Script shodan-api

Script types:
Categories: discovery, safe, external
Download: https://svn.nmap.org/nmap/scripts/shodan-api.nse

Script Summary

Queries Shodan API for given targets and produces similar output to a -sV nmap scan. The ShodanAPI key can be set with the 'apikey' script argument, or hardcoded in the .nse file itself. You can get a free key from https://developer.shodan.io

N.B if you want this script to run completely passively make sure to include the -sn -Pn -n flags.

Script Arguments

shodan-api.target

Specify a single target to be scanned.

shodan-api.apikey

Specify the ShodanAPI key. This can also be hardcoded in the nse file.

shodan-api.outfile

Write the results to the specified CSV file

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

 nmap --script shodan-api x.y.z.0/24 -sn -Pn -n --script-args 'shodan-api.outfile=potato.csv,shodan-api.apikey=SHODANAPIKEY'
 nmap --script shodan-api --script-args 'shodan-api.target=x.y.z.a,shodan-api.apikey=SHODANAPIKEY'

Script Output

| shodan-api: Report for 2600:3c01::f03c:91ff:fe18:bb2f (scanme.nmap.org)
| PORT	PROTO	PRODUCT      VERSION
| 80   tcp   Apache httpd
| 3306 tcp   MySQL        5.5.40-0+wheezy1
| 22   tcp   OpenSSH      6.0p1 Debian 4+deb7u2
|_443  tcp

Requires

• http
• io
• ipOps
• json
• nmap
• stdnse
• string
• tab
• table
• openssl

---

Author:

• Glenn Wilkinson <glenn@sensepost.com> (idea: Charl van der Walt <charl@sensepost.com>)

License: Same as Nmap--See https://nmap.org/book/man-legal.html