fooock / jshodan Goto Github PK

Powerful Shodan API client using RxJava and Retrofit

License: MIT License

Java 100.00%

shodan rxjava android retrofit2 android-library android-development rest shodan-client exploits security

jshodan's Introduction

jShodan

Powerful Shodan client written using RxJava and Retrofit. You can integrate this client into existing apps or create new one. With this Shodan client you can:

Search Shodan
Exploit search
Streaming API to consume Shodan data in real time (in development)

Installation

If you use gradle add to your build.gradle

repositories {
    jcenter()
}

Also you can use maven central

repositories {
    mavenCentral()
}

And in your dependencies block add this line

compile 'com.fooock:jshodan:0.4.9'

or if you are using maven add to you pom.xml

<dependency>
  <groupId>com.fooock</groupId>
  <artifactId>jshodan</artifactId>
  <version>0.4.9</version>
  <type>pom</type>
</dependency>

Getting started

You need an API key to use this client. You can do this in Shodan.io

Rest API

ShodanRestApi api = new ShodanRestApi("your api key here");

A simple example of query Shodan with facet info. Note that executing this query consumes 1 query credit

api.hostSearch("port:8333", "bitcoin.ip:10,city:10")
    .subscribe(new DisposableObserver<HostReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(HostReport hostReport) {
            // result of the query
        }
});

The result of this, if success, is an object HostReport that contains all info.

int total = hostReport.getTotal();
List<Banner> banners = hostReport.getBanners();
FacetReport facet = hostReport.getFacet();

You can use other method calls from the rest API. See the ApiService class for a complete list.

Exploit API Use this API to search for exploits from multiple data sources like Exploit DB, Metasploit and CVE. The use of this API is very simply and similar to the previous

ShodanExploitApi api = new ShodanExploitApi("your api key here");

A simple example

api.search("ssl", "type")
    .subscribe(new DisposableObserver<ExploitReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(ExploitReport exploitReport) {
            // result of the query
        }
});

The result of this call, if success, is ExploitReport class that contains all info

Streaming API This API returns a real-time stream of data collected by Shodan.

ShodanStreamingApi api = new ShodanStreamingApi("your api key here");

Example to get all data that Shodan collects

api.banners()
    .subscribe(new DisposableObserver<BannerReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(BannerReport bannerReport) {
            // result of the query
        }
});

Note: To use the streaming API you need a Shodan subscription-based API plan. You can obtain it in Shodan pricing

Android support

If your plan is to create a new Android app using this, you need to add this dependency

compile 'io.reactivex.rxjava2:rxandroid:x.y.z'

Dependencies

RxJava2 for its reactive-functional API
Retrofit HTTP client for Android and Java
Gson Retrofit converter A converter wich uses Gson for serialization to and from JSON
RxJava2 adapter for Retrofit An adapter for rxJava2 types

Enjoy it!

Roadmap

Testing
Documentation
Better readme with more examples

jshodan's People

Contributors

Stargazers

Watchers

jshodan's Issues

Banner specification cpe can be string[]

The Shodan developer API documentation says for the banner specification that the cpe is a String, but can be string[]

In the test is used the ip: 175.140.232.150 with the hostByIp() method from the ShodanRestApi class

To resolve this i need to create a custom json parser

Expected long instead int in Host

Add SSL Properties to Banner class

Add certificate properties to include information such as when it was issued, the SSL extensions, the issuer, subject etc.

Update deprecated retrofit rx adapter

Remove blank spaces in API key

If the API key is String apiKey = "123456789 "

The result of calling any method is

retrofit2.adapter.rxjava.HttpException: HTTP 401 Unauthorized

Not able to call the APIs when running within a proxy

Tried calling ShodanApi.hostByIp(), but it seems like since my network is under proxy, it could not connect and timed out eventually. How to add proxy settings to the APIs ?

Timeout everytime

ShodanRestApi api = new ShodanRestApi("mykey");

        System.out.println("SHODAN");

        api.hostSearch("minecraft", "")//"bitcoin.ip:10,city:10")
                .subscribe(new DisposableObserver<HostReport>() {
                    @Override
                    public void onError(Throwable e) {
                        e.printStackTrace();
                    }

                    @Override
                    public void onComplete() {
                        // called when the request is completed
                    }

                    @Override
                    public void onNext(HostReport hostReport) {
                        int total = hostReport.getTotal();
                        List<Banner> banners = hostReport.getBanners();
                        FacetReport facet = hostReport.getFacet();

                        System.out.println("total: " + total);
                        System.out.println("banner 0 " + banners.get(0));
                    }
                });

I can not get a response...
java.net.SocketTimeoutException: timeout [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http2.Http2Stream$StreamTimeout.newTimeoutException(Http2Stream.java:593) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http2.Http2Stream$StreamTimeout.exitAndThrowIfTimedOut(Http2Stream.java:601) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http2.Http2Stream.takeResponseHeaders(Http2Stream.java:146) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http2.Http2Codec.readResponseHeaders(Http2Codec.java:120) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.java:75) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:45) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at okhttp3.RealCall.execute(RealCall.java:69) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at retrofit2.adapter.rxjava2.CallExecuteObservable.subscribeActual(CallExecuteObservable.java:41) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at io.reactivex.Observable.subscribe(Observable.java:11040) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at retrofit2.adapter.rxjava2.BodyObservable.subscribeActual(BodyObservable.java:34) [12:25:34] [main/INFO] (Minecraft) [STDERR]: at io.reactivex.Observable.subscribe(Observable.java:11040)

Missing gradle wrapper jar

You need to check in the gradle/wrapper/gradle-wrapper.jar file for gradlew to work correctly.