├── .env
├── .gitignore
├── README.md
├── kibanarec.py
└── requirements.txt


/.env:
--------------------------------------------------------------------------------
1 | [shodan]
2 | key = YOURSHODANAPIKEY
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .env
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # kibanarec
 2 | A Tool to Extract Open Kibana Instances on Internet and Map them to their Corresponding Organizations for Bug Bounty.
 3 | 
 4 | ## Installation
 5 | Requirements:
 6 | - Python3 
 7 | - Shodan API Key
 8 | 
 9 | Steps to install:
10 | - Replace SHODANAPIKEY in .env file with your SHODAN API KEY.
11 | - Run `pip3 install -r requirements.txt` to install dependencies.
12 | - Run `python3 kibanarec.py -o file.txt` where `file.txt`is the output file.
13 | 
14 | ## How it works?
15 | The script gets the data from Shodan. It will output a file in comma-seperated format in which you will find *open* Kibana instances and their corresponding organizations based on SSL certificates.
16 | 


--------------------------------------------------------------------------------
/kibanarec.py:
--------------------------------------------------------------------------------
 1 | import shodan
 2 | import time
 3 | import requests
 4 | import argparse
 5 | import configparser
 6 | 
 7 | from termcolor import colored
 8 | 
 9 | __author__ = "lekssays"
10 | __license__ = "GPLv3"
11 | __version__ = "1.0.0"
12 | 
13 | def banner():
14 |     print('''
15 |          _    _ _                                     
16 |         | | _(_) |__   __ _ _ __   __ _ _ __ ___  ___ 
17 |         | |/ / | '_ \ / _` | '_ \ / _` | '__/ _ \/ __|
18 |         |   <| | |_) | (_| | | | | (_| | | |  __/ (__ 
19 |         |_|\_\_|_.__/ \__,_|_| |_|\__,_|_|  \___|\___|
20 |                                                       
21 |         ''')
22 |     print(colored("Author: Ahmed Lekssays (@Lekssays)", "magenta"))
23 |     print(colored("Version {} \n\n", "magenta").format(__version__))
24 | 
25 | def parse_args():
26 |     parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
27 |     parser.add_argument('-o','--output',
28 |                         dest = "output",
29 |                         help = "Name of the file where results will be stored.",
30 |                         default = "kibana_results.txt",
31 |                         required = False)
32 |     return parser.parse_args()
33 | 
34 | def write(entry, filename):
35 |     out = open(filename, "a")
36 |     out.write(entry + "\n")
37 |     out.close()
38 | 
39 | def checkValidity(host, issued_to, filename):
40 |     print(colored("[*] INFO: Checking " + host + "...", 'cyan'))
41 |     url = "https://" + host + "/app/kibana#/home?_g=()"
42 |     try:
43 |         r = requests.get(url, allow_redirects=False, verify=False, timeout=10)
44 |         body = str(r.content)
45 |         entry = host + ", " + issued_to
46 |         if "APM" in body:
47 |             print(colored("[+] SUCCESS: " + entry, 'green'))
48 |             write(entry, filename)
49 |         else:
50 |             print(colored("[+] FAILED: " + entry, 'red'))
51 |     except Exception as e:
52 |         print('Error: {}'.format(e))
53 |         pass
54 | 
55 | def getHosts(filename):
56 |     secret = configparser.RawConfigParser()
57 |     secret.read('.env')
58 |     SHODAN_API_KEY = secret["shodan"]["key"]
59 |     api = shodan.Shodan(SHODAN_API_KEY)
60 | 
61 |     try:
62 |         for p in range(1, 150):
63 |             query = 'title:"kibana" port:"443"'
64 |             results = api.search(query, page=p)
65 |             for result in results['matches']:
66 |                 host = str(result['ip_str'])
67 |                 print(colored("[*] INFO: Parsing " + host + "...", "cyan"))
68 |                 issued_to = "Unknown"
69 |                 try:
70 |                     if 'ssl' in str(result):
71 |                         issued_to = result['ssl']['cert']['subject']['CN']
72 |                 except Exception as e:
73 |                     print('Error: {}'.format(e))
74 |                     pass
75 |                 checkValidity(host, issued_to, filename)
76 |             time.sleep(1)
77 |     except shodan.APIError as e:
78 |         print('Error: {}'.format(e))
79 |         pass
80 | 
81 | def main():
82 |     banner()
83 |     filename = parse_args().output
84 |     getHosts(filename)
85 | 
86 | if __name__ == '__main__':
87 |     main()
88 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | shodan
2 | requests
3 | argparse
4 | configparser
5 | 


--------------------------------------------------------------------------------