-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
A simple shodan wuery pack to display all shodan information about a IP address Signed-off-by: Patrick Münch <[email protected]>
- Loading branch information
Showing
1 changed file
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| # Copyright (c) Mondoo, Inc. | ||
| # SPDX-License-Identifier: BUSL-1.1 | ||
|
|
||
| packs: | ||
| - uid: mondoo-shodan-inventory | ||
| name: Shodan Inventory Pack | ||
| version: 1.0.0 | ||
| license: BUSL-1.1 | ||
| authors: | ||
| - name: Mondoo, Inc | ||
| email: [email protected] | ||
| tags: | ||
| mondoo.com/platform: shodan | ||
| mondoo.com/category: best-practices | ||
| docs: | ||
| desc: | | ||
| The Shodan Inventory Pack by Mondoo retrieves data about shodan.io assets. | ||
| ## Local scan | ||
| To run this pack locally: | ||
| ```bash | ||
| export SHODAN_TOKEN="XXX" | ||
| cnquery scan shodan --networks "1.1.1.1/28" --discover hosts -f mondoo-shodan-inventory.mql.yaml | ||
| ``` | ||
| ## Join the community! | ||
| Our goal is to build query packs that are simple to deploy and provide accurate and useful data. | ||
| If you have any suggestions for improving this query pack, or if you need support, [join the Mondoo community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions. | ||
| filters: | ||
| - mql: asset.platform == "shodan-host" | ||
| queries: | ||
| - uid: mondoo-shodan-inventory-hostnames | ||
| title: Shodan info about Hostnames / DNS | ||
| mql: | | ||
| shodan.host.hostnames | ||
| - uid: mondoo-shodan-inventory-asn | ||
| title: Shodan info about ASN | ||
| mql: | | ||
| shodan.host.asn | ||
| - uid: mondoo-shodan-inventory-tags | ||
| title: Shodan info about Tags | ||
| mql: | | ||
| shodan.host.tags | ||
| - uid: mondoo-shodan-inventory-isp | ||
| title: Shodan info about ISP | ||
| mql: | | ||
| shodan.host.isp | ||
| - uid: mondoo-shodan-inventory-org | ||
| title: Shodan info about Org | ||
| mql: | | ||
| shodan.host.org | ||
| - uid: mondoo-shodan-inventory-ip | ||
| title: Shodan info about IP | ||
| mql: | | ||
| shodan.host.ip | ||
| - uid: mondoo-shodan-inventory-os | ||
| title: Shodan info about OS | ||
| mql: | | ||
| shodan.host.os | ||
| - uid: mondoo-shodan-inventory-ports | ||
| title: Shodan info about Ports | ||
| mql: | | ||
| shodan.host.ports | ||