· 5 years ago · Aug 28, 2020, 05:16 PM
1try:
2
3 import shodan
4 import requests
5 from bs4 import BeautifulSoup
6
7except ImportError as e:
8 print("Error: %s \n" % (e))
9 print("Try this ... pip install -r /path/to/requirements.txt")
10
11from utils.color import Color
12
13class Search(object):
14
15 """docstring for ClassName"""
16 def __init__(self, api, dork='"DisallowedHost"', limit=None, offset=None, timeout=None) :
17
18 self.shodan = shodan.Shodan(api)
19 self.limit = limit
20 self.offset = offset
21 self.timeout = timeout
22
23 self._urls = []
24 self.color = Color()
25
26
27 try:
28
29 results = self.shodan.search(dork, limit=self.limit, offset=offset)
30 matches = results['matches']
31 total = results['total']
32
33
34 print('{} Shodan found {} hosts with debug mode enabled'.format(self.color.status("[+]"), total))
35 print("{} Looking for secret keys wait a moment ..\n".format(self.color.yellows("[!]")))
36
37 for match in matches:
38
39 self.ipadress = match['ip_str']
40 self.port = match['port']
41 self.hostnames = match['hostnames']
42 self.org = match['org']
43 self.domains = match['domains']
44 self.city = match['location']['city']
45 self.country = match['location']['country_name']
46
47 # Skip hosts with SSL
48 if self.port == 443 :
49 continue
50
51 self._urls.append(['http://{}:{}'.format(self.ipadress, self.port)])
52
53 except shodan.APIError as error:
54 print("error: {}".format(error))
55 pass
56
57 @property
58 def urls(self):
59 return self._urls
60
61 def load(self, urls):
62
63 for url in urls:
64 counter = 0
65 mapping = (
66 'DB_HOST',
67 'AWS',
68 'MYSQL',
69 'RDS_HOSTNAME',
70 'ADMIN_USER',
71 'RABBITMQ_HOST',
72 'WALLET_RW_HOST',
73 'POSTGRES_PASSWORD',
74 'KYC_API_KEY',
75 'DATABASE_URL',
76 'AUTO_RECRAW_HOST',
77 'BONANZA_API_KEY',
78 'CELERY',
79 'MWS_ACCESS_KEY',
80 'PROXY_SECRET',
81 'KEEPA_API',
82 'MONGODB_PASSWORD',
83 'SCRAPYMONGO_PASSWORD',
84 'FACE_ID_DB_PASSWORD',
85 'AWS_SECRET_ACCESS_KEY',
86 'GOOGLE_OAUTH2_CLIENT_SECRET',
87 'POSTGRES_PASSWORD',
88 'DJANGO_SECRET_KEY',
89 'FIREBASE_SERVER_KEY',
90 'GOOGLE_API_KEY',
91 'SSH_PASSWORD',
92 'SSH_AUTH',
93 'RABBITMQ_DEFAULT_PASS',
94 'AWS_SECRET_KEY',
95 'AWS_S3_BUCKET',
96 'SENDGRID_PASSWORD',
97 'PAYU_KEY',
98 'DHL_API_CLIENT_SECRET',
99 'LIGHT_PASSWORD',
100 'DB_PASSWORD',
101 'ATEL_AUTH_SECRET',
102 'GPG_KEY',
103 'Facebook',
104 'Google',
105 'Yahoo',
106 'Github',
107 'Stack',
108 'GEOSERVER',
109 'RDS_PASSWORD',
110 'SMTP_PASSWORD'
111 ) # Interesting keywords ('DisallowedHost at /', 'DisallowedHost', 'KeyError', 'OperationalError', 'Page not found at /', '')
112
113 self.hostname = ', '.join(str(hostname) for hostname in self.hostnames)
114 self.domain = ', '.join(str(domain) for domain in self.domains)
115
116 try:
117 request = requests.get('{}'.format(url), timeout=self.timeout)
118 html = BeautifulSoup(request.text, 'html.parser')
119
120 keys = []
121
122 for key in mapping :
123 if key in html.prettify():
124 keys.append(key)
125
126 keys = ', '.join(str(key) for key in keys) # Keywords found
127
128 if len(keys) != 0:
129 print("[+] Possible exposed credentials on {}".format(request.url))
130 print('[+] Secret keys found {}\n'.format(self.color.error(keys)))
131 # some information about the host
132 fichier = open('awssmtp.txt', 'a')
133 print("\tOrganization: {}\n\tHostnames: {}\n\tDomains: {}\n\tCity: {}\n\tCountry: {}\n".format(self.org, self.hostname, self.domain, self.city, self.country), file=fichier)
134
135 except requests.exceptions.RequestException as error:
136 continue
137 # Keep track of how many results have been downloaded so we don't use up all our query credits
138 counter += 1
139 if counter >= self.limit:
140 break