metasploit-framework/modules/auxiliary/gather/shodan_honeyscore.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class MetasploitModule < Msf::Auxiliary

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Shodan Honeyscore Client',
      'Description' => %q{
        This module uses the shodan API to check
        if a server is a honeypot or not. The api
        returns a score from 0.0 to 1.0. 1.0 being a honeypot.
        A shodan API key is needed for this module to work properly.

        If you don't have an account, go here to register:
        https://account.shodan.io/register
        For more info on how their honeyscore system works, go here:
        https://honeyscore.shodan.io/
      },
      'Author' =>
        [ 'thecarterb' ],  # Thanks to @rwhitcroft, @h00die and @wvu-r7 for the improvements and review!
      'License' => MSF_LICENSE,
      'References' =>
        [
          [ 'URL', 'https://honeyscore.shodan.io/']
        ]
      )
    )

    deregister_options('RHOST', 'SSL', 'DOMAIN', 'DigestAuthIIS', 'NTLM::SendLM',
      'NTLM::SendNTLM', 'VHOST', 'RPORT', 'NTLM::SendSPN', 'NTLM::UseLMKey',
      'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2')

    register_options(
      [
        OptString.new('TARGET', [true, 'The target to get the score of']),
        OptString.new('SHODAN_APIKEY', [true, 'The SHODAN API key'])
      ], self.class)
  end

  def print_score(score)
    tgt = datastore['TARGET']
    print_status("#{tgt} honeyscore: #{score}/1.0")
  end

  def run
    key = datastore['SHODAN_APIKEY']

    # Check the length of the key (should be 32 chars)
    if key.length != 32
      print_error('Invalid API key (Not long enough)')
      return
    end

    tgt = datastore['TARGET']
    print_status("Scanning #{tgt}")
    cli = Rex::Proto::Http::Client.new('api.shodan.io', 443, {}, true)
    cli.connect
    req = cli.request_cgi({
      'uri'    => "/labs/honeyscore/#{tgt}?key=#{key}",
      'method' => 'GET'
      })
    res = cli.send_recv(req)
    cli.close
    if res.nil?
      fail_with(Failure::Unknown, 'Unable to connect to shodan')
    end

    if res.code != 200
      print_error('Shodan did not respond in an expected way. Check your api key')
      return
    end

    score = res.body.to_f  # Change the score to a float to be able to determine value in the checks

    if score == 0
      print_error("#{tgt} is not a honeypot")
    elsif score < 0.4 && score != 0.0
      print_error("#{tgt} is probably not a honeypot")
    elsif score > 0.4 && score < 0.6
      print_status("#{tgt} might be a honeypot")
    elsif score > 0.6 && score < 1.0
      print_good("#{tgt} is probably a honeypot")
    elsif score == 1.0
      print_good("#{tgt} is definitely a honeypot")
    else  # We shouldn't ever get here as the previous checks should catch an unexpected response
      print_error('An unexpected error occured.')
      return
    end
    print_score(score)
  end
end
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`##`
			`# This module requires Metasploit: http://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core'`

			`class MetasploitModule < Msf::Auxiliary`

			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'Shodan Honeyscore Client',`
			`'Description' => %q{`
			`This module uses the shodan API to check`
			`if a server is a honeypot or not. The api`
			`returns a score from 0.0 to 1.0. 1.0 being a honeypot.`
			`A shodan API key is needed for this module to work properly.`

			`If you don't have an account, go here to register:`
			`https://account.shodan.io/register`
Add more checks and formatting 2017-03-21 17:23:06 +00:00			`For more info on how their honeyscore system works, go here:`
			`https://honeyscore.shodan.io/`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`},`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`'Author' =>`
Add key length check and remove mixin Also add a reference to the original honeyscore website 2017-03-25 02:33:09 +00:00			`[ 'thecarterb' ], # Thanks to @rwhitcroft, @h00die and @wvu-r7 for the improvements and review!`
			`'License' => MSF_LICENSE,`
Fix msftidy warnings 2017-03-25 03:12:48 +00:00			`'References' =>`
Add key length check and remove mixin Also add a reference to the original honeyscore website 2017-03-25 02:33:09 +00:00			`[`
Fix msftidy warnings 2017-03-25 03:12:48 +00:00			`[ 'URL', 'https://honeyscore.shodan.io/']`
Add key length check and remove mixin Also add a reference to the original honeyscore website 2017-03-25 02:33:09 +00:00			`]`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`)`
			`)`

Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`deregister_options('RHOST', 'SSL', 'DOMAIN', 'DigestAuthIIS', 'NTLM::SendLM',`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`'NTLM::SendNTLM', 'VHOST', 'RPORT', 'NTLM::SendSPN', 'NTLM::UseLMKey',`
			`'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2')`

			`register_options(`
			`[`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`OptString.new('TARGET', [true, 'The target to get the score of']),`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`OptString.new('SHODAN_APIKEY', [true, 'The SHODAN API key'])`
			`], self.class)`
			`end`

Add more checks and formatting 2017-03-21 17:23:06 +00:00			`def print_score(score)`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`tgt = datastore['TARGET']`
Fix things from review 2017-03-25 01:22:23 +00:00			`print_status("#{tgt} honeyscore: #{score}/1.0")`
Add more checks and formatting 2017-03-21 17:23:06 +00:00			`end`

Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`def run`
			`key = datastore['SHODAN_APIKEY']`
Fix msftidy warnings 2017-03-25 03:12:48 +00:00
Add key length check and remove mixin Also add a reference to the original honeyscore website 2017-03-25 02:33:09 +00:00			`# Check the length of the key (should be 32 chars)`
			`if key.length != 32`
			`print_error('Invalid API key (Not long enough)')`
			`return`
			`end`
Fix msftidy warnings 2017-03-25 03:12:48 +00:00
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`tgt = datastore['TARGET']`
			`print_status("Scanning #{tgt}")`
			`cli = Rex::Proto::Http::Client.new('api.shodan.io', 443, {}, true)`
			`cli.connect`
			`req = cli.request_cgi({`
			`'uri' => "/labs/honeyscore/#{tgt}?key=#{key}",`
			`'method' => 'GET'`
			`})`
			`res = cli.send_recv(req)`
			`cli.close`
			`if res.nil?`
			`fail_with(Failure::Unknown, 'Unable to connect to shodan')`
			`end`
Create honeypot.rb 2017-03-21 15:15:12 +00:00
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`if res.code != 200`
Add more checks and formatting 2017-03-21 17:23:06 +00:00			`print_error('Shodan did not respond in an expected way. Check your api key')`
			`return`
			`end`

Fix response parsing 2017-03-29 23:21:12 +00:00			`score = res.body.to_f # Change the score to a float to be able to determine value in the checks`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00
			`if score == 0`
			`print_error("#{tgt} is not a honeypot")`
			`elsif score < 0.4 && score != 0.0`
			`print_error("#{tgt} is probably not a honeypot")`
Fix score comparison 2017-03-21 23:17:20 +00:00			`elsif score > 0.4 && score < 0.6`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`print_status("#{tgt} might be a honeypot")`
Fix score comparison 2017-03-21 23:17:20 +00:00			`elsif score > 0.6 && score < 1.0`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`print_good("#{tgt} is probably a honeypot")`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`elsif score == 1.0`
Change up the way shodan is reached 2017-03-22 23:39:45 +00:00			`print_good("#{tgt} is definitely a honeypot")`
Add key length check and remove mixin Also add a reference to the original honeyscore website 2017-03-25 02:33:09 +00:00			`else # We shouldn't ever get here as the previous checks should catch an unexpected response`
Add more checks and formatting 2017-03-21 17:23:06 +00:00			`print_error('An unexpected error occured.')`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`return`
			`end`
Fix things from review 2017-03-25 01:22:23 +00:00			`print_score(score)`
Create honeypot.rb 2017-03-21 15:15:12 +00:00			`end`
			`end`