retrieve all the information Shodan had for it.</dd> <dt> -e STRING, --exploit STRING</dt> <dd> String used to query for exploits. This will search Shodan's ExploitDb for any exploits matching the search STRING.</dd>
To search Shodan for devices using the term "webcam" and save the results to a file "results.xml":
python pydan.py -k 123FAKEKEY -q webcam -o results.xml
Sometimes the amount of options needed on the command line gets too long. To alleviate this problem we can declare all command line options in a configuration file. To run the above example this way we first have to create a configuration file which we'll name "webcam.conf" and then specify this file when running pydan:
-k 123FAKEKEY -q webcam -o results.xml
python pydan.py @webcam.conf
It is also possible to combine the previous two examples; that is, the API key is in a configuration file (which can be ignored in your gitignore file) and the options are manually entered. The following will produce the same results as the two examples above:
Then, this time, use:
python pydan.py @apikey.conf -q webcam -o results.xml