Shodan-RPi

This script can be used to quickly test out a SSH key or a credential pair on several hosts.

By default it uses the Shodan API to search for Raspbian devices running an SSH server, and tries to SSH into them by using the default credentials pi:raspberry.

Requirements

• paramiko (the SSH client)
• shodan (the API client)
• colorama (the colored output module)

...which can be installed by running pip3 install -r requirements.txt on Linux and python3 -m pip install -r requirements.txt on Windows.

Usage

usage: shodan_raspi.py [-h] [-i FILE] [-indefinite] [-k KEY]
                       [-paramiko-log FILE] [-o FILE] [-u U] [-p P] [-t T]
                       [-debug] [-query-string SSTRING] [-ssh-key KEY]
                       [-c CMD] [-limit RESULTS] [-enable-multiproc]

optional arguments:
  -h, --help            show this help message and exit
  -i FILE               List of IPs
  -indefinite           Run indefinitely, restarting once the scan is finished
  -k KEY                Use KEY as the Shodan API key
  -paramiko-log FILE    Log Paramiko SSH's progress to FILE
  -o FILE               Output successful IPs to FILE
  -u U                  Use alternate username
  -p P                  Use alternate password
  -t T                  Threads for multiprocessing
  -debug                Show debug information
  -query-string SSTRING
                        Use SSTRING as the Shodan query string
  -ssh-key KEY          Try auth with KEY as SSH key
  -c CMD                Run CMD after a successful connection
  -limit RESULTS        Maximum number of results to get from Shodan (default
                        100)
  -enable-multiproc     Enable multiprocessing support (ALPHA/UNSTABLE)

Additionally, the script can be edited (specifically the variable api_key) to not require an API key in the arguments.

By default, the script will poll Shodan for results and write the IPs into a list, trying them until it reaches the end.

Bugs

GENERAL: Running with -indefinite resets the successful and total tries counters on every loop.

MULTIPROCESSING: No counters are updated in multiprocessing mode

MULTIPROCESSING: Multiprocessing will not work in some environments like Termux (This platform lacks a functioning sem_open implementation.)

MULTIPROCESSING: Incomplete error handling

GENERAL: Sometimes, even if authentication is successful, command execution will not work on some devices - for example Cisco gear - due to the way shells are implemented in these systems.

Example

(The sequence above doesn't include the process of getting results from Shodan, which may take a while, but instead reads from a pre-generated list of IPs to make the recording shorter.)