-
Notifications
You must be signed in to change notification settings - Fork 0
/
1-CVE-2024-24919-Shodan-Search.py
75 lines (61 loc) · 2.71 KB
/
1-CVE-2024-24919-Shodan-Search.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import shodan
import argparse
# Replace 'YOUR_HARDCODED_API_KEY' with your Shodan API key or use -api
HARDCODED_API_KEY = 'YOUR_HARDCODED_API_KEY'
def search_shodan(api_key: str, query: str, output_file: str = None, max_pages: int = 2) -> None:
try:
# Initialize Shodan client
api = shodan.Shodan(api_key)
# Initialize variables for pagination
page = 1
all_results = []
while True:
# Perform the search with pagination
results = api.search(query, page=page)
all_results.extend(results['matches'])
# Check if there are more results to fetch or if the max page limit is reached
if max_pages and max_pages != 0 and page >= max_pages:
break
if page * 100 >= results['total']:
break
page += 1
if output_file:
# Write results to the output file
with open(output_file, 'w') as f:
for result in all_results:
ip_str = result['ip_str']
f.write(f'https://{ip_str}\n')
else:
# Print results to the console
for result in all_results:
ip_str = result['ip_str']
print(f'https://{ip_str}')
print(f"Results found: {len(all_results)}")
except shodan.APIError as e:
if "Invalid API key" in str(e):
raise ValueError("Invalid API key") from e
else:
print(f"Error: {e}")
def main() -> None:
parser = argparse.ArgumentParser(description="Shodan Search CVE-2024-24919, made with love by Proton Negativo.")
parser.add_argument('-api', type=str, help='Shodan API Key')
parser.add_argument('-o', type=str, default='target.txt', help='Optional output file to save IP addresses, default is target.txt')
parser.add_argument('-pages', type=int, default=2, help='Maximum number of pages to retrieve, default is 2. Each page contains up to 100 IP addresses. Use 0 to retrieve all pages.')
args = parser.parse_args()
# Use the provided API key or the hardcoded one
api_key = args.api if args.api else HARDCODED_API_KEY
if not api_key:
print("Error: No API key provided.")
parser.print_help()
return
# Define the query
query = "http.favicon.hash:794809961"
try:
# Perform the search with the specified number of pages
search_shodan(api_key, query, args.o, args.pages)
except ValueError as e:
if str(e) == "Invalid API key":
print("Error: Invalid API key")
parser.print_help()
if __name__ == "__main__":
main()