├── .token ├── README.md ├── karma_v1 └── karma_v1.png /.token: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ![Follow on Twitter](https://img.shields.io/twitter/follow/Dheerajmadhukar?style=social) 4 | 5 | ## `Do check the latest one: KARMA_V2 (https://github.com/Dheerajmadhukar/karma_v2)` 6 | 7 | 8 | ## What is this? 9 | **KARMA_v1** 10 | is a simple bash script automation that can talk to [Shodan](https://shodan.io) Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports, Products, Hostname, Server Details. 11 | 12 | 13 | ## What's special about this tool? 14 | 15 | * Powerful and flexible results via Shodan Dorks 16 | * SSL SHA1 checksum/fingerprint Search 17 | * Only hit In-Scope IPs 18 | * Verify each IP with SSL/TLS certificate issuer match RegEx 19 | * Find out all ports including well known/uncommon 20 | * Grab all targets vulnerabilities related to CVEs 21 | * Banner grab for each IP & Product 22 | 23 | 24 | ***Its (karma_v1) a bit slow due to shodan API rate limit.*** 25 | 26 | 27 | #### **This VERSION (karma_v1) limit to 1000 IPs/Results only. NEW UPDATES WILL BE ADDED SOON ;)** 28 | 29 | 30 | 31 | ## Installation 32 | ### 1. Clone the repo 33 | ```bash 34 | # git clone https://github.com/Dheerajmadhukar/karma_v1.git 35 | ``` 36 | ### 2. Install shodan python module 37 | ```bash 38 | # pip3 install shodan 39 | ``` 40 | ### 3. Install JSON Parser [JQ] 41 | ```bash 42 | # apt install jq -y 43 | ``` 44 | ### 4. Install httpx [@pdiscoveryio](https://github.com/projectdiscovery/httpx) to probe the requests 45 | ```bash 46 | # GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx 47 | ``` 48 | ### 5. Install Interlace [@codingo](https://github.com/codingo/Interlace.git) to multithread [Follow the codingo interlace repo instructions] 49 | ```bash 50 | Clone https://github.com/codingo/Interlace.git & install accordingly. 51 | ``` 52 | 53 | ## Ok, how do I use it? 54 | ```bash 55 | # cat > .token 56 | SHODAN_PREMIUM_API_HERE 57 | ``` 58 | ```bash 59 | # bash karma_v1 target.tld 60 | 61 | Output will be saved in output/target.tld-YYY-MM-DD directory 62 | ``` 63 |

64 | Dheerajmadhukar 65 |
66 |

67 | 68 | Some example usage: 69 | 70 | ```bash 71 | # bash karma_v1 target.tld 72 | ``` 73 | ##### Requirements 74 | - shodan python module [ pip3 install shodan ] 75 | - anew [@tomnomnom](https://github.com/tomnomnom/anew) 76 | - jq [ apt install jq -y ] 77 | - httpx [@pdiscoveryio](https://github.com/projectdiscovery/httpx) 78 | - Interlace [@codingo](https://github.com/codingo/Interlace.git) 79 | -------------------------------------------------------------------------------- /karma_v1: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | target=$1 3 | red="\e[31m" 4 | blink="\e[5m" 5 | green="\e[32m" 6 | yellow="\e[33m" 7 | right=$(printf '\xE2\x9C\x94') 8 | end="\e[0m" 9 | 10 | 11 | BASE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 12 | shodan_bin="shodan" 13 | jq_bin="jq" 14 | interlace_bin="interlace" 15 | httpx_bin="httpx" 16 | sleep_time="5" 17 | api="${BASE_DIR}/.token" 18 | 19 | 20 | echo "${target}" | grep -E '^([a-zA-Z0-9](([a-zA-Z0-9-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$' &> /dev/null 21 | if [[ "$?" -eq 0 ]];then 22 | ## 23 | ${shodan_bin} init `cat ${api}` &> /dev/null 24 | BASE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 25 | folder=${target}-$(date '-I') 26 | rm -rf output/${folder} > /dev/null 27 | mkdir -p output/${folder};cd output/${folder} 28 | mkdir IP_VULNS 29 | 30 | # shodan && httpx && interlace && jq 31 | "${shodan_bin}" --help > /dev/null 2>&1 32 | if [[ ! $? -eq 0 ]]; then 33 | printf "\n[${red}!${end}] ${yellow}Error: Unable to find ${shodan_bin}. Make sure it installed OR \n\t - pip3 install shodan${end}\n";exit 1 34 | fi 35 | "${httpx_bin}" --help > /dev/null 2>&1 36 | if [[ ! $? -eq 0 ]]; then 37 | printf "\n[${red}!${end}] ${yellow}Error: Unable to find ${httpx_bin}. Make sure it installed OR \n\t - GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd/httpx${end}\n";exit 1 38 | fi 39 | "${interlace_bin}" --help > /dev/null 2>&1 40 | if [[ ! $? -eq 0 ]]; then 41 | printf "\n[${red}!${end}] ${yellow}Error: Unable to find ${interlace_bin}. Make sure it installed OR \n\t - Clone https://github.com/codingo/Interlace.git${end}\n";exit 1 42 | fi 43 | "${jq_bin}" --help > /dev/null 2>&1 44 | if [[ ! $? -eq 0 ]]; then 45 | printf "\n[${red}!${end}] ${yellow}Error: Unable to find ${jq_bin}. Make sure it installed OR \n\t - apt install jq -y${end}\n";exit 1 46 | fi 47 | 48 | shodan stats --facets ssl.cert.fingerprint ssl:"${target}"|grep -Eo "[[:xdigit:]]{40}" | grep -v "^[[:blank:]]*$" | anew -q /tmp/fingerprints.txt 49 | 50 | o=$(cat /tmp/fingerprints.txt|while read -r line;do ${shodan_bin} download ${BASE_DIR}/output/${folder}/ssl_SHA1_${line}.json.gz ssl.cert.fingerprint:\"$line\" 2> /dev/null|grep "Saved";sleep 2;done);printf "${green}\n$o${end}\n" 51 | 52 | rm /tmp/fingerprints.txt > /dev/null 53 | 54 | o=$(${shodan_bin} download ${BASE_DIR}/output/${folder}/ssl_domain_${target}.json.gz ssl:"${target}" 2> /dev/null|grep "Saved");printf "${green}\n$o${end}\n" 55 | o=$(${shodan_bin} download ${BASE_DIR}/output/${folder}/ssl_issuer_${target}.json.gz ssl.cert.issuer.cn:"${target}" 2> /dev/null|grep "Saved");printf "${green}\n$o${end}\n" 56 | o=$(${shodan_bin} download ${BASE_DIR}/output/${folder}/org_domain_${target}.json.gz org:"${target}" 2> /dev/null|grep "Saved");printf "${green}\n$o${end}\n" 57 | echo "--------------------------------" 58 | ${shodan_bin} parse --fields ip_str,asn,hostnames,port,product,org --separator "," ${BASE_DIR}/output/${folder}/*.json.gz | anew -q ${BASE_DIR}/output/${folder}/main_${target}.data &> /dev/null 59 | if [[ -f "main_$target.data" ]];then 60 | cat main_${target}.data | cut -d"," -f1 | sort -u | ${httpx_bin} -threads 500 -silent | ${interlace_bin} -threads 100 -c "echo _target_; curl --insecure -v _target_ 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'" --silent | egrep "https:\/\/|CN\=|issuer: " | grep -v "^[[:blank:]]*$" | grep -B 1 "${target}$" | grep -Eo '(http|https)://[^/"]+' | tee alive_ips.txt 61 | else 62 | exit 1 63 | fi 64 | cd IP_VULNS;cat ../alive_ips.txt|grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"|awk -F":" '{print $1}'|while read -r line;do ${shodan_bin} host -S $line &> /dev/null;sleep 5;echo -n ">>Hang On<<";done 65 | echo -e "\n" 66 | ls -1 | while read -r x; do 67 | #IPs 68 | printf "[${right}] ${red}IP:${end} ${green}$(zcat $x | jq -r 'select(.ip_str != null)|.ip_str' | sort -u | sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}')\n"${end} 69 | #Ports 70 | printf "[${right}] ${red}Ports:${end} ${green}$(zcat $x | jq -r 'select(.port != null)|.port' | sort -u | sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}')\n"${end} 71 | #CVEs 72 | o=$(zcat $x | jq -r '.vulns | to_entries[] | select(.key != null) |.key' 2> /dev/null|sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}');if [ -z "$o" ];then printf "[${right}] ${red}CVEs:${end} ${yellow}No results found\n"${end};else printf "[${right}] ${red}CVEs:${end} ${green}$o \n"${end};fi 73 | #Org 74 | printf "[${right}] ${red}Org:${end} ${green}$(zcat $x | jq -r 'select(.org != null)|.org' | sort -u | sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}')\n"${end} 75 | #HTTP Server 76 | printf "[${right}] ${red}Servers:${end} ${green}$(zcat $x | jq -r '.http|select(.server != null)|.server' | sort -u | sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}')\n"${end} 77 | #Products 78 | printf "[${right}] ${red}Products:${end} ${green}$(zcat $x | jq -r 'select(.product != null)|.product' | sort -u | sed -n '1h;2,$H;${g;s/\n/, /g;s/<----- key \(start\|stop\) ----->//g;p}')\n"${end} 79 | echo "----------------------" 80 | done 81 | ## 82 | else 83 | printf "[${red}!${end}] ${yellow}Domain ${target} seems down or invalid. Make sure its a valid one.${end}\n" 84 | fi 85 | -------------------------------------------------------------------------------- /karma_v1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Dheerajmadhukar/karma_v1/1f7c992c3c05c985122020e0fe7ad8673ce23f2e/karma_v1.png --------------------------------------------------------------------------------