Shodan + Steampipe
Shodan provides host, DNS and exploit information from scanning the Internet.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
For example:
select ip, port, timestamp, dnsfrom shodan_host_servicewhere ip = '8.8.8.8'
+---------+------+---------------------+--------------------------------------------------------------------------------+| ip | port | timestamp | dns |+---------+------+---------------------+--------------------------------------------------------------------------------+| 8.8.8.8 | 53 | 2021-08-06 07:12:16 | {"recursive":true,"resolver_hostname":null,"resolver_id":null,"software":null} |+---------+------+---------------------+--------------------------------------------------------------------------------+
Documentation
Get started
Install
Download and install the latest Shodan plugin:
steampipe plugin install shodan
Credentials
Shodan requires an API token for all requests, but offers a free tier. Sign up on the Shodan website to get your free token. It looks like ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U
.
Configuration
Connection configurations are defined using HCL in one or more Steampipe config files. Steampipe will load ALL configuration files from ~/.steampipe/config
that have a .spc
extension. A config file may contain multiple connections.
Installing the latest shodan plugin will create a default connection named shodan
in the ~/.steampipe/config/shodan.spc
file. You must edit this connection to include your API token:
connection "shodan" { plugin = "shodan" api_key = "ZGloRBAl2Tvur3tBTu84NkZIf3i5Cc5U"}
Get involved
- Open source
- Community: Slack Channel