steampipe plugin install shodan

Table: shodan_exploit - Query Shodan Exploits using SQL

Shodan Exploits is a feature within that allows users to search for known vulnerabilities and exploits in software or hardware. It provides a comprehensive database of exploits from various sources including CVE, Metasploit, Exploit DB, and Packet Storm. Shodan Exploits helps users stay informed about potential vulnerabilities and take appropriate actions when identified.

Table Usage Guide

The shodan_exploit table provides insights into known exploits within Shodan service. As a security analyst, explore exploit-specific details through this table, including descriptions, sources, and associated metadata. Utilize it to uncover information about potential vulnerabilities, such as those related to specific software or hardware, and the details of the exploits available.

Important Notes

  • You must specify the query in the where clause to query this table.

Examples

Uncover the details of potential vulnerabilities linked to the lodash library. This query is particularly useful for identifying potential security risks associated with the use of lodash in your applications.

select
*
from
shodan_exploit
where
query = 'lodash';
select
*
from
shodan_exploit
where
query = 'lodash';

Find exploits with Bugtraq ID

Discover the segments that are vulnerable to specific exploits by identifying instances where the Bugtraq ID is a match. This can help increase your system's security by pinpointing potential weaknesses.

select
*
from
shodan_exploit
where
query = 'bid:91451';
select
*
from
shodan_exploit
where
query = 'bid:91451';

Find exploits for a given port

Discover the vulnerabilities associated with a specific network port to enhance your cybersecurity measures and protect against potential threats.

select
*
from
shodan_exploit
where
query = 'port:5432';
select
*
from
shodan_exploit
where
query = 'port:5432';

Schema for shodan_exploit

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
aliasjsonbAlias for the exploit.
archjsonbArchitecture for the exploit.
authortextThe author of the exploit/vulnerability.
bidjsonbThe Bugtraq ID for the exploit.
codetextThe actual code of the exploit.
cvejsonbThe Common Vulnerability and Exposures ID for the exploit.
datetextDate when the exploit was released.
descriptiontextThe description of the exploit, how it works and where it applies.
idtextUnique ID for the exploit/vulnerability.
msbjsonbThe Microsoft Security Bulletin ID for the exploit.
osvdbjsonbThe Open Source Vulnerability Database ID for the exploit.
platformjsonbThe operating system that the exploit targets.
portbigintThe port number for the affected service if the exploit is remote.
privilegedbooleanTrue if the exploit is privileged.
querytext=Query string for the exploit search.
ranktextRank for the exploit.
sourcetextThe name of the data source. Possible values are: CVE, ExploitDB, Metasploit.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title or short description for the exploit if available.
typetextThe type of exploit.
versiontextVersion of the exploit.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- shodan

You can pass the configuration to the command with the --config argument:

steampipe_export_shodan --config '<your_config>' shodan_exploit