Merge 7a11be8 into e4e60fa

README.md

@@ -18,6 +18,7 @@ Ryo is a yet another website recon tool powered by Ruby.
 - [x] Directory & File brute force
 - [x] DNS dig
   -  By using [Google Public DNS](https://developers.google.com/speed/public-dns/)
+- [x] Shodan search
 - [x] Subdomain discovery
   - By using [DNSDumpster](https://dnsdumpster.com/) and [FindSubdomains](https://findsubdomains.com/)
 - [x] Website's technology detection
@@ -43,11 +44,14 @@ Commands:
   ryo discover URL    # Run discovery plugin(s) against a given URL
   ryo dns URL         # Discover DNS records of a given URL
   ryo help [COMMAND]  # Describe available commands or one specific command
+  ryo shodan URL      # Discover Shodan information of a given URL
   ryo subdomain URL   # Discover subdomains of a given URL
   ryo tech URL        # Discover used technolgies of a given URL
   ryo whois URL       # Discover whois information of a given URL
 ```
 
+In order to use Shodan search, please set your Shodan API key as `SHODAN_API_KEY` environment variable.
+
 **Example:**
 
 ```sh

lib/ryo.rb

@@ -20,6 +20,7 @@ def self.discover(uri, options)
     h = {}
     h[:dir] = Plugin::Dir.discover(target.uri) if options[:dir] || options[:all]
     h[:dns] = Plugin::DNS.discover(target.domain) if options[:dns] || options[:all]
+    h[:shodan] = Plugin::Shodan.discover(target.ip) if options[:shodan] || options[:all]
     h[:subdomain] = Plugin::Subdomain.discover(target.fld) if options[:subdomain] || options[:all]
     h[:tech] = Plugin::Tech.discover(target.uri) if options[:tech] || options[:all]
     h[:whois] = Plugin::Whois.discover(target.domain) if options[:whois] || options[:all]

lib/ryo/cli.rb

@@ -14,6 +14,12 @@ def dns(url)
       puts hash.to_json
     end
 
+    desc "shodan URL", "Discover Shodan information of a given URL"
+    def shodan(url)
+      hash = run_discovery(url, shodan: true)
+      puts hash.to_json
+    end
+
     desc "subdomain URL", "Discover subdomains of a given URL"
     def subdomain(url)
       hash = run_discovery(url, subdomain: true)
@@ -34,6 +40,7 @@ def whois(url)
 
     desc "discover URL", "Run discovery plugin(s) against a given URL"
     method_option :dir, type: :boolean, default: false
+    method_option :shodan, type: :boolean, default: false
     method_option :subdomain, type: :boolean, default: false
     method_option :tech, type: :boolean, default: false
     method_option :whois, type: :boolean, default: false

lib/ryo/plugin.rb

@@ -2,6 +2,7 @@
 
 require_relative "./plugin/dir"
 require_relative "./plugin/dns"
+require_relative "./plugin/shodan"
 require_relative "./plugin/subdomain"
 require_relative "./plugin/tech"
 require_relative "./plugin/whois"

lib/ryo/plugin/shodan.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "shodanz"
+
+module Ryo
+  module Plugin
+    class Shodan
+      attr_reader :client
+      def initialize
+        raise ArgumentError, "Please set your Shodan API key via ENV['SHODAN_API_KEY']" unless ENV["SHODAN_API_KEY"]
+        @client = Shodanz.client.new
+      end
+
+      def discover(ip)
+        ip == "N/A" ? { error: "Invalid IP" } : client.rest_api.host(ip)
+      end
+
+      def self.discover(ip)
+        begin
+          new.discover(ip)
+        rescue ArgumentError => e
+          { error: e.to_s }
+        end
+      end
+    end
+  end
+end

lib/ryo/target.rb

@@ -25,6 +25,13 @@ def fld
       end
     end
 
+    def ip
+      @ip ||= String.new.tap do |out|
+        h = Plugin::DNS.new(domain).dig("A")
+        out << (h.dig("Answer")&.first&.dig("data") || "N/A")
+      end
+    end
+
     private
 
     def tlds

ryo.gemspec

@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "dotenv", "~> 2.5"
   spec.add_development_dependency "glint", "~> 0.1"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
@@ -34,6 +35,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "http", "~> 3.3"
   spec.add_dependency "oga", "~> 2.15"
+  spec.add_dependency "shodanz", "~> 1.0"
   spec.add_dependency "simple_whatweb", "~> 0.2"
   spec.add_dependency "thor", "~> 0.19"
   spec.add_dependency "thread", "~> 0.2.2"

spec/cli_spec.rb

@@ -12,6 +12,16 @@
       expect(json).to be_a(Hash)
     end
   end
+  describe "#shodan" do
+    before {
+      allow(Ryo::Plugin::Shodan).to receive(:discover).and_return({})
+    }
+    it "should output a JSON" do
+      output = capture(:stdout) { subject.start %w(shodan http://localhost) }
+      json = JSON.parse(output)
+      expect(json).to be_a(Hash)
+    end
+  end
   describe "#subdomain" do
     before {
       allow(Ryo::Plugin::Subdomain).to receive(:discover).and_return({})
@@ -65,6 +75,7 @@
     before {
       allow(Ryo::Plugin::Dir).to receive(:discover).and_return({})
       allow(Ryo::Plugin::DNS).to receive(:discover).and_return({})
+      allow(Ryo::Plugin::Shodan).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Subdomain).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Tech).to receive(:discover).and_return({})
       allow(Ryo::Plugin::Whois).to receive(:discover).and_return({})