├── .gitignore ├── README.md ├── api.key ├── ficls.py ├── kr.py └── zkshs.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ZKShS 2 | Search shodan without any knowledge about its queries. It contains more than 400 implemented filters that can help you to search shodan better than before. 3 | 4 | Implemented filters are in 8 main categories: 5 | 1) SCADA 6 | 2) SERVER 7 | 3) FTP 8 | 4) HTTP 9 | 5) CAM 10 | 6) MODEM/ROUTER 11 | 7) DATABASE 12 | 8) OTHER 13 | 14 | Also, You can use some dynamic filters(city, country, port, os, geo, ip/netmask, hostname, dateab) alongside these filters and for more flexibility you can use your own custom query and combine all 3 filters type(implementerd filters, dynamic filters and your own custom query). 15 | 16 | 17 | --------------------------------- 18 | 19 | #### UPDATE: JUN 2019 20 | 21 | adding alert functions, dns, reverse_dns and also honeypot score 22 | 23 | 24 | 25 | 26 | 27 | --------------------------------- 28 | 29 | 30 | #### UPDATE: OCT 2019 31 | 32 | python3 compatibility 33 | 34 | 35 | 36 | 37 | --------------------------------- 38 | 39 | 40 | #### UPDATE: JUL 2020 41 | 42 | Adding Experimental SMTP Bulk Scanner using shodan 43 | 44 | 45 | 46 | 47 | --------------------------------- 48 | 49 | #### Donation 50 | 51 | ❤️ If you like " ZKShS " and you want support me, you can send me your donations through below channels: 52 | 53 | **BTC**: 3EX7yrrFVyXzrFMCThLUzc4EAPJpjnEdLW (SegWit) 54 | 55 | **ETH**: 0x657841Ab47A56C8dDB3ff6e778bbfd0A5704d77E 56 | 57 | **XRP**: rMeHgx5CQCvzY84EYrY7UCY5NPEECaoFHN - NO Destination TAG 58 | 59 | **DASH**: Xg9M1KXArvE8q2mhAREWpPWU4rAAi2nxFo 60 | 61 | 62 | 63 | 64 | 65 | --------------------------------- 66 | 67 | any ideas and issues are welcomed ;-) 68 | -------------------------------------------------------------------------------- /api.key: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /ficls.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # CLASS FOR FILTERS FUNCTIONS 3 | 4 | import string 5 | import os 6 | import re 7 | import sys 8 | from colorama import Fore, Back, Style 9 | 10 | # ++++++++++++++++ 11 | # SEARCH FILTERS + 12 | # ++++++++++++++++ 13 | 14 | class fcls: 15 | 16 | # +++ Dynamic Filters +++ 17 | city = None 18 | country = None 19 | port = None # string split with ',' 20 | os = None 21 | geo = None # 54.3453453,32.567236 22 | ipnetm = None # ip/netmask exmp: 100.9.0.0/8 string 23 | hostname = None 24 | dateab = None # for after and befor tag string 25 | 26 | # +++ Static Filters +++ 27 | # OTHERE TAGS: 28 | OTHER_TAGs = ['dfp','TorMarket','darkcometRAT','darkcometRAT1','classified','defpass'] 29 | 30 | OTHER_TAGs_VAL = ['default password','''html:"tor" html:"market"''','BF7CAB464EFB','''"8EA4AB05FA7E"''' 31 | ,'classified','''"default password"'''] 32 | 33 | OTHER_TAGs_COM = ['default passwords','tor markets','DarkComet RAT','DarkComet/NJ RAT','classified things' 34 | ,'providing default password'] 35 | 36 | 37 | ### SCADA TAGS: 38 | SCADA_TAGs = ['scmd','scada','idroute','eingatech','climate','akcp_embeded','moxa','simatic' 39 | ,'spidercontrol','modicon','ic_104','siemens_saphir','nport_C','siemensS7','STClimate','ruggedcom' 40 | ,'schneiderPCL','bacnet','hwellEX','OERP','plc','labview','niagara200','ABslc5','adcon','moreclimate' 41 | ,'pdu','thus','seeds','windT','hwellBNA','z_world','entrasys','swbox','inverter','s7siemens','vt' 42 | ,'niagaran','senecLES','pvsolar','sunway','siemensICS','schneidetESC','pvinverter','citrix_app' 43 | ,'photovoltaic','simatic_HMI','simatic_net','simens_simaticHMI','solar_log','rockwellPLC' 44 | ,'siemensPLC','ullage','entelitouch','inverterWI','vtscada_1','solarinverter','fujiSiemens_RMI','nordex' 45 | ,'tacxenta913','avaya','clp80','clpNuclear','moxaSIPg','ion','freezer'] 46 | 47 | SCADA_TAGs_VAL = ['modbus','scada','helmholz','EIG Embedded Web Server','akcp','AKCP Embedded','moxa' 48 | ,'HMI, XP277','powered by SpiderControl TM','modicon','port:2404 ASDU','wince Content-Length: 12581' 49 | ,'''"Model name : 5232-N" port:23''','Portal0000','Stulz GmbH Klimatechnik','GoAhead-Webs InitialPage.asp' 50 | ,'schneider','bacnet','honeywell Excel','openerp','plc','LabView','niagara200','port:161 SLC5' 51 | ,'title:adcon','iq3','Schleifenbauer','THUS plc','SEEDS gateway','''title:"XZERES Wind"''','honeywell BNA' 52 | ,'Z-World Rabbit 200 OK','entrasys','Sunny WebBox','''title:"Inverter Webinterface"''' 53 | ,'siemens s7 S7 Basic Hardware:','Server: VTScada','niagara_audit -login','title:SenecIES' 54 | ,'''title:"PV Solar Inverter"''','Server: emBetter','Original Siemens Equipment Basic Firmware:' 55 | ,'title:logic','''title:"inverter mintor"''','Citrix Applications:','''"IS2 Web Server"''' 56 | ,'Simatic -S7 HMI','Simatic -S7 -HMI','Location: Default.html -apache -nginx -microsoft -etag -goahead -vxworks -jetty -GoAhead 302 -Cookie' 57 | ,'IPC@CHIP title:Start','port:44818','''"plant identification"''','ULLAGE','enteliTOUCH','''title:"Inverter Monitor" "Connection: Close"''' 58 | ,'''"Server: VTS" -IIS -Apache -nginx 401 -500 -Boa -Sitewatch -Apple -httpd -cpsrvd -Ubicom -DCS-6620''' 59 | ,'Server: http:/www.sajbp.com/','serverview','''Jetty 3.1.8 (Windows 2000 5.0 x86) "200 OK"''' 60 | ,'Tac XENTA 913','avaya','CLP port:80','CLP','Console terminal type','''port:23 "Meter ION"''','title:phasefale'] 61 | 62 | SCADA_TAGs_COM = ['modbus','scada','industrial routing','electro industrial gaugetech','climate control' 63 | ,'AKCP Embeded','moxa','simatic','spidercontrol TM','modicon','IC-104','SAPHIR','NPort 5232-N Controllers' 64 | ,'SCADA SIEMENS S7 CP','stulz climate control','ruggedcom','schneider PCL','bacnet','honeywell excel controllers' 65 | ,'OpenERP','PLC','LabView','niagara 200','allen bradley SLC5','adcon telemetry gateway','more climate controls' 66 | ,'power distribution units','THUS PLC','sunEdison Energy and Environment Data System','XZEREZ 422SR Wind Turbine' 67 | ,'honetwell building network adapter','Z_World RABBIT server','Entrasys switches','Sunny WebBox' 68 | ,'inverter webinterface','siemens S7','VTScada ICSA-17-164-01','niagara SCADAOPEN','intelligent energy system' 69 | ,'PV solar inverter logging','sunwaysNT inverter','SiemensICS','schneidet electric scada','PV Inverter' 70 | ,'Citrix','Meteocontrol weblog','Simatic HMI','Simatic HMI 1','Siemens Simatic HMI','solar-log sloar panels' 71 | ,'rockwell','siemens PLCs','ULLAGE','Delta Entelitouch','Inverter webinterface','VTSCADA','Solar Inverter' 72 | ,'Fujitsu-Siemens RMI','Nordex Control2','TAC/XENTA 913','Avaya Switches','CLP port 80','CLP Nuclear' 73 | ,'MOXA Serial/Ip gateway','ION Smart Meters','Freezer Rooms'] 74 | 75 | 76 | ### HTTP TAGS: 77 | HTTP_TAGs = ['cds','austw','microhttpd','winRM','cisco_http','sip80','TechVDVR','apachSRV','allapacheV1' 78 | ,'https','netswi','apccardman','tvood','shbox','photosmart','rrv','allHP','epsonP','NepsonP','chSIP' 79 | ,'Iphonelht','rdadmin','iis30','rd1234','aftele','snomvp','djang','owl','gsGXP','windweb','iis20','iqinvision' 80 | ,'HPp','udpxy','cisco_ios','iis40','routedef','HeatMON','OpenWRT','envisalink','ng','ap','iis5','iis6' 81 | ,'iis7','iis75','iis8','iis85','iis9','iis10','gapache'] 82 | 83 | HTTP_TAGs_VAL = ['CarelDataServer','Auther: Steven Wu','HTTP/1.0 200 Ok Server: micro_httpd Set-Cookie: Name=; path=/' 84 | ,'port:5985 Microsoft-HTTPAPI/2.0','''Cisco “200 OK” port:80''','sip port:80','Techno Vision Security System' 85 | ,'server:apache','''"apache 1.0*" | "apache 1.1*" | "apache 1.2*" | "apache 1.3*" port:80''','HTTPS' 86 | ,'Network Switch','APC Management Card','http Tilgin Vood','''title:"shell in a box"''','Photosmart' 87 | ,'Server:Thin -3.2.11 -3.1.10 -3.0.19 -2.3.15','HP','http 200 server epson -upnp','http 200 server epson_linux upnp' 88 | ,'camera ip','iPhone lighttpd','Default:+admin','''IIS 3.0 -"6.0" -"7.0" -"7.5" -"5.0" -"5.1"''','admin+1234' 89 | ,'''"apache 0.9*" port:80''','snom embedded','WSGIServer','Oracle_Web_Listener','Grandstream GXP','WindWeb' 90 | ,'''IIS+2.0 -"6.0" -"7.0" -"7.5" -"5.0" -"5.1"''','iqinvision','hp/device/this.LCDispatcher','udpxy' 91 | ,'cisco-ios','''IIS 4.0 -"6.0" -"7.0" -"7.5" -"5.0" -"5.1" -"404" -"403" -"302"''' 92 | ,'''Enable and Telnet passwords are configured to "password".''','Z-World Rabbit title:Netmonitor' 93 | ,'OpenWRT','envisalink','nginx','apache','iis/5.0','iis/6.0','iis/7.0','iis/7.5','iis/8.0','iis/8.5' 94 | ,'iis/9.0','iis/10.0','apache hostname:.google.com'] 95 | 96 | HTTP_TAGs_COM = ['Corel Data Server','Auther: Steven Wu','Micro httpd','WINRM 2.0','CISCO','SIP Server' 97 | ,'Techno Vision DVR','apache server','Apache1 all versions','HTTPS','Network Switches','APC Management Card' 98 | ,'sever tilgin vood','shell in a box','HP Photosmart','Ruby on Rail Vulnerability','All HP' 99 | ,'EPSON Network Printers','NEWER EPSON Network Printers','Chinese sip protocol servers','iPhone litehttpd' 100 | ,'Routers that show admin password in banner','IIS3.0 with remove all false positives' 101 | ,'routers with default user admin and default pass 1234','AFHCAN Telehealth','SNOM VOiP','Django' 102 | ,'Oracle Web Listener','Grandstream GXP VOiP','Wind Webserver','IIS2.0 with remove all false positives' 103 | ,'IQeye Cameras - default login root/system','HP Printers','UDPXY','CISCO-IOS','IIS4.0 with remove all false positives' 104 | ,'routers with admin:password on ssh/telnet/http','HeatMiser NetMONITOR','OpenWRT','envisalink alarm controller' 105 | ,'nginx','apache','iis/5.0','iis/6.0','iis/7.0','iis/7.5','iis/8.0','iis/8.5','iis/9.0','iis/10.0' 106 | ,'''google's apache webs'''] 107 | 108 | 109 | ### SERVER TAGS: 110 | SERVER_TAGs = ['bomgar','canhtp','kerCTS','lantronix','weedf','plex','icecast','kasper','cudatel','exch' 111 | ,'chrp','monit','ssm','serv','acpp','jserver','passprotect','ongames','sapnet','tilginvood','iomega' 112 | ,'email','Sapachserv','Einternal','minecraft','enviveo','proxmox','whsl','ps4','sps','andserv','SMAslp' 113 | ,'geovision','logitech','print_server','smallB','NETS_web'] 114 | 115 | SERVER_TAGs_VAL = ['Server: Bomgar','canon port:80','web stream','Lantronix','weed ftpd server','Plex' 116 | ,'Server: Icecast','hostname:kaspersky.com port:80,21,22','title:CudaTel 200','Exchange','CHRP','monit' 117 | ,'''Supervisor status port:"9001"''','server','port:5009 acpp','''"You're successfully running JSON Server"''' 118 | ,'port:80 title:protected','Server: games','server: SAP NetWeaver Application Server','http Tilgin Vood' 119 | ,'''title:"Iomega"''','email','hamburger 200 ok','''hostname:"internal"''','port:25565 Minecraft protocol 340' 120 | ,'4caster','''title:"Proxmox Virtual Environment"''','remote X-AspNet-Version: 4.0.30319','ps4','SyncThru' 121 | ,'''"server: android"''','Server: Sunny WebBox','server:GeoHttpServer','Logitech Media Server -401 -404' 122 | ,'PRINT_SERVER WEB +200 -401 -NeedPassword','''MicrosoftOfficeWebServer 200 "default.htm", title:"welcome to"''' 123 | ,'Server: uc-httpd 1.0.0 200 OK'] 124 | 125 | SERVER_TAGs_COM = ['bomgar support portal','CANON http server','kerio control server','LANTRONIX' 126 | ,'weed ftpd server','Plex Server','ICECAST server','kaspersky','CudaTel communication server login' 127 | ,'microsoft exchange','CHRP','Monit server manager','Supervisor service manager','some server' 128 | ,'apple airport acars server','json server','pass protected dir , it will be good when combined with country filter' 129 | ,'Online Games','SAP NetWeaver','tilginvood','Iomega','email','some apache servers','Exposed Internal servers' 130 | ,'Minecraft servers','Enviveo 4caster','proxmox','Windows Home Sever Logon','PS4','samsung print server' 131 | ,'android server','SMA solar power','GEOVISION','Logitech server','print server','Windows small business server 2003' 132 | ,'NETSurveillance web'] 133 | 134 | 135 | ### FTP TAGS: 136 | FTP_TAGs = ['vsftpd234','dreambox','ftps','bigfix','Sproftpd','Svsftpd','Spureftpd','filezilla','anonftpd' 137 | ,'asus_ftp','anon_granted','anon_granted1','anon_granted2','anon_granted3','anon_granted4','anon_granted5' 138 | ,'anon_granted6','VxWorksFTP','loggedFTP','weed_ftpd','Olog','netgearFTP','ANproftpd','NETprobe','Special_asus' 139 | ,'All_asus_rtn56u','all_ftp','all_ftp1','Sstingray','kgcftp','netgearANON','netgearFTP1','HPftp','NASanon' 140 | ,'amazon_anonftp','micFTPanon','surgeFTP','comCast_anon','loggedFTP','raspberry_ftp','traffic'] 141 | 142 | FTP_TAGs_VAL = ['vsftpd 2.3.4','''dreambox org:"Fastweb" port:23''','ftp 230 -unknown -print','bigfix' 143 | ,'220 ProFTPD 1.3.3a Server (Debian)','vsftpd 2.3.4 port:21','''port:"21" product:"Pure-FTPd"''' 144 | ,'filezilla','''"230 Anonymous user logged in" port:21''','port:21 asus -530','Anonymous access granted -restrictions' 145 | ,'Anonymous access granted','port:21 230','port:21 anonymous','''“Anonymous+access+allowed” connected -530''' 146 | ,'ftp 230 -unknown -print','230','''VxWorks port:21 "logged in"''','''"Logged" port:21''','weed ftpd server' 147 | ,'230 Login successful.','WNDR3800 logged in','''220 ProFTPD Server "anonymous access granted"''','NETProbe' 148 | ,'ASUS RT-N56U 230','ASUS+RT-N56U','ftp','port:21','StingRay FTP Server 3.0.2 220 214','220 KGC FTP Server ready' 149 | ,'NETGEAR- logged in','NETGEAR-WNDR4700 230','230-Hewlett-Packard','port:21 anonymous logged nas' 150 | ,'''org:"Amazon Technologies" port:21 "Login successful" welcome''','''port:21 User logged in product:"Microsoft ftpd"''' 151 | ,'SurgeFTP','LinksysWRT350N Anonymous access granted','''230 "Logged" port:21''','raspbian-7','vri'] 152 | 153 | FTP_TAGs_COM = ['all vsftpd 2.3.4','dreambox ftp server','some ftp servers','bigfix','proftpd 1.3.3a' 154 | ,'vsftpd 2.3.4','pureftpd','filezilla','Anon ftp revised','asus ftp','fully anonymous access granted' 155 | ,'fully anonymous access granted #1','fully anonymous access granted #2','fully anonymous access granted #3' 156 | ,'fully anonymous access granted #4','fully anonymous access granted #5','fully anonymous access granted #6' 157 | ,'VxWorks FTP anonymous','anonymous logged ftp','weed ftpd server','Open FTP servers','NETGEAR ftp login' 158 | ,'proftpd with anonymous access granted','NETProbe','OPEN asus RT-N56U ftp server','asus RT-N56U ftp server' 159 | ,'ftp','ftp #1','Stingray ftp server','KGC ftp server','netgear anonymous loggedin','netgear anon' 160 | ,'HP ftp server','Anon NAS ftp server','amazon anonymous ftp login','Microsoft ftp anonymous','SurgeFTP' 161 | ,'COMCAST ANON ACCESS','logged ftp server , will be good when combined with country filter' 162 | ,'Raspberry can use as ftp','traffic lights'] 163 | 164 | 165 | ### ROUTER TAGS: 166 | ROUTER_TAGs = ['juniper','alcatelRoute','easybox','indosat','ip9000hd','tlspeed','dslrouter','hugeRouter' 167 | ,'openwrtRoute','rompager_route','rom_page','rompager1','tp','dl','zx','lk','ntg','cis','siemensKPN' 168 | ,'someROM0','zhoneR','ubicomEMB','xfinity','mobily','teldat','freetz','netgearR6250','DI804','virginSU' 169 | ,'virginSUrm','superhubMedia','zyxellp','tenda_wless','ufax2','netish','defUP','atlas_adtran','zte_zxr10' 170 | ,'anongateway','virginMedia','ddwrt','wag120_linksys','IOSssh','tpWR841','zyxelVuln','asusRTN12','insecLAN' 171 | ,'cisco_vsat','airstation','asusRTN13','cisco_defconf','dlink_route','dlink_wenI','xfinity_modem','airlive' 172 | ,'_3com','rom0Vuln','D600CP'] 173 | 174 | ROUTER_TAGs_VAL = ['juniper','''"cpm/hops ALCATEL"''','easybox','indosat.com','IP9000HD Web Access' 175 | ,'speedport','''WWW-Authenticate: Basic realm "DSL Router"''','''title:"Protected Object"''' 176 | ,'''HTTP/1.1 200 OK Connection: Keep-Alive Transfer-Encoding: chunked Keep-Alive: timeout=20 ETag: "17b-1a3-541dd9df"''' 177 | ,'Transfer-Encoding: chunked Server: RomPager/4.51 UPnP/1.0 country:MY','rompager','Server: RomPager' 178 | ,'tp-link','d-link','zyxel','linksys','netgear','cisco','Siemens Subscriber Networks','ZXV10 W300' 179 | ,'ZNID24xxA-Router','Ubicom -401','XFINITY http','''"MOBILY"''','port:23 teldat 2001' 180 | ,'WWW-Authenticate: Basic realm Freetz','port:8443 NETGEAR R6250','''realm="DI-804HV"''' 181 | ,'Last-Modified: Fri, 03 Jun 2016 20:05:30 GMT','''port:8443 country:gb org:"Virgin Media" lighttpd''' 182 | ,'''title:"Super Hub | GUI"''','''title:"Web-Based Configurator"''','tenda ADSL2/2' 183 | ,'''HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest qop="auth", realm="www.ufax2.com"''' 184 | ,'''hash:-704822131 port:"53413"''','''"password 1234"''','port:23 mqqqqqqqqk','ZXR10 carrier' 185 | ,'''"IP_SHARER WEB" -realm''','WMRN PoP at Virgin Media','build 13064 200','Linksys WAG120N','''"cisco cp"''' 186 | ,'''router "HTTP/1.1 200 OK"''','''"P-660HW-T1 v3"''','rt-n12e','''"Configure LAN interface"''','cisco router vsat' 187 | ,'Airstation','RT-N13U port:23','IOS one-time port:23','port:80 thttpd alphanetworks','D-LINK SYSTEMS, INC' 188 | ,'''"Server: lighttpd" title:"Xfinity"''','AirLive WT-2000ARM' 189 | ,'''title:"3Com - OfficeConnect ADSL Wireless 11g Firewall Router"''','kr.yl' 190 | ,'''title:"D-LINK SYSTEMS, INC. | WIRELESS ROUTER | HOME" 200'''] 191 | 192 | ROUTER_TAGs_COM = ['juniper','alcatel routers','vodafone easybox','indosat router','IP9000HD Web Access' 193 | ,'telekom speedport','DSL router','huge number of routers','openwrt','rompager routers','rompager' 194 | ,'rompager #1','tplink','dlink','zyxel','linksys','netgear','cisco','siemens KPN routers' 195 | ,'some router with rom0 ip/rom-0','zhone routers','lots of embeded device | most of them are d-link' 196 | ,'XFINITY routers','mobily routers SA','teldat router','Freetz firmware','netgear R6250','DI-804HV' 197 | ,'virgin superhub 3','virgin superhub 3 remote management','virgin superhub','zyxel login panel' 198 | ,'tenda wireless modem','ufax2 npf601','netish potential backdoor','default user and password' 199 | ,'atlas adtran 500 router','ZTE ZXR10 high-end router','anonymous router interface','virgin media backbone' 200 | ,'DD-WRT config page','linksys wag 120 router','cisco IOS with ssh','tp-link WR841','zyxel vulnerable routers' 201 | ,'asus RT-N12E','LANs without sec La Perfecto !!!','cisco vsat router','airstation','asus RT-N13U' 202 | ,'cisco routers that are still in default config','dlink routers','dlink routers web interface','xfinity modems' 203 | ,'airlive adsl routers','3com routers','routers that has rom0 vulnerability','D-link D600 control panel'] 204 | 205 | 206 | ### DATABASE TAG: 207 | DATABASE_TAGs = ['mysql','postgre','mongo','mongo1','riak','elastic','redis','memcached','cassandra','couch'] 208 | 209 | DATABASE_TAGs_VAL = ['product:MySQL','port:5432 PostgreSQL','MongoDB Server Information','product:MongoDB' 210 | ,'port:8087 Riak','port:9200 json','product:Redis','product:Memcached','product:Cassandra','product:CouchDB'] 211 | 212 | DATABASE_TAGs_COM = ['mysql DB','postgre DB','MongoDB','mongoDB 1','Riak DB','elastic DB','Redis DB' 213 | ,'Memcached DB','Cassandra DB','Couch DB'] 214 | 215 | 216 | ### CAM TAGS: WEBCAM , CAMERA & CAM 217 | CAM_TAGs = ['wbc','ctv','dvr','netcam1','easyN','avigilon','wcamXP','wcamXP1','logitecCAM','ipcamFC','netwaveip' 218 | ,'ipcamBA','ipcamBA1','netwaveip1','othipcam','othipcam1','ipcam85open','yc','netwaveip2','avupnp','camAll' 219 | ,'HcamBasic','ic','ic1','basicCAM','ipspeed','foscam','unsecCAM','pavelCAM','hostCAM','tIPcam','Aipcams' 220 | ,'NetCAM','IpVid','DlinkIPCAM','DlinkCAM','boxipcam','foscam_wifi','NTwaveA','CamNi','VidIPcam','MiNiIpCam' 221 | ,'ENipPh','HuawiIpPH','TPlink_Ipcam','andicam','andicam1','tCAM','maygion','maygion1','TeleEye' 222 | ,'TmobileCAM','jaws','trendNet','canonVBC','ciscoCAM','wvc80n','ipcam2','fritz','OBIrisServ','DVRcdown' 223 | ,'SOWC','camWS','NetBotZ','mjpg','mjpg1','IQiN','OCAMS','axis','itron','DVSScam','FlexiDome','iCAN','secSpy' 224 | ,'HomeCAM','PTZicam','PTZ','NUUO','SonyNETCAM','tuxedo','vilar','LNE3003','samsungDVR','dcs5220','galoreIPCAM' 225 | ,'NCC','lightCAM','CAMdork','vivotek','lilin','scCAM','airlink','megapixel','motioneye','NetSurvilanceWEBcam' 226 | ,'inspire','hikvisionNVR','RedLightCAM','RedLight','highDef','loxone','CANONvbm40','DMCS','NCM','polycoms' 227 | ,'HikVision','TeleEyeJV','EverFocus','ANPRC','PIPS','DCS5300','NetCamXL','arecont','chianet','DlinkINetCAM' 228 | ,'vmax','weatherWing','checkstream','go1984','UBNTcam','abelcam','OcamNAU','iCatcher','VScam','ADHweb' 229 | ,'VB100','sqCAMs','CiscoNCAM','imagiatek','bosch','KSC','hipcam','iPolis','maginon','axis_m1103','geovision_ipcam' 230 | ,'timhillone','VulnCAM','speco','heden'] 231 | 232 | CAM_TAGs_VAL = ['webcam','cctv','dvr','netcam','''Server: thttpd Basic realm="index.html"''','Avigilon' 233 | ,'''webcamxp product:"webcamXP httpd"''','webcamxp','logitec -401 -400 -301 -302','IP Webcam Server 0.3' 234 | ,'server: netwave IP camera','''Basic realm="IP camera"''','''www-authenticate: basic realm="cam"''' 235 | ,'''server: IP camera product:"Netwave IP camera http config"''','Server: IP Webcam','Ipcam city' 236 | ,'''html:"PLANET IP"''','yawcam','netwave ip','linux upnp avtech','cam','''Basic realm="home cam"''' 237 | ,'ipcam','IP camera','''basic realm="camera"''','ip speed dome httpd','Content-Length:·2574' 238 | ,'IP Webcam Server 0.2','IP Webcam Server','hostname: cam','Server: ip webcam','Server: Android Webcam Server v0.1' 239 | ,'network camera','ip video server -uc-httpd httpd','''Has_screenshot:"true" "Steven Wu"''' 240 | ,'''server: alphapd "HTTP/1.0 200 OK"''','box ip camera httpd','Server ReeCam IP Camera Content-Length 2574' 241 | ,'Netwave IP Camera Content-Length: 2574','Http has_screenshot:true','IP video+camera','mini dome ip camera httpd' 242 | ,'Enterprise IP phone SIP','huawei -301 -302 -400 -401','''title:"IP CAMERA Viewer" Content-Length: 703''' 243 | ,'Android Webcam Server -Authenticate','Android Webcam Server text/html 200','tablet cam','maygion','IPCamera_Logo' 244 | ,'TeleEye','''server: "live" & "200 OK" org:T-Mobile''','''HTTP/1.1 200 OK Server: JAWS org:"SHATEL DSL Network"''' 245 | ,'trendNet','''title:"Network Camera" 200 ok server: vb''',"""title:'+tm01+'""",'WVC80N','IP_camera' 246 | ,'''title:"FRITZ!App Cam "''','jpegpull.htm','Content-length:3233','''title:"Checking Language..."''' 247 | ,'Server: Camera Web Server/1.0','NetBotz Appliance 200','''title:"MJPG-streamer"''','server:=MJPG-Streamer/0.%' 248 | ,'''IQinVision port:"80"''','has_screenshot: -port:3389 -port:3388 -port:5900 -port:5901 -port:6000' 249 | ,'Content-Length: 695','itron','DVSS-HttpServer','FlexiDome','Server: iCanSystem','''title:"SecuritySpy"''' 250 | ,'''Basic realm="home cam"''','''title:"WVC210 Wireless-G PTZ Internet Camera with Audio"''' 251 | ,'''title:"Network Camera with Pan Tilt"''','''title:"Network Video Recorder"''','''gen5th''','threadx -401 -login' 252 | ,'''title:"Vilar IPCamera Login"''','LNE3003 Wireless IP Camera','''title:"Web Viewer for Samsung DVR" Content-Length: 2524''' 253 | ,'''title:"DCS-5220 IP camera"''','server: boa WWW-Authenticate: Camera','''title:"Network Cube Camera"''' 254 | ,'dcs-lig-httpd','cam it','''"VVTK-HTTP-Server"''','Lilin','''html:"mjpeg"''' 255 | ,'''product:"D-Link/Airlink IP webcam http config"''' 256 | ,'''WWW-Authenticate: Basic realm="Megapixel IP Camera" Pragma: no-cache Cache-Control: no-cache Content-Type: text/html''' 257 | ,'motionEye/','''title:"NETSurveillance WEB" Server: uc-httpd 1.0.0''','Content-Length: 1073','''DNVRS-Webs title:"index"''' 258 | ,'Content-Length: 2861 Cache-Control: max-age=86400','atz executive','iqhttpd','port:8090 Server: HyNetOS/2.0' 259 | ,'release-14 20090318','User logged in proceed ADH FTP SERVER','''"Network Card Manager"''' 260 | ,'''"Here is what I know about myself:" && "HTTP Enabled: True" port:23''','hikvision Content-Length: 1341' 261 | ,'''title:"TeleEye Java Viewer"''','Server: HyNetOS title:EverFocus','''P372 port:"23"''','PIPS AUTOPLATE' 262 | ,'''title:"DCS-5300G" Server: D-Link Internet Camera''','''title:"NetCamXL"''','arecont' 263 | ,'''"Powered by Nodinfo(SECRET!)"''','d-Link Internet Camera, 200 OK','''title:"Login cgicc form"''' 264 | ,'''title:"Weather Wing"''','WEBCAM HTTP/1.1 200 OK Server: MJPG-Streamer/0.2','go1984' 265 | ,'Server: UBNT Streaming Server v1.2','abelcam','''title:"Network Camera VB-M600" 200 ok server: vb ETag:"1279180162"''' 266 | ,'Server: i-Catcher Console','goahead-webs unauthorized port:81','ADH-web','Server: VB100','sq-webcam' 267 | ,'''title:'+tm01+' Content-Length: 4132''','imagiatek ipcam','Server: VCS-VideoJet-Webserver','zmfhaltm' 268 | ,'Hipcam RealServer/V1.0 has_screenshot:true','SAMSUNG iPolis','Server: mcdhttpd/','''product:"AXIS M1103 Network Camera"''' 269 | ,'Server: thttpd PHP','''"webcam" "last-modified"''','''server: "IP-Webcam-Server" "HTTP/%.% 200 OK" Access-Control-Allow-Origin: "%"''' 270 | ,'''WWW-Authenticate "SuperNova"''','netwave ip camera content-length: 372'] 271 | 272 | CAM_TAGs_COM = ['webcam','cctv','dvr','netcam','easyN ipcam','Avigilon camera','webcamxp','webcamXP1' 273 | ,'logitec CAM','IP Webcams Full control','netwave ipcams','IPCAMs with basic AUTH','IPCAMs with basic AUTH' 274 | ,'Another netwave ipcams','another ipcam search','another ipcam search #1','85% are OPEN - PLANET CO' 275 | ,'YAWCAM','another netwave ipcam search','AVTECH UPnP','just all cam','Home CAMs with BASIC AUTH','ipcam' 276 | ,'another ipcam','basic auth camera','ip speed dome httpd','FOSCAM ip camera','UNSECURE CAMERAS' 277 | ,'phone ipcams by pavel khlebovich','hostname CAM','tons of open ipcams','android ipcams','Network CAMERA' 278 | ,'IP video server','Dlink IPCAMs La PERFECTO!!!','Dlink CAM','BOX IPCAMs','FOSCAM WiFi CAMs','NETWAVE admin/blank' 279 | ,'HTTP open CAMs La PERFECTO!!','Video IPCAMs','mini dome IPCAMs','Enterprise IP phone SIP','Huawi webinterface for ip phones' 280 | ,'TPLink IPCAMs','android cam server','android cam server 1','tablet cam','maygion','maygion1','TeleEye - def pass : 000000' 281 | ,'TmobileCAM','JAWS CAM','trendNet CAMs','CANON VB CAM','CISCO CAM','WVC80N','IP_camera','FRITZ CAM' 282 | ,'Open Blue Iris Servers','DVR Component download','Sort of WEBCAMs','CAMERA webservers','NetBotz Appliance' 283 | ,'MJPG streamer','MJPG streamer 1','IQiN CAM','many open cams','AXIS network cam','itron','DVSS cam' 284 | ,'FlexiDome','iCanSystem','Security Spy','Home CAMs','PTZ internet CAM','NET cam with pan/tilt/zoom' 285 | ,'NUUO video recorder','Sony NET CAMs','Tuxedo connected controller','Vilar IPCAM','LNE3003 Wireless IP Camera' 286 | ,'samsung DVR','DCS-5220 ipcam','galore ip cams','Network Cuba CAM','light httpd cams','simple cam dork' 287 | ,'vivotek cams','lilin cam','mjpeg live stream cam','airlink cams','megapixel ipcam','motioneye cam' 288 | ,'NetSurvilance WEBcam','Inspire DVR','Hikvivion NVR CAMs','RedLights CAM','RedLights CAM 1','HighDef CAMs' 289 | ,'Loxone Intercome Video','canon VBM40 CAMs','Dedicated Micro Camera Systems','Network Card Managers' 290 | ,'Polycoms with HTTP access','Hikvision CAM','TeleEye Java Viewer','EverFocus CAM Industrial' 291 | ,'Automatic Number Plate Recognition Camera','PIPS AUTOPLATE','DEC-5300G','NetCamXL Video CAMs' 292 | ,'Arecont vision','chianet nodinfo camera','Dlink Internet CAMs','VMax web viewer','Weather Wing' 293 | ,'mostly open - check stream','go1984 server','UBNT CAMs','abelcam','Open CAMs without AUTH' 294 | ,'i-Catcher Console','Vstar , escam and some others','ADH-web','VB100 CAMs','SQ CAMs','CISCO N-CAMs' 295 | ,'imagiatek ipcams','Bosch webcam','Korean School CAMs','HipCam','samsung iPolis','maginon cam' 296 | ,'AXIS M1103 Network Camera','GeoVision Inc - Ipcam/Video server','timhillone viewer','Vulnerable CAMs' 297 | ,'speco ip cams','Heden brand cams'] 298 | 299 | # +++ help for dynamic filters +++ 300 | def dhelp(self): 301 | print (Fore.YELLOW+'''There are 8 Dynamic Filter. CITY , COUNTRY , PORT , OS , GEO , IPNETM , HOSTNAME , DATEAB. 302 | CITY: With this filter you can restrict your search to an specific city. 303 | COUNTRY: With this filter you can restrict your search to an specific country. 304 | PORT: With this filter you can restrict your search to an specific ports and services. REMEMBER to seprate ports with ',' Exmp: 21,22,23 305 | OS: With this filter you can restrict your search to an specific Operation System. 306 | GEO: With this filter you can restrict your search to an specific Geographic Location. REMEMBER to seprate with ',' Exmp: 37.4,24.4 307 | IPNETM: With this filter you can restrict your search to an specific Ip range or subnet. Exmp: 10.9.0.0/8 308 | HOSTNAME: With this filter you can restrict your search to an specific Hostname/Domain. Exmp: .nist.gov 309 | DATEAB: With this filter you can restrict your search to after/before an specific date. Exmp: before:1/01/2014 310 | NOTE: You can use multiple Dynamic filters and for that, seprate filters with ',' Exmp: city,country,port'''+Style.RESET_ALL) -------------------------------------------------------------------------------- /kr.py: -------------------------------------------------------------------------------- 1 | import string 2 | import os 3 | import re 4 | import sys 5 | from colorama import Fore, Back, Style 6 | 7 | # ++++++++++++++++++++++++++++++++++++++++++++++++ 8 | # READ KEY FROM FILE|ALSO CAN READ MULTIPLE KEYS + 9 | # ++++++++++++++++++++++++++++++++++++++++++++++++ 10 | 11 | class kre: 12 | tkeys = [] 13 | 14 | def ckfile(self): 15 | if (os.path.isfile('api.key')): 16 | kfil = open('api.key','r') 17 | linZ = kfil.readlines() 18 | for line in linZ[0:]: 19 | pline = line.split('\n') 20 | self.tkeys.append(pline[0]) 21 | if (len(self.tkeys) == 0): 22 | kstat = False 23 | else: 24 | kstat = True 25 | else: 26 | kstat = False 27 | return kstat 28 | 29 | def klist(self): 30 | if (self.ckfile()): 31 | print (Fore.GREEN+'[*] Printing API-KEYS:') 32 | for length in range(len(self.tkeys)): 33 | print (str(length)+') '+self.tkeys[length]) # also can use repr(lenght) 34 | else: 35 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 36 | 37 | def kadd(self,initapi): 38 | with open('api.key','a') as kfil: 39 | kfil.write(initapi+'\n') 40 | kfil.close() 41 | print (Fore.GREEN+'[*] Key Added'+Style.RESET_ALL) 42 | 43 | def kdel(self,dapi): 44 | kfil = open('api.key','r') 45 | linZ = kfil.readlines() 46 | kfil.close() 47 | kfil = open('api.key','w') 48 | for line in linZ: 49 | if (line != dapi+'\n'): 50 | kfil.write(line) 51 | kfil.close() 52 | print (Fore.GREEN+'[*] Key Deleted'+Style.RESET_ALL) 53 | 54 | def chokey(self): 55 | print (Fore.GREEN+'\n[*] Printing API-KEYS:') 56 | for length in range(len(self.tkeys)): 57 | print (str(length)+') '+self.tkeys[length]) 58 | try: 59 | keyindex = int(raw_input(Fore.BLUE+'\n[?] Enter the index number of key that you want to be used: ')) 60 | except: 61 | keyindex = int(input(Fore.BLUE+'\n[?] Enter the index number of key that you want to be used: ')) 62 | return self.tkeys[keyindex] 63 | 64 | def help_menu(self): 65 | print (Fore.YELLOW+'''\nThis is help menu for API-KEY functions. 66 | The API-KEY is required to search shodan. You can search shodan without API-KEY but there are some limits 67 | like "YOU CAN NOT USE ANY SPECIFIC FILTER IN YOUR SEARCH WITHOUT API-KEY" and some other limits. 68 | You can list your Keys, Delete any Key or add new Key in API-KEY file. 69 | \nTo list Keys: 70 | python zkshs.py --kf list - - - This will list all Keys that are inside Key file. 71 | \nTo add new Key: 72 | python zkshs.py --kf add --api YOUR_API_KEY - - - This will add the Key inside Key file. 73 | \nTo delete Key: 74 | python zkshs.py --kf del --api YOUR_API_KEY - - - This will delete the Key from Key file. 75 | \n<< Before you do anything, Its IMPORTANT to add at least one API-KEY to the Key file. >>\n'''+Style.RESET_ALL) 76 | -------------------------------------------------------------------------------- /zkshs.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import sys 3 | #reload(sys) 4 | #sys.setdefaultencoding('utf-8') 5 | import requests.packages.urllib3 6 | from json import dumps, loads 7 | import requests 8 | import os 9 | import optparse 10 | import re 11 | from colorama import Fore, Back, Style 12 | import string 13 | import itertools 14 | from optparse import OptionGroup 15 | import smtplib 16 | from kr import kre 17 | from ficls import fcls 18 | 19 | Tversion = 'VERSION 1.0.3' 20 | kc = kre() 21 | fc = fcls() 22 | #requests.packages.urllib3.disable_warnings() 23 | 24 | ################################# 25 | 26 | def listFunc(filtype): 27 | if (filtype == 'scada'): 28 | for fnum in range(len(fc.SCADA_TAGs)): 29 | print (fc.SCADA_TAGs[fnum]) 30 | elif (filtype == 'http'): 31 | for fnum in range(len(fc.HTTP_TAGs)): 32 | print (fc.HTTP_TAGs[fnum]) 33 | elif (filtype == 'server'): 34 | for fnum in range(len(fc.SERVER_TAGs)): 35 | print (fc.SERVER_TAGs[fnum]) 36 | elif (filtype == 'ftp'): 37 | for fnum in range(len(fc.FTP_TAGs)): 38 | print (fc.FTP_TAGs[fnum]) 39 | elif (filtype == 'modem/router'): 40 | for fnum in range(len(fc.ROUTER_TAGs)): 41 | print (fc.ROUTER_TAGs[fnum]) 42 | elif (filtype == 'database'): 43 | for fnum in range(len(fc.DATABASE_TAGs)): 44 | print (fc.DATABASE_TAGs[fnum]) 45 | elif (filtype == 'cam'): 46 | for fnum in range(len(fc.CAM_TAGs)): 47 | print (fc.CAM_TAGs[fnum]) 48 | elif (filtype == 'other'): 49 | for fnum in range(len(fc.OTHER_TAGs)): 50 | print (fc.OTHER_TAGs[fnum]) 51 | elif (filtype == 'dynamic'): 52 | fc.dhelp() 53 | else: 54 | print (Fore.RED+'[!] There is something WRONG with provided value as filter type.'+Style.RESET_ALL) 55 | 56 | ################################# 57 | 58 | def manFunc(cfil): 59 | for fnum in range(len(fc.OTHER_TAGs)): 60 | if (cfil == fc.OTHER_TAGs[fnum].lower()): 61 | print (Fore.YELLOW+fc.OTHER_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 62 | sys.exit() 63 | for fnum in range(len(fc.SCADA_TAGs)): 64 | if (cfil == fc.SCADA_TAGs[fnum].lower()): 65 | print (Fore.YELLOW+fc.SCADA_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 66 | sys.exit() 67 | for fnum in range(len(fc.HTTP_TAGs)): 68 | if (cfil == fc.HTTP_TAGs[fnum].lower()): 69 | print (Fore.YELLOW+fc.HTTP_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 70 | sys.exit() 71 | for fnum in range(len(fc.SERVER_TAGs)): 72 | if (cfil == fc.SERVER_TAGs[fnum].lower()): 73 | print (Fore.YELLOW+fc.SERVER_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 74 | sys.exit() 75 | for fnum in range(len(fc.FTP_TAGs)): 76 | if (cfil == fc.FTP_TAGs[fnum].lower()): 77 | print (Fore.YELLOW+fc.FTP_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 78 | sys.exit() 79 | for fnum in range(len(fc.ROUTER_TAGs)): 80 | if (cfil == fc.ROUTER_TAGs[fnum].lower()): 81 | print (Fore.YELLOW+fc.ROUTER_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 82 | sys.exit() 83 | for fnum in range(len(fc.DATABASE_TAGs)): 84 | if (cfil == fc.DATABASE_TAGs[fnum].lower()): 85 | print (Fore.YELLOW+fc.DATABASE_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 86 | sys.exit() 87 | for fnum in range(len(fc.CAM_TAGs)): 88 | if (cfil == fc.CAM_TAGs[fnum].lower()): 89 | print (Fore.YELLOW+fc.CAM_TAGs_COM[fnum]+'\n'+Style.RESET_ALL) 90 | sys.exit() 91 | print (Fore.RED+'[!] Wrong filter name.'+Style.RESET_ALL) 92 | 93 | ################################# 94 | 95 | def keyF(ftype,key): 96 | if (ftype == 'add'): 97 | if (key): 98 | kc.kadd(key) 99 | else: 100 | print (Fore.RED+'[!] For this API-KEY Function, You should provide API-KEY as an input argument'+Style.RESET_ALL) 101 | elif (ftype == 'del'): 102 | if (key): 103 | kc.kdel(key) 104 | else: 105 | print (Fore.RED+'[!] For this API-KEY Function, You should provide API-KEY as an input argument'+Style.RESET_ALL) 106 | elif (ftype == 'help'): 107 | kc.help_menu() 108 | elif (ftype == 'list'): 109 | kc.klist() 110 | else: 111 | print (Fore.RED+'[!] There is something WRONG with the data that you entered'+Style.RESET_ALL) 112 | 113 | ################################# 114 | 115 | def shprereq(sfilter,dfilter,cq): # FinalQ = Final Query = sfilter+cq+dfilter 116 | if (not sfilter): 117 | sfilter = '' 118 | elif (sfilter): 119 | for fnum in range(len(fc.OTHER_TAGs)): 120 | if (sfilter == fc.OTHER_TAGs[fnum]): 121 | sfilter = fc.OTHER_TAGs_VAL[fnum] 122 | for fnum in range(len(fc.SCADA_TAGs)): 123 | if (sfilter == fc.SCADA_TAGs[fnum]): 124 | sfilter = fc.SCADA_TAGs_VAL[fnum] 125 | for fnum in range(len(fc.HTTP_TAGs)): 126 | if (sfilter == fc.HTTP_TAGs[fnum]): 127 | sfilter = fc.HTTP_TAGs_VAL[fnum] 128 | for fnum in range(len(fc.SERVER_TAGs)): 129 | if (sfilter == fc.SERVER_TAGs[fnum]): 130 | sfilter = fc.SERVER_TAGs_VAL[fnum] 131 | for fnum in range(len(fc.FTP_TAGs)): 132 | if (sfilter == fc.FTP_TAGs[fnum]): 133 | sfilter = fc.FTP_TAGs_VAL[fnum] 134 | for fnum in range(len(fc.ROUTER_TAGs)): 135 | if (sfilter == fc.ROUTER_TAGs[fnum]): 136 | sfilter = fc.ROUTER_TAGs_VAL[fnum] 137 | for fnum in range(len(fc.DATABASE_TAGs)): 138 | if (sfilter == fc.DATABASE_TAGs[fnum]): 139 | sfilter = fc.DATABASE_TAGs_VAL[fnum] 140 | for fnum in range(len(fc.CAM_TAGs)): 141 | if (sfilter == fc.CAM_TAGs[fnum]): 142 | sfilter = fc.CAM_TAGs_VAL[fnum] 143 | if (not cq): 144 | cq = '' 145 | elif (cq): 146 | if (sfilter != ''): 147 | cq = ' '+cq 148 | else: 149 | cq = cq 150 | if (dfilter): 151 | if (sfilter != '' or cq != ''): 152 | dfilter = ' '+dfilterdefine(dfilter) 153 | else: 154 | dfilter = dfilterdefine(dfilter) 155 | elif (not dfilter): 156 | dfilter = '' 157 | FinalQ = sfilter+cq+dfilter 158 | if (FinalQ == ''): 159 | print (Fore.RED+'[!] Your entered data as the filter(s) was incorrect. Check and try again.\n\n'+Style.RESET_ALL) 160 | sys.exit() 161 | if (kc.ckfile()): 162 | if (len(kc.tkeys) == 1): 163 | #shmainReq(FinalQ,kc.tkeys[0],options.limitN,options.pageN) 164 | result = shmainReq(FinalQ,kc.tkeys[0],options.limitN,options.pageN) 165 | for Mcount in range(len(result['matches'])): 166 | print (Fore.GREEN+str(result['matches'][Mcount]['ip_str'])+' '+Fore.YELLOW+str(result['matches'][Mcount]['port'])+' '+Fore.MAGENTA+str(result['matches'][Mcount]['isp'])+' '+Fore.BLUE+str(result['matches'][Mcount]['location']['country_name'])+' '+Fore.WHITE+repr(result['matches'][Mcount]['data'])+Style.RESET_ALL) 167 | else: 168 | apikey = kc.chokey() 169 | #shmainReq(FinalQ,apikey,options.limitN,options.pageN) 170 | result = shmainReq(FinalQ,apikey,options.limitN,options.pageN) 171 | for Mcount in range(len(result['matches'])): 172 | print (Fore.GREEN+str(result['matches'][Mcount]['ip_str'])+' '+Fore.YELLOW+str(result['matches'][Mcount]['port'])+' '+Fore.MAGENTA+str(result['matches'][Mcount]['isp'])+' '+Fore.BLUE+str(result['matches'][Mcount]['location']['country_name'])+' '+Fore.WHITE+repr(result['matches'][Mcount]['data'])+Style.RESET_ALL) 173 | sys.exit() 174 | else: 175 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 176 | sys.exit() 177 | 178 | ################################# 179 | 180 | def dfilterdefine(dfilter): 181 | wholeDF = '' 182 | df = ['city','country','port','os','geo','ipnetm','hostname','dateab'] 183 | dfarray = [] 184 | print (Fore.GREEN+'[*] You choosed to use Dynamic Filter(s) ...') 185 | for fttype in dfilter.split(','): 186 | dfarray.append(fttype) 187 | dfarrayND = list(set(dfarray)) 188 | for kount in range(len(dfarrayND)): 189 | if (dfarrayND[kount].lower() == df[0]): 190 | try: 191 | fc.city = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 192 | except: 193 | fc.city = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 194 | wholeDF = 'city:'+fc.city 195 | elif (dfarrayND[kount].lower() == df[1]): 196 | try: 197 | fc.country = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 198 | except: 199 | fc.country = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 200 | if (fc.city): 201 | wholeDF += ' country:'+fc.country 202 | else: 203 | wholeDF += 'country:'+fc.country 204 | elif (dfarrayND[kount].lower() == df[2]): 205 | try: 206 | fc.port = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 207 | except: 208 | fc.port = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 209 | if (fc.city or fc.country): 210 | wholeDF += ' port:'+fc.port 211 | else: 212 | wholeDF += 'port:'+fc.port 213 | elif (dfarrayND[kount].lower() == df[3]): 214 | try: 215 | fc.os = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 216 | except: 217 | fc.os = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 218 | if (fc.city or fc.country or fc.port): 219 | wholeDF += ' os:'+fc.os 220 | else: 221 | wholeDF += 'os:'+fc.os 222 | elif (dfarrayND[kount].lower() == df[4]): 223 | try: 224 | fc.geo = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 225 | except: 226 | fc.geo = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 227 | if (fc.city or fc.country or fc.port or fc.os): 228 | wholeDF += ' geo:'+fc.geo 229 | else: 230 | wholeDF += 'geo:'+fc.geo 231 | elif (dfarrayND[kount].lower() == df[5]): 232 | try: 233 | fc.ipnetm = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 234 | except: 235 | fc.ipnetm = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 236 | if (fc.city or fc.country or fc.port or fc.os or fc.geo): 237 | wholeDF += ' '+fc.ipnetm 238 | else: 239 | wholeDF += ''+fc.ipnetm 240 | elif (dfarrayND[kount].lower() == df[6]): 241 | try: 242 | fc.hostname = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 243 | except: 244 | fc.hostname = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 245 | if (fc.city or fc.country or fc.port or fc.os or fc.geo or fc.ipnetm): 246 | wholeDF += ' hostname:'+fc.hostname 247 | else: 248 | wholeDF += 'hostname:'+fc.hostname 249 | elif (dfarrayND[kount].lower() == df[7]): 250 | try: 251 | fc.dateab = str(raw_input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 252 | except: 253 | fc.dateab = str(input(Fore.YELLOW+'[?] Please Enter value for '+dfarrayND[kount].lower()+': ')) 254 | if (fc.city or fc.country or fc.port or fc.os or fc.geo or fc.ipnetm or fc.hostname): 255 | wholeDF += ' '+fc.dateab 256 | else: 257 | wholeDF += ''+fc.dateab 258 | if (wholeDF == ''): 259 | print (Fore.RED+'[!] Your Entered data as Dynamic Filter(s) was WRONG. Continue with other filter(s) ...'+Style.RESET_ALL) 260 | return wholeDF 261 | 262 | 263 | ################################# 264 | 265 | def shmainReq(Squery,Skey,limitQ,pageQ): 266 | if (limitQ != None): 267 | if (pageQ != None): 268 | limitpage = '&limit='+limitQ+'&page='+pageQ 269 | else: 270 | limitpage = '&limit='+limitQ 271 | else: 272 | if (pageQ != None): 273 | limitpage = '&page='+pageQ 274 | else: 275 | limitpage = '' 276 | try: 277 | responseDATA = requests.get('https://api.shodan.io/shodan/host/search?query='+Squery+'&key='+Skey+limitpage) 278 | if (responseDATA.status_code == 401): 279 | try: 280 | print (Fore.RED+'[!] '+str(responseDATA.json()['error'])+Style.RESET_ALL) 281 | except Exception as e: 282 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 283 | sys.exit() 284 | responseDATA = loads(responseDATA.text) # responseDATA.text OR responseDATA.content 285 | if (responseDATA.get('error', None)): 286 | print (Fore.RED+'[!] '+str(responseDATA['error'])+Style.RESET_ALL) 287 | sys.exit() 288 | else: 289 | return responseDATA 290 | #for Mcount in range(len(responseDATA['matches'])): 291 | # print (Fore.GREEN+str(responseDATA['matches'][Mcount]['ip_str'])+' '+Fore.YELLOW+str(responseDATA['matches'][Mcount]['port'])+' '+Fore.MAGENTA+str(responseDATA['matches'][Mcount]['isp'])+' '+Fore.BLUE+str(responseDATA['matches'][Mcount]['location']['country_name'])+' '+Fore.WHITE+repr(responseDATA['matches'][Mcount]['data'])+Style.RESET_ALL) 292 | except Exception as e: 293 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 294 | sys.exit() 295 | 296 | 297 | ################################# 298 | 299 | 300 | def Hchecker(tip): 301 | if (kc.ckfile()): 302 | if (len(kc.tkeys) == 1): 303 | api_key = kc.tkeys[0] 304 | else: 305 | api_key = kc.chokey() 306 | else: 307 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 308 | try: 309 | response = requests.get('https://api.shodan.io/labs/honeyscore/'+tip+'?key='+api_key) 310 | if (response.status_code == 401): 311 | try: 312 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 313 | except Exception as e: 314 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 315 | sys.exit() 316 | else: 317 | response = loads(response.text) 318 | print (Fore.GREEN+str(response)+Style.RESET_ALL) 319 | except Exception as e: 320 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 321 | 322 | 323 | ################################# 324 | 325 | 326 | def dnscheck(hname): 327 | if (kc.ckfile()): 328 | if (len(kc.tkeys) == 1): 329 | api_key = kc.tkeys[0] 330 | else: 331 | api_key = kc.chokey() 332 | else: 333 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 334 | try: 335 | response = requests.get('https://api.shodan.io/dns/resolve?hostnames='+hname+'&key='+api_key) 336 | if (response.status_code == 401): 337 | try: 338 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 339 | except Exception as e: 340 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 341 | sys.exit() 342 | else: 343 | response = loads(response.text) 344 | for item in hname.split(','): 345 | print (Fore.GREEN+item+': '+str(response[item])+Style.RESET_ALL) 346 | except Exception as e: 347 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 348 | 349 | 350 | ################################# 351 | 352 | 353 | def Rdnscheck(rev_ip): 354 | if (kc.ckfile()): 355 | if (len(kc.tkeys) == 1): 356 | api_key = kc.tkeys[0] 357 | else: 358 | api_key = kc.chokey() 359 | else: 360 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 361 | try: 362 | response = requests.get('https://api.shodan.io/dns/reverse?ips='+rev_ip+'&key='+api_key) 363 | if (response.status_code == 401): 364 | try: 365 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 366 | except Exception as e: 367 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 368 | sys.exit() 369 | else: 370 | response = loads(response.text) 371 | for item in rev_ip.split(','): 372 | if (not response[item]): 373 | print (Fore.YELLOW+'None for '+item+Style.RESET_ALL) 374 | else: 375 | print (Fore.GREEN+item+': '+str(response[item][0])+Style.RESET_ALL) 376 | except Exception as e: 377 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 378 | 379 | 380 | ################################# 381 | 382 | 383 | def newalert(name,target,expire_time): 384 | if (kc.ckfile()): 385 | if (len(kc.tkeys) == 1): 386 | api_key = kc.tkeys[0] 387 | else: 388 | api_key = kc.chokey() 389 | else: 390 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 391 | if (not expire_time): 392 | json_data = {'name': name,'filters': {'ip': target}, 'key': api_key} 393 | else: 394 | json_data = {'name': name,'filters': {'ip': target}, 'expires': expire_time, 'key': api_key} 395 | try: 396 | response = requests.post('https://api.shodan.io/shodan/alert', data=json_data) 397 | if (response.status_code == 401): 398 | try: 399 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 400 | except Exception as e: 401 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 402 | sys.exit() 403 | else: 404 | response = loads(response.text) 405 | print (Fore.GREEN+'alert created and '+Style.RESET_ALL) 406 | #print (loads(response.text)['error']) 407 | except Exception as e: 408 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 409 | 410 | 411 | ################################# 412 | 413 | 414 | def alertinfo(alert_id): 415 | if (kc.ckfile()): 416 | if (len(kc.tkeys) == 1): 417 | api_key = kc.tkeys[0] 418 | else: 419 | api_key = kc.chokey() 420 | else: 421 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 422 | try: 423 | response = requests.get('https://api.shodan.io/shodan/alert/'+alert_id+'/info?key='+api_key) 424 | if (response.status_code == 401): 425 | try: 426 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 427 | except Exception as e: 428 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 429 | sys.exit() 430 | else: 431 | response = loads(response.text) 432 | print (Fore.GREEN+'alert name: '+str(response['name'])+Fore.MAGENTA+' created date: '+str(response['created'])+Fore.BLUE+' ip: '+str(response['filters']['ip'][0])+Fore.YELLOW+' id: '+str(response['id'])) 433 | except Exception as e: 434 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 435 | 436 | 437 | ################################# 438 | 439 | 440 | def alertdel(alert_id): 441 | if (kc.ckfile()): 442 | if (len(kc.tkeys) == 1): 443 | api_key = kc.tkeys[0] 444 | else: 445 | api_key = kc.chokey() 446 | else: 447 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 448 | try: 449 | response = requests.delete('https://api.shodan.io/shodan/alert/'+alert_id+'?key='+api_key) 450 | if (response.status_code == 401): 451 | try: 452 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 453 | except Exception as e: 454 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 455 | sys.exit() 456 | else: 457 | response = loads(response.text) 458 | print (Fore.GREEN+'Your specified alert deleted'+Style.RESET_ALL) 459 | except Exception as e: 460 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 461 | 462 | 463 | ################################# 464 | 465 | 466 | def alertlist(): 467 | if (kc.ckfile()): 468 | if (len(kc.tkeys) == 1): 469 | api_key = kc.tkeys[0] 470 | else: 471 | api_key = kc.chokey() 472 | else: 473 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 474 | try: 475 | response = requests.get('https://api.shodan.io/shodan/alert/info?key='+api_key) 476 | if (response.status_code == 401): 477 | try: 478 | print (Fore.RED+'[!] '+str(response.json()['error'])+Style.RESET_ALL) 479 | except Exception as e: 480 | print (Fore.RED+'[!] Invalid API key'+Style.RESET_ALL) 481 | sys.exit() 482 | else: 483 | response = loads(response.text) 484 | for alertcount in range(len(response)): 485 | print (Fore.GREEN+'alert name: '+str(response[alertcount]['name'])+Fore.MAGENTA+' created date: '+str(response[alertcount]['created'])+Fore.BLUE+' ip: '+str(response[alertcount]['filters']['ip'][0])+Fore.YELLOW+' id: '+str(response[alertcount]['id'])) 486 | except Exception as e: 487 | print (Fore.RED+'[!] Failed, Try Again.\t'+str(e)+Style.RESET_ALL) 488 | 489 | 490 | ################################# 491 | 492 | 493 | def POpenRelay(portNum,Msender,Mreceiver,Mdata): 494 | Mcontent = '''From: <%s> 495 | TO: <%s> 496 | Content-Type: text/plain; charset=iso-8859-1 497 | %s''' %(Msender,Mreceiver,Mdata) 498 | smtpquery = 'smtp port:%s' %portNum 499 | if (kc.ckfile()): 500 | if (len(kc.tkeys) == 1): 501 | smtpRES = shmainReq(smtpquery,kc.tkeys[0],options.limitN,options.pageN) 502 | else: 503 | apikey = kc.chokey() 504 | smtpRES = shmainReq(smtpquery,apikey,options.limitN,options.pageN) 505 | for Mcount in range(len(smtpRES['matches'])): 506 | if (('smtps' in repr(smtpRES['matches'][Mcount]['data']).lower()) or ('esmtp' in repr(smtpRES['matches'][Mcount]['data']).lower())): 507 | smtpTRG = smtplib.SMTP_SSL(port=portNum,timeout = 15) 508 | tlsu = True 509 | else: 510 | smtpTRG = smtplib.SMTP(port=portNum,timeout = 15) 511 | tlsu = False 512 | try: 513 | smtpTRG.connect(str(smtpRES['matches'][Mcount]['ip_str'])) 514 | if (tlsu): 515 | smtpTRG.starttls() 516 | smtpTRG.ehlo('google.com') 517 | smtpTRG.sendmail(Msender,Mreceiver,Mcontent) 518 | smtpTRG.quit() 519 | print (Fore.RED+'[!]VULNERABLE[!]'+Style.RESET_ALL) 520 | except Exception as e: 521 | if (('500' in str(e)) or ('501' in str(e))): 522 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tSyntax Error - Maybe Vulnerable'+Style.RESET_ALL) 523 | elif ('503' in str(e)): 524 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tBad sequence of commands, or requires authentication - Maybe Vulnerable'+Style.RESET_ALL) 525 | elif ('504' in str(e)): 526 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tCommand parameter is not implemented - Vulnerable'+Style.RESET_ALL) 527 | elif (('510' in str(e)) or ('511' in str(e))): 528 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tBad email address - Maybe Vulnerable'+Style.RESET_ALL) 529 | elif ('512' in str(e)): 530 | print(Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tHost server for the recipient`s domain name cannot be found in DNS - Maybe Vulnerable'+Style.RESET_ALL) 531 | elif ('513' in str(e)): 532 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tAddress type is incorrect - Maybe Vulnerable'+Style.RESET_ALL) 533 | elif ('530' in str(e)): 534 | print (Fore.GREEN+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tAuthentication problem - SAFE'+Style.RESET_ALL) 535 | elif ('541' in str(e)): 536 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tThe recipient address rejected your message - Vulnerable'+Style.RESET_ALL) 537 | elif ('550' in str(e)): 538 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tNon-existent email address - Maybe Vulnerable'+Style.RESET_ALL) 539 | elif ('551' in str(e)): 540 | print (Fore.GREEN+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tUser not local or invalid address - relay denied - SAFE'+Style.RESET_ALL) 541 | elif ('552' in str(e)): 542 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tExceeded storage allocation - Vulnerable'+Style.RESET_ALL) 543 | elif ('553' in str(e)): 544 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tMailbox name invalid - Maybe Vulnerable'+Style.RESET_ALL) 545 | elif ('554' in str(e)): 546 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+'\tTransaction has failed - Maybe Vulnerable'+Style.RESET_ALL) 547 | else: 548 | print(Fore.MAGENTA+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(portNum)+' - Protocol Problem(try again): \t'+str(e)+Style.RESET_ALL) 549 | sys.exit() 550 | else: 551 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 552 | sys.exit() 553 | 554 | 555 | ################################# 556 | 557 | 558 | def noPOpenRelay(Msender,Mreceiver,Mdata): 559 | Mcontent = '''From: <%s> 560 | TO: <%s> 561 | Content-Type: text/plain; charset=iso-8859-1 562 | %s''' %(Msender,Mreceiver,Mdata) 563 | #smtpquery = 'smtp port:%s' %portNum 564 | if (kc.ckfile()): 565 | if (len(kc.tkeys) == 1): 566 | smtpRES = shmainReq('smtp',kc.tkeys[0],options.limitN,options.pageN) 567 | else: 568 | apikey = kc.chokey() 569 | smtpRES = shmainReq('smtp',apikey,options.limitN,options.pageN) 570 | for Mcount in range(len(smtpRES['matches'])): 571 | if (('smtps' in repr(smtpRES['matches'][Mcount]['data']).lower()) or ('esmtp' in repr(smtpRES['matches'][Mcount]['data']).lower())): 572 | smtpTRG = smtplib.SMTP_SSL(port=smtpRES['matches'][Mcount]['port'],timeout = 15) 573 | tlsu = True 574 | else: 575 | smtpTRG = smtplib.SMTP(port=smtpRES['matches'][Mcount]['port'],timeout = 15) 576 | tlsu = False 577 | try: 578 | smtpTRG.connect(str(smtpRES['matches'][Mcount]['ip_str'])) 579 | if (tlsu): 580 | smtpTRG.starttls() 581 | smtpTRG.ehlo('google.com') 582 | smtpTRG.sendmail(Msender,Mreceiver,Mcontent) 583 | smtpTRG.quit() 584 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\t[!]VULNERABLE[!]'+Style.RESET_ALL) 585 | except Exception as e: 586 | if (('500' in str(e)) or ('501' in str(e))): 587 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tSyntax Error - Maybe Vulnerable'+Style.RESET_ALL) 588 | elif ('503' in str(e)): 589 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tBad sequence of commands, or requires authentication - Maybe Vulnerable'+Style.RESET_ALL) 590 | elif ('504' in str(e)): 591 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tCommand parameter is not implemented - Vulnerable'+Style.RESET_ALL) 592 | elif (('510' in str(e)) or ('511' in str(e))): 593 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tBad email address - Maybe Vulnerable'+Style.RESET_ALL) 594 | elif ('512' in str(e)): 595 | print(Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tHost server for the recipient`s domain name cannot be found in DNS - Maybe Vulnerable'+Style.RESET_ALL) 596 | elif ('513' in str(e)): 597 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tAddress type is incorrect - Maybe Vulnerable'+Style.RESET_ALL) 598 | elif ('530' in str(e)): 599 | print (Fore.GREEN+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tAuthentication problem - SAFE'+Style.RESET_ALL) 600 | elif ('541' in str(e)): 601 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tThe recipient address rejected your message - Vulnerable'+Style.RESET_ALL) 602 | elif ('550' in str(e)): 603 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tNon-existent email address - Maybe Vulnerable'+Style.RESET_ALL) 604 | elif ('551' in str(e)): 605 | print (Fore.GREEN+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tUser not local or invalid address - relay denied - SAFE'+Style.RESET_ALL) 606 | elif ('552' in str(e)): 607 | print (Fore.RED+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tExceeded storage allocation - Vulnerable'+Style.RESET_ALL) 608 | elif ('553' in str(e)): 609 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tMailbox name invalid - Maybe Vulnerable'+Style.RESET_ALL) 610 | elif ('554' in str(e)): 611 | print (Fore.YELLOW+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+'\tTransaction has failed - Maybe Vulnerable'+Style.RESET_ALL) 612 | else: 613 | print(Fore.MAGENTA+str(smtpRES['matches'][Mcount]['ip_str'])+':'+str(smtpRES['matches'][Mcount]['port'])+' - Protocol Problem(try again): \t'+str(e)+Style.RESET_ALL) 614 | sys.exit() 615 | else: 616 | print (Fore.RED+'[!] There is something WRONG with Key file(Maybe its EMPTY or Key file NOT EXISTS)'+Style.RESET_ALL) 617 | sys.exit() 618 | 619 | 620 | ################################# 621 | 622 | 623 | if __name__=='__main__': 624 | print (Fore.CYAN + ''' 625 | _____ __ _ __ 626 | / _ / /\ /\/ _\ |__ / _\ 627 | \// / / //_/\ \| '_ \\ \ 628 | / //\/ __ \ _\ \ | | |\ \ 629 | /____/\/ \/ \__/_| |_\__/ 630 | 631 | coded by Z3r0''') 632 | print (Fore.RED + '''\t\t\t\t\t\t\tCodename - ZEROARY\n\n''') 633 | print (Fore.CYAN + ''' 634 | This is ' ZKShS '. With this you can search shodan without any knowledge about 635 | its queries. Most Queries and Filters have been implemented inside that and 636 | you can choose which one you want to use. 637 | It contains more than 400 filters to help you search shodan better. 638 | If you want to list implemented queries, use ' --listing ' command. 639 | This prints all implemented filters in its kind. 640 | If you want to see info about each filter, use ' --man ' command. 641 | There is possibilty to execute custom queries and if you want to search shodan 642 | with your own query, you can use ' --cquery ' command. 643 | Now, You can use DNS/Reverse_DNS/honeypot checking services and 644 | using alert service to monitor a network range. 645 | For Open Relay Bulk Scanner, you can provide page & limit filters(IF YOU WISH),if 646 | you dont provide these filters, results will be just for first page. 647 | ALERT FUNCTIONS ARE EXPERIMENTAL. 648 | << I extremly suggest to Read description for query that you want to use. >> 649 | '''+Style.RESET_ALL) 650 | parser = optparse.OptionParser( version = Tversion ) 651 | group = OptionGroup(parser,'Filter Options') 652 | group.add_option('--listing', action='store' , dest='listf' , help='will list related filters [ Two kind of filters are available static: (scada, http, server, ftp, modem/router, database, cam, other) and dynamic. For static filters you should specify type, like scada or any of them but for dynamic filters just use dynamic ]' , type='string') 653 | group.add_option('--man', action='store', dest='fname' , help='will print description for selected static filter') 654 | group.add_option('--sfil', action='store', dest='stfilter' , help='static filter') 655 | group.add_option('--dfil', action='store', dest='dyfilter' , help='dynamic filter') 656 | group.add_option('--cquery', action='store', dest='cqu' , help='will use your custom query | can combine with choosed filter') 657 | group.add_option('--pnum', action='store', dest='pageN' , help='will return your requested page of the searched data') 658 | group.add_option('--qlimit', action='store', dest='limitN' , help='will limit the returned data') 659 | parser.add_option_group(group) 660 | group = OptionGroup(parser,'Api-Key Options') 661 | group.add_option('--kf', action='store', dest='keyfunk' , help='Add or Delete Key(s), print API-KEY help menu and also list all KEYs [default is list KEYs - add|del|help|list]' , type='string') 662 | group.add_option('--api', action='store', dest='api_key' , help='API-KEY') 663 | parser.add_option_group(group) 664 | group = OptionGroup(parser,'HoneyPot Checker') 665 | group.add_option('--honeycheck', action='store_true', default=False, dest='honeycheck', help='Calculates honeypot probability score ranging from 0 (not a honeypot) to 1.0 (is a honeypot) of target ip') 666 | group.add_option('--hoip', action='store', dest='honey_ip', help='IP address of target to check if it is honeypot or not') 667 | parser.add_option_group(group) 668 | group = OptionGroup(parser,'DNS/Reverse_DNS') 669 | group.add_option('--dhost', action='store', dest='dns_host', help='hostname(s) - separated with comma') 670 | group.add_option('--rdnsip', action='store', dest='rdns_IP', help='IP(s) for reverse DNS - separated with comma') 671 | parser.add_option_group(group) 672 | group = OptionGroup(parser,'Network Alert') 673 | group.add_option('--calert', action='store_true', default=False, dest='create_alert', help='create a network alert for a defined IP/netblock which can be used to subscribe to changes/ events that are discovered within that range.') 674 | group.add_option('--alertname', action='store', dest='alert_name', help='defind name for created alert') 675 | group.add_option('--alerttarget', action='store', dest='alert_target', help='target IP/netblock for alert') 676 | group.add_option('--alertexp', action='store', dest='alert_expire', help='Number of seconds that the alert should be active(OPTIONAL)') 677 | group.add_option('--alertid', action='store', dest='alert_id', help='alert id to check its info') 678 | group.add_option('--alertin', action='store_true', default=False, dest='alert_info', help='alert info command') 679 | group.add_option('--dalert', action='store_true', default=False, dest='delete_alert', help='deleting alert with specified alert id') 680 | group.add_option('--lalerts', action='store_true',default=False, dest='list_alerts', help='List whole activated alerts of your account') 681 | parser.add_option_group(group) 682 | group = OptionGroup(parser,'SMTP OpenRelay bulk Scanner') 683 | group.add_option('--orscan', action='store_true', default=False, dest='orelay_scan', help='SMTP OpenRelay Bulk Scanner') 684 | group.add_option('--orport', action='store', dest='orelay_port', help='SMTP OpenRelay Bulk Scanner`s port definition', type='int') 685 | group.add_option('--mto', action='store', dest='mailto', help='Sender Address') 686 | group.add_option('--mfr', action='store', dest='mailfrom', help='Receiver Address') 687 | group.add_option('--mdt', action='store', dest='maildata', help='Receiver Address') 688 | parser.add_option_group(group) 689 | options,_ = parser.parse_args() 690 | ### 691 | if (options.listf and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.pageN and options.limitN and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.fname and options.honey_ip and options.rdns_IP and options.stfilter and options.dyfilter and options.cqu and options.keyfunk and options.api_key and options.dns_host and options.honeycheck)): 692 | listFunc(options.listf.lower()) 693 | ### 694 | elif (options.fname and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.pageN and options.limitN and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.listf and options.honey_ip and options.rdns_IP and options.stfilter and options.dyfilter and options.cqu and options.keyfunk and options.api_key and options.dns_host and options.honeycheck)): 695 | manFunc(options.fname.lower()) 696 | ### 697 | elif (options.stfilter or options.dyfilter or options.cqu and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.keyfunk and options.honey_ip and options.rdns_IP and options.api_key and options.fname and options.listf and options.dns_host and options.honeycheck)): 698 | shprereq(options.stfilter,options.dyfilter,options.cqu) 699 | ### 700 | elif (options.keyfunk and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.pageN and options.limitN and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.fname and options.honey_ip and options.stfilter and options.dyfilter and options.rdns_IP and options.cqu and options.listf and options.dns_host and options.honeycheck)): 701 | keyF(options.keyfunk.lower(),options.api_key) 702 | ### 703 | elif (options.honeycheck and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.pageN and options.limitN and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.keyfunk and options.fname and options.stfilter and options.rdns_IP and options.dyfilter and options.dns_host and options.cqu and options.listf)): 704 | if (options.honey_ip): 705 | Hchecker(options.honey_ip) 706 | else: 707 | print (Fore.RED+'[!] You did not Enter The Target IP Address'+Style.RESET_ALL) 708 | ### 709 | elif (options.dns_host and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.rdns_IP and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 710 | dnscheck(options.dns_host) 711 | ### 712 | elif (options.rdns_IP and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.dns_host and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 713 | Rdnscheck(options.rdns_IP) 714 | ### 715 | elif (options.create_alert and options.alert_name and options.alert_target and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.alert_id and options.list_alerts and options.delete_alert and options.alert_info and options.rdns_IP and options.dns_host and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 716 | newalert(options.alert_name,options.alert_target,options.alert_expire) 717 | ### 718 | elif (options.alert_id and options.alert_info and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.create_alert and options.alert_name and options.alert_target and options.list_alerts and options.delete_alert and options.rdns_IP and options.dns_host and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 719 | alertinfo(options.alert_id) 720 | ### 721 | elif (options.alert_id and options.delete_alert and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.create_alert and options.alert_name and options.alert_target and options.list_alerts and options.alert_info and options.rdns_IP and options.dns_host and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 722 | alertdel(options.alert_id) 723 | ### 724 | elif (options.list_alerts and not (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and options.orelay_port and options.create_alert and options.alert_name and options.alert_target and options.alert_id and options.delete_alert and options.alert_info and options.rdns_IP and options.dns_host and options.honey_ip and options.keyfunk and options.honeycheck and options.fname and options.stfilter and options.dyfilter and options.cqu and options.listf)): 725 | alertlist() 726 | ### 727 | elif (options.maildata and options.mailfrom and options.mailto and options.orelay_scan and not (options.listf and options.alert_id and options.alert_name and options.alert_target and options.alert_expire and options.create_alert and options.list_alerts and options.delete_alert and options.alert_info and options.fname and options.honey_ip and options.rdns_IP and options.stfilter and options.dyfilter and options.cqu and options.keyfunk and options.api_key and options.dns_host and options.honeycheck)): 728 | if (options.orelay_port): 729 | POpenRelay(options.orelay_port,options.mailfrom,options.mailto,options.maildata) 730 | else: 731 | print (Fore.YELLOW+"*** You didnt specified port, it will check smtp servers on all ports ***"+Style.RESET_ALL) 732 | noPOpenRelay(options.mailfrom,options.mailto,options.maildata) 733 | ### 734 | else: 735 | parser.print_help() 736 | sys.exit() 737 | print(Style.RESET_ALL) 738 | --------------------------------------------------------------------------------