added shodan to passive recon

gotr00t0day · Aug 11, 2022 · 01e6504 · 01e6504
1 parent 6f14686
commit 01e6504
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Web Security Scanner
 
 
               ,~,
-             ((()-                   - GSec v0.5
+             ((()-                   - GSec v0.6
              -''-.                   - by c0deninja 
             (\  /\)                  - @gotr00t0day (Instagram)
       ~______\) | `\
@@ -16,6 +16,7 @@ Web Security Scanner
      \ \      / |
      |\|\   /| |\
 ```
+![Python Version](https://img.shields.io/badge/python-3.9.12-green)](https://www.python.org)
 ![Python](https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54)
 ![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)
 ![macOS](https://img.shields.io/badge/mac%20os-000000?style=for-the-badge&logo=macos&logoColor=F0F0F0)

diff --git a/gsec.py b/gsec.py
@@ -21,7 +21,7 @@
 {Fore.RESET}
 
               ,~,
-             ((()-                   - GSec beta-v0.5
+             ((()-                   - GSec beta-v0.6
              -''-.                   - by c0deninja 
             (\  /\)                  - @gotr00t0day (Instagram)
       ~______\) | `\\
@@ -68,6 +68,7 @@ def commands(cmd):
     if args.passive_recon:
         passive_recon.whois_scan(args.target)
         passive_recon.dns_info(args.target)
+        passive_recon.shodan_search(args.target)
     else:
         fetch_requests.do_requests(args.target)
         ip = urltoip.get_ip(args.target)

diff --git a/requirements.txt b/requirements.txt
@@ -3,3 +3,5 @@ requests
 colorama
 urllib3
 python-whois
+dnspython
+shodan
diff --git a/utils/passive_recon.py b/utils/passive_recon.py
@@ -1,6 +1,9 @@
 from colorama import Fore
 import whois
 import dns.resolver
+import shodan
+import socket
+
 
 def whois_scan(domain: str) -> str:
     w = whois.whois(domain)
@@ -10,10 +13,40 @@ def whois_scan(domain: str) -> str:
     print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Registrar: {Fore.GREEN}{registrar}")
 
 def dns_info(domain: str) -> str:
+    mx = []
     if "https://" in domain:
         domain = domain.replace("https://", "")
+        if "www." in domain:
+            domain = domain.replace("www.", "")
     if "http://" in domain:
         domain = domain.replace("http://", "")
+        if "www." in domain:
+            domain = domain.replace("www.", "")
+
     mail_exchange = dns.resolver.resolve(domain, "MX")
+    soa = dns.resolver.resolve(domain, "SOA")
     for mail_info in mail_exchange:
-        print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} MX: {Fore.GREEN}{mail_info.to_text()}")
+        mx.append(mail_info.to_text())
+    for state_of_authority in soa:
+        print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} SOA: {Fore.GREEN}{state_of_authority.to_text()}")
+    print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} MX: {Fore.GREEN}{', '.join(map(str,mx))}")
+
+def shodan_search(domain: str) -> str:
+    Shodan_Key = input(f"{Fore.GREEN}Shodan key: ")
+    if Shodan_Key == "":
+        pass
+    else:
+        api = shodan.Shodan(Shodan_Key)
+        try:
+            results = api.search(domain)
+            results_ = []
+            results_5 = []
+            for result in results['matches']:
+                results_.append(result['ip_str'])
+            results_5.append(results_[0:9])
+            print(results_5)
+            print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Shodan IPs: {Fore.GREEN}{', '.join(map(str,results_5))}")
+        except shodan.APIError as e:
+            print('Error: {}'.format(e))
+        except socket.herror:
+            pass