A web spider for shodan.io without using the Developer API.

thelordseye searches and returns detailed information about devices that are directly connected to the internet [IoT] (Smart TV's, Fridges, Webcams, Traffic Lights etc).

Pentesting framework using Node.js powers, focused in VoIP.

shodan

Scraps for publicly accessible MongoDB instances and dumps user passwords

Command line tool that allows you to explore IoT devices by using Shodan API.

Powerful Shodan API client using RxJava and Retrofit

A tool which utilizes Shodan to detect vulnerable IoT devices.

Different utility scripts for pentesting and hacking.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

🥀 Search Engine Tookit，URL采集、Favicon哈希值查找真实IP、子域名查找

📡 A security research tool with shodan integration

ICS security resources

Shodan Port Scanner

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

🌑 R package to work with the Shodan API

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

A simple SSH bruteforce script targeting (not necessarily) Raspbian devices.