GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kranzrm → PhantomShodan

kranzrm / PhantomShodan

Licence: other
Shodan.io connector for Phantom Cyber Security Orchestration

Programming Languages

python
139335 projects - #7 most used programming language

Labels

shodanphantomsecurity-orchestration

Projects that are alternatives of or similar to PhantomShodan

Pigat
pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具
Stars: ✭ 140 (+636.84%)
Mutual labels:  shodan
Knock
🔑 Scan the entire internet for SSH and Telnet services. Then hack them.
Stars: ✭ 60 (+215.79%)
Mutual labels:  shodan
common-osint-model
Converting data from services like Censys and Shodan to a common data model
Stars: ✭ 35 (+84.21%)
Mutual labels:  shodan
Shodanwave
Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.
Stars: ✭ 183 (+863.16%)
Mutual labels:  shodan
Grinder
🔎 Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
Stars: ✭ 209 (+1000%)
Mutual labels:  shodan
osint-combiner
Combining OSINT sources in Elastic Stack
Stars: ✭ 77 (+305.26%)
Mutual labels:  shodan
Scan For Webcams
scan for webcams on the internet
Stars: ✭ 128 (+573.68%)
Mutual labels:  shodan
ShodanCPP
ShodanCPP is a С++ library for accessing the Shodan API.
Stars: ✭ 18 (-5.26%)
Mutual labels:  shodan
Mihari
A helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+1157.89%)
Mutual labels:  shodan
pycine
Reading Vision Research .cine files with python
Stars: ✭ 23 (+21.05%)
Mutual labels:  phantom
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
Stars: ✭ 2,758 (+14415.79%)
Mutual labels:  shodan
Djangohunter
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.
Stars: ✭ 212 (+1015.79%)
Mutual labels:  shodan
waycup
A minimal tool that hides your online assets from online security scanners, researchers and hackers.
Stars: ✭ 100 (+426.32%)
Mutual labels:  shodan
Go Shodan
Shodan API client
Stars: ✭ 158 (+731.58%)
Mutual labels:  shodan
PHANTOM
An efficient implementation of the PHANTOM (GhostDAG) block-DAG protocol, complete with a block-DAG network simulation framework and other niceties.
Stars: ✭ 27 (+42.11%)
Mutual labels:  phantom
Penta
Open source all-in-one CLI tool to semi-automate pentesting.
Stars: ✭ 130 (+584.21%)
Mutual labels:  shodan
Shogun
Shodan.io Command Line Interface
Stars: ✭ 42 (+121.05%)
Mutual labels:  shodan
mmhdan
Calculate fingerprints of a website for OSINT search
Stars: ✭ 35 (+84.21%)
Mutual labels:  shodan
Z0172CK-Tools
Hacking Tools Z0172CK
Stars: ✭ 31 (+63.16%)
Mutual labels:  shodan
ZKShS
Search shodan without any knowledge about its queries
Stars: ✭ 37 (+94.74%)
Mutual labels:  shodan
View All Similar Projects ➔

Shodan.io API connector for Phantom

This App for Phantom security orchestrator provides access to information from Shodan.io.

Suggested Use-Cases

This app can be used to check whether or not a given IP address is listening given ports. This allows us to gain information that is: credible, publicly accessible, and does not require a single packet to be sent to the target IP address.

For Example:

  • For alerts about an inbound connection, phantom can validate whether or not the service is publicly accessible.
  • For alerts regarding outbound connections (irc, smtp, ntp, etc.) this can be used to verify whether or not the host is hosting that service and what service is listening on that port.
  • Perform reconnaissance on internet hosts

Current Actions

  • query ip - Query shodan for observed services for a given IP
  • query domain - Query shodan for observed services for a given fqdn

Future Features

Currently, this app performs a lookup against a domain or ip address for open ports and services.

Future areas of expansion include:

  • Implement more specific checks to look for specific IP and Port
  • Implement checks to support IP ranges / CIDR blocks
  • Triggering on-demand scan for paid developer accounts
  • DNS forward and reverse resolution
  • Implement widgets (Webpage Thumbnails, etc.)

Setup

  1. Download a Phantom appliance from Phantom Cyber.
  2. Select "Import App" from the Administration / Apps tab.
    • Select the shodan.tgz file
    • Check "Replace an Existing app" if an older version is installed
  3. Obtain an API key from Shodan.io. A free API key can be obtained from the Shodan.io website by registering and visiting your account page
  4. Configure the Shodan asset.
    • Product Vendor = "Shodan.io"
    • Product Name = "Shodan.io"
    • Set the "Shodan API Key" field in the phantom "Asset Settings" tab
  5. Configure the api_key in the json files located in the test_json directory (for CLI debugging)

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].