Automate OSINT with Shodan PowerShell Modules
Table of Contents
A collection of PowerShell Modules for Interacting with the Shodan API
Notes:
- You’ll need you Shodan API key, which can be found on your Shodan Account
- Examples of the APIs used in the modules may be found on the Shodan Developers Page
- Certain Modules may use scan or query credits Query Credits are used when you download data via the website, CLI or API (what these scripts do).
Since we are using the API it is important to note that query credits are deducted if:
- A search filter is used
- Page 2 or beyond is requested The credits renew at the start of the month and 1 credit lets you download 100 results. As for scan credits, 1 scan credit lets you scan 1 IP, and they also renew at the start of the month. Please view the Shodan Help Center HERE for full details.
Table of Contents
- Download Instructions
- Installation Instructions
- Modules
- Get-ShodanAPIInfo - Return information about the API plan belonging to the given API key.
- Get-ShodanClientHTTPHeaders - Shows the HTTP headers that your client sends when connecting to a webserver.
- Get-ShodanClientIP - Gets your current IP address as seen from the Internet.
- Get-ShodanDNSDomain - Gets all the subdomains and other DNS entries for the given domain
- Get-ShodanDNSResolve - Looks up the IP addresses for the provided hostname(s).
- Get-ShodanDNSReverse - Looks up the hostnames that have been defined for the given list of IP addresses.
- Get-ShodanExploitCount - Searches for exploits but only returns information about the total number of matches related to the search term, and optionally the exploit author, platform, port, source, or type.
- Get-ShodanHoneyScore - Calculates a honeypot probability score ranging from 0 (not a honeypot) to 1.0 (is a honeypot).
- Get-ShodanHostCount - Returns the total number of results of “/shodan/host/search” provides.
- Get-ShodanHostIP - Search Shodan with IP address.
- Get-ShodanHostSearch - Search Shodan using the same query syntax as the website and use facets to get summary information for different properties.
- Get-ShodanHostSearchFacets - This module returns a list of search filters that can be used in the search query.
- Get-ShodanHostSearchFilters - This module returns a list of search filters that can be used in the search query.
- Get-ShodanPorts - List all ports that Shodan is crawling on the Internet.
- Get-ShodanProfile - Returns information about the Shodan account linked to this API key
- Get-ShodanScanID - Check the progress of a previously submitted scan request
- Get-ShodanScanProtocols - List all protocols that can be used when performing on-demand Internet scans via Shodan
- Set-ShodanScanIP - Use this module to request Shodan to crawl a network.
Download
You will need to clone or download the scripts to your computer.
You can use the Code dropdown menu on this repo page by scrolling up, or just copy and paste the following link: https://github.com/simeononsecurity/Shodan_PS.git
For this example we will be cloning the repo within Git Bash, after clicking on the clipboard icon as seen above, we can type git clone and right click the Git Bash window to select paste from the dropdown menu:
exampleuser@exampleComputer MINGW64 ~/Documents/Github git clone https://github.com/simeononsecurity/Shodan_PS.git
For detailed instructions on cloning please view the github documentation.
Once you have the files, you need to copy the files to C:\Program Files\WindowsPowerShell\Modules, doing this will prompt dialog saying that access is denied, click continue to finish copying the files to this location and then proceed to the installation instructions here
OR
You can use the Code dropdown menu on this repo page by scrolling up, or just click on the following link: https://github.com/simeononsecurity/Shodan_PS/archive/main.zip
Unzip main.zip by right clicking on the file and selecting extract here from the dropdown menu.
Once you have the files, you need to copy the files to C:\Program Files\WindowsPowerShell\Modules, doing this will prompt dialog saying that access is denied, click continue to finish copying the files to this location and then proceed to the installation instructions here
Install
To install the modules You will need to run a PowerShell window as administrator. There are two ways of doing this:
The first way is by right clicking the PowerShell icon on the Desktop and selecting Run as Administrator from the dropdown menu.
OR
By typing p (or however many characters it takes PowerShell to show up) into the search bar and clicking on Run as Administrator.
You will need to be in the directory that you copied the scripts to. Run the following command to change your working directory:
PS C:\WINDOWS\system32> cd 'C:\Program Files\WindowsPowerShell\Modules\Shodan_PS'
PS C:\Program Files\WindowsPowerShell\Modules\Shodan_PS>
On Windows client computers we need to change the PowerShell execution policy which is Restricted by default.
For more information please read this Microsoft documentation.
Run the following command to set the policy to RemoteSigned and enter y to select that Yes you want to change the policy.
PS C:\Program Files\WindowsPowerShell\Modules\Shodan_PS> Set-ExecutionPolicy RemoteSigned
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the
security risks described in the about_Execution_Policies help topic at https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to
change the execution policy?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
Once the execution policy has been changed, you can run the following command to Import the modules.
PS C:\Program Files\WindowsPowerShell\Modules\Shodan_PS> Set-ChildItem -Recurse *.psm1 | Import-Module
Now you can run any of the scripts as a module via powershell.