Change up the way shodan is reached

2017-03-22 19:39:45 -04:00 · 2017-03-22 19:39:45 -04:00 · 420df11c44
parent fa61d67761
commit 420df11c44
1 changed files with 32 additions and 21 deletions
--- a/modules/auxiliary/gather/shodan_honeyscore.rb
+++ b/modules/auxiliary/gather/shodan_honeyscore.rb
@ -24,58 +24,69 @@ class MetasploitModule < Msf::Auxiliary
        For more info on how their honeyscore system works, go here:
        https://honeyscore.shodan.io/
      },
-      'Author'  => [ 'thecarterb' ],
+      'Author' =>
+        [ 'thecarterb' ],
      'License' => MSF_LICENSE
      )
    )

-    deregister_options('DOMAIN', 'DigestAuthIIS', 'NTLM::SendLM',
+    deregister_options('RHOST', 'SSL', 'DOMAIN', 'DigestAuthIIS', 'NTLM::SendLM',
      'NTLM::SendNTLM', 'VHOST', 'RPORT', 'NTLM::SendSPN', 'NTLM::UseLMKey',
      'NTLM::UseNTLM2_session', 'NTLM::UseNTLMv2')

    register_options(
      [
+        OptString.new('TARGET', [true, 'The target to get the score of']),
        OptString.new('SHODAN_APIKEY', [true, 'The SHODAN API key'])
      ], self.class)
  end

  def print_score(score)
-    print_status("#{rhost} honeyscore: #{score}")
+    tgt = datastore['TARGET']
+    print_status("#{tgt} honeyscore: #{score}")
  end

-  # Function to query the shodan API
-  def honeypot_query(ip, key)
+  def run
+    key = datastore['SHODAN_APIKEY']
+    tgt = datastore['TARGET']
+    print_status("Scanning #{tgt}")
+    cli = Rex::Proto::Http::Client.new('api.shodan.io', 443, {}, true)
+    cli.connect
+    req = cli.request_cgi({
+      'uri'    => "/labs/honeyscore/#{tgt}?key=#{key}",
+      'method' => 'GET'
+      })
+    res = cli.send_recv(req)
+    cli.close
+    if res.nil?
+      fail_with(Failure::Unknown, 'Unable to connect to shodan')
+    end

-    print_status("Scanning #{rhost}")
-    uri = URI("https://api.shodan.io/labs/honeyscore/#{ip}?key=#{key}")
-    res = Net::HTTP.get(uri)
-    score = res.to_f
-
-    if res.to_s.include? "Unauthorized"
+    if res.code != 200
      print_error('Shodan did not respond in an expected way. Check your api key')
      return
    end

-    if score < 0.4
-      print_error("#{rhost} is probably not a honeypot")
+    score = res.to_s.to_f  # Change the score to a float to be able to determine value in the checks
+
+    if score == 0
+      print_error("#{tgt} is not a honeypot")
+      print_score(score)
+    elsif score < 0.4 && score != 0.0
+      print_error("#{tgt} is probably not a honeypot")
      print_score(score)
    elsif score > 0.4 && score < 0.6
-      print_status("#{rhost} might be a honeypot")
+      print_status("#{tgt} might be a honeypot")
      print_score(score)
    elsif score > 0.6 && score < 1.0
-      print_good("#{rhost} is probably a honeypot")
+      print_good("#{tgt} is probably a honeypot")
      print_score(score)
    elsif score == 1.0
-      print_good("#{rhost} is definitely a honeypot")
+      print_good("#{tgt} is definitely a honeypot")
      print_score(score)
    else  # We shouldn't ever get here as the previous check should catch an unexpected response
      print_error('An unexpected error occured.')
      return
    end
  end
-
-  def run
-    key = datastore['SHODAN_APIKEY']
-    honeypot_query(rhost, key)
-  end
 end