[enhancement] Import targets from Shodan

[cyrinux]

Do you think it can be usefull to do the recon with shodan? In fast mode this will do noise directly so useless but if in interactive before going further this can help?

• need an api key https://nmap.org/nsedoc/scripts/shodan-api.html

[koutto]

I think OSINT checks that are more based on a domain/host should not be included inside the checks because Jok3r is designed to be oriented on testing services that have already been discovered by other means. There are still a lot of tools for performing and automating OSINT.

But at one moment, I was wondering about adding Shodan as a source for importing targets, like we can aready do with Nmap by running the command nmap in db. Maybe, adding a command shodan that would request Shodan to retrieve targets based on IP(s) or keywords might be a cool feature. I let that open as a possible enhancement !

[cyrinux]

I take this point, i try at least.

[cyrinux]

I got a first version working, command "shodan IP", i try do shodan_api_key option to store api_key in the database before opening PR. edit: I open the PR if you want give an eye. I don't know/understand yet how/where to store the api_key.

[cyrinux]

https://github.com/koutto/jok3r/pull/20