Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
#
from sys import argv
import json
from shodan.helpers import iterate_files, get_ip
pwnedDBs = ['timonmat/xmr-stak-cpu', 'arayan/monero-miner', 'abafaeeee/monero-miner', 'kannix/monero-miner', 'Warn',
'Backup1', 'Backup2', 'Backup3', 'crackit', 'trojan1', 'trojan2', 'trojan3', 'trojan4', 'Readme', 'WARNING',
'PLEASE_READ_ME_XYZ', 'jacpos', 'jackpos', 'jackposv1', 'jackposv2', 'jackposprivate12', 'alina', 'topkek112', 'README', 'WRITE_ME',
'WE_HAVE_YOUR_DATA', 'your_data_has_been_backed_up', 'REQUEST_YOUR_DATA', 'DB_HAS_BEEN_DROPPED', 'Warning', 'Attention',
'send_bitcoin_to_retrieve_the_data', 'DATA_HAS_BEEN_BACKED_UP', 'REQUEST_ME', 'CONTACTME', 'BACKUP_DB', 'db_has_been_backed_up',
'PLEASE_READ', 'please_read', 'warning', 'DB_H4CK3D', 'CONTACTME', 'PLEASE_READ_ME', 'DB_DELETED', 'DB_DROPPED', 'PLEASEREAD',
'NODATA4U_SECUREYOURSHIT', 'SECUREYOURSHIT', 'pleasereadthis', 'readme', 'PLEASE_SECURE_THIS_INSTALLATION', 'ReadmePlease',
'JUST_READ_ME', 'README_MISSING_DATABASES', 'README_YOU_DB_IS_INSECURE', 'PWNED_SECURE_YOUR_STUFF_SILLY', 'WARNING_ALERT',
'pleaseread']
for banner in iterate_files(argv[1:]):
ip = get_ip(banner)
org = banner['org']
try:
product = banner['product']
except:
pass
try:
if product == "MongoDB":
data = banner['data'].replace('MongoDB Server Information\n', '').split('\n},\n')[2]
data = json.loads(data + '}')
for db in data['databases']:
if db['name'] in pwnedDBs:
print('{}:{}:{}'.format(ip, db['name'], product))
elif product == "Elastic":
data = banner['elastic']
for db in data['indices']:
def process(self, files):
# Write the header
self.header()
hosts = {}
for banner in iterate_files(files):
ip = get_ip(banner)
if not ip:
continue
if ip not in hosts:
hosts[ip] = banner
hosts[ip]['ports'] = []
hosts[ip]['ports'].append(banner['port'])
for ip, host in iter(hosts.items()):
self.write(host)
self.footer()
has_filters = len(filters) > 0
# Setup the output file handle
fout = None
if filename:
# If no filters were provided raise an error since it doesn't make much sense w/out them
if not has_filters:
raise click.ClickException('Output file specified without any filters. Need to use filters with this option.')
# Add the appropriate extension if it's not there atm
if not filename.endswith('.json.gz'):
filename += '.json.gz'
fout = helpers.open_file(filename)
for banner in helpers.iterate_files(filenames):
row = u''
# Validate the banner against any provided filters
if has_filters and not match_filters(banner, filters):
continue
# Append the data
if fout:
helpers.write_banner(fout, banner)
# Loop over all the fields and print the banner as a row
for i, field in enumerate(fields):
tmp = u''
value = get_banner_field(banner, field)
if value:
field_type = type(value)
# Write the header
main_sheet.write(0, 0, 'IP', bold) # The IP field can be either ip_str or ipv6 so we treat it differently
main_sheet.set_column(0, 0, 20)
row = 0
col = 1
for field in self.fields:
name = self.field_names.get(field, field.capitalize())
main_sheet.write(row, col, name, bold)
col += 1
row += 1
total = 0
ports = defaultdict(int)
for banner in iterate_files(files):
try:
# Build the list that contains all the relevant values
data = []
for field in self.fields:
value = self.banner_field(banner, field)
data.append(value)
# Write those values to the main workbook
# Starting off w/ the special "IP" property
main_sheet.write_string(row, 0, get_ip(banner))
col = 1
for value in data:
main_sheet.write(row, col, value)
col += 1
row += 1
# the directory name to store the images.
self.dirname = self.fout.name[:-7] + '-images'
# Remove the original file that was created
self.fout.close()
os.unlink(self.fout.name)
# Create the directory if it doesn't yet exist
if not os.path.exists(self.dirname):
os.mkdir(self.dirname)
# Close the existing file as the XlsxWriter library handles that for us
self.fout.close()
# Loop through all the banners in the data file
for banner in iterate_files(files):
screenshot = get_screenshot(banner)
if screenshot:
filename = '{}/{}-{}'.format(self.dirname, get_ip(banner), banner['port'])
# If a file with the name already exists then count up until we
# create a new, unique filename
counter = 0
tmpname = filename
while os.path.exists(tmpname + '.jpg'):
tmpname = '{}-{}'.format(filename, counter)
counter += 1
filename = tmpname + '.jpg'
fout = open(filename, 'wb')
fout.write(decode(screenshot['data'].encode(), 'base64'))
fout.close()
def process(self, files):
writer = csv_writer(self.fout, dialect=excel)
# Write the header
writer.writerow(self.fields)
for banner in iterate_files(files):
# The "vulns" property can't be nicely flattened as-is so we turn
# it into a list before processing the banner.
if 'vulns' in banner:
banner['vulns'] = banner['vulns'].keys()
try:
row = []
for field in self.fields:
value = self.banner_field(banner, field)
row.append(value)
writer.writerow(row)
except Exception:
pass
def process(self, files):
# Write the header
self.header()
hosts = {}
for banner in iterate_files(files):
ip = banner.get('ip_str', banner.get('ipv6', None))
if not ip:
continue
if ip not in hosts:
hosts[ip] = banner
hosts[ip]['ports'] = []
hosts[ip]['ports'].append(banner['port'])
for ip, host in iter(hosts.items()):
self.write(host)
self.footer()