search

matamorphosis / Scrummage

A Holistic OSINT and Threat Hunting Platform
GNU General Public License v3.0
502 stars 81 forks source link

Shodan search does not seem to work #20

Closed Joukahainen123 closed 3 years ago

Joukahainen123 commented 3 years ago

Shodan

For some reason the Shodan search does not seem to work. I can run it once, and after that the run button stays grey. Also there is no output in Scrummage/lib/static/protected/output folder at all.

I was not able to spot any obvious logs in relation to this.

matamorphosis commented 3 years ago

Hi,

So I have verified that the plugin is up to date and working, it also ensures you have an api key present. I'd recommend doing a manual test to check the api key is valid and not subject to daily-limits.

Joukahainen123 commented 3 years ago

I did renew the api key, and tested that it works with nmap. Key is working fine, and I can see the Nmap activity in Shodan dashboard, but when I run the Shodan task in Scrummage nothing happens. Actually there are logs that might be related. Task 7 is my Shodan task.

INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "POST /tasks/run/7 HTTP/1.1" 302 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "GET /tasks HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "GET /static/css/template.css HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "GET /static/js/main.js HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "GET /static/js/datatables.min.js HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:56] "GET /static/js/jquery-3.4.1.min.js HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:57] "GET /static/images/search_grey.png HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:57] "GET /static/images/sort_asc.png HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:21:57] "GET /static/images/sort_both.png HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:28:48] "GET /tasks HTTP/1.1" 302 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:28:48] "GET /nosession HTTP/1.1" 200 - INFO:werkzeug:192.168.1.105 - - [24/Dec/2020 13:28:48] "GET /static/css/template.css HTTP/1.1" 200 -

matamorphosis commented 3 years ago

Can you also confirm the exact type of search you're using as there are two kinds of searches as part of the Shodan plugin?

Joukahainen123 commented 3 years ago

Actually Shodan Search - Query works fine (I can see the activity in Shodan, and I will get results), but the Shodan Search - Domain does not seem to work.

I did try with very simple queries like google and google.com in order to verify is there is something wrong with my syntax or similar.

matamorphosis commented 3 years ago

Thanks,

I have identified and rectified the issue, as there was a translation issue between the core file and the plugin. The name of this search option has been updated to "Shodan Search - IP Address" in the process of fixing it. So please pull the latest changes, then edit your existing task changing the plugin name to the new format. Please note your query needs to be an IP address. I may consider adding a name resolution option but this will most likely be in the next release.

Cheers

Joukahainen123 commented 3 years ago

Closing as fixed.