Shodan + Steampipe
Shodan provides host, DNS and exploit information from scanning the Internet.
Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.
For example:
select ip, port, timestamp, dnsfrom shodan_host_servicewhere ip = '8.8.8.8'+---------+------+---------------------+--------------------------------------------------------------------------------+| ip | port | timestamp | dns |+---------+------+---------------------+--------------------------------------------------------------------------------+| 8.8.8.8 | 53 | 2021-08-06 07:12:16 | {"recursive":true,"resolver_hostname":null,"resolver_id":null,"software":null} |+---------+------+---------------------+--------------------------------------------------------------------------------+Documentation
Get started
Install
Download and install the latest Shodan plugin:
steampipe plugin install shodanCredentials
Shodan requires an API token for all requests, but offers a free tier. Sign up on the Shodan website to get your free token. It looks like ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U.
Configuration
Connection configurations are defined using HCL in one or more Steampipe config files. Steampipe will load ALL configuration files from ~/.steampipe/config that have a .spc extension. A config file may contain multiple connections.
Installing the latest shodan plugin will create a default connection named shodan in the ~/.steampipe/config/shodan.spc file. You must edit this connection to include your API token:
connection "shodan" { plugin = "shodan" api_key = "ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U"}Postgres FDW
This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- shodanThe installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.
To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.
CREATE EXTENSION IF NOT EXISTS steampipe_postgres_shodan;CREATE SERVER steampipe_shodan FOREIGN DATA WRAPPER steampipe_postgres_shodan OPTIONS (config '<your_config>');CREATE SCHEMA shodan;IMPORT FOREIGN SCHEMA shodan FROM SERVER steampipe_shodan INTO shodan;SQLite Extension
This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- shodanThe installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.
To configure the SQLite extension, load the extension module and then run the steampipe_configure_shodan function to configure it with plugin-specific options.
$ sqlite3sqlite> .load ./steampipe_sqlite_extension_shodan.sosqlite> select steampipe_configure_shodan('<your_config>');Export
This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- shodanYou can pass the configuration to the command with the --config argument:
steampipe_export_shodan --config '<your_config>' <table_name>