Changelog

Synapse-Shodan Changelog

v5.4.2 - 2025-05-16

Bugfixes

  • Fixed an unhandled error when Shodan returned an unsuccessful response to a queried IP address or domain name.

v5.4.1 - 2025-05-02

Bugfixes

  • Refactored the shodan.enrich, shodan.search, and shodan.dns.domain commands to better handle JSON errors from the Shodan API.

v5.4.0 - 2025-03-07

Features and Enhancements

  • Added new endpoints section in command help to document the endpoints used by each command, accessible via the --help flag.

  • Updated shodan.search to populate the it:exec:query:synuser property.

v5.3.0 - 2025-02-21

Features and Enhancements

  • Updated flow ingest logic to capture :latlong and :loc properties for flow destination addresses.

v5.2.0 - 2025-01-17

Features and Enhancements

  • Updated deprecated $lib.list() usage to JSON style syntax.

v5.1.0 - 2024-11-01

Automatic Migrations

  • Attempt to automatically repair any invalid it:sec:cpe nodes that were removed and queued as part of the Synapse v2.187.0 model migration. This migration will attempt to automatically repair any queued nodes that have a source of Synapse-Shodan (via the Synapse-Shodan meta:source -(seen)> edge to a linked inet:flow node). Note that some it:sec:cpe nodes that were removed may not be able to be automatically repaired/restored, in which case they will remain in the migration queue.

v5.0.1 - 2024-10-29

Automatic Migrations

  • Remove all previously migrated inet:ssl:cert nodes created by Synapse-Shodan that should have been removed in the v5.0.0 migration.

v5.0.0 - 2024-09-04

Automatic Migrations

  • Migrate all inet:ssl:cert created by Synapse-Shodan to inet:tls:servercert nodes. The migrated inet:ssl:cert nodes are removed by this migration.

  • Migrate all -(has)> risk:vuln edges created by Synapse-Shodan to use the modern risk:vulnerable nodes. The -(has)> edges are removed by this migration.

Features and Enhancements

  • Update Power-Up to make inet:tls:servercert nodes instead of deprecated inet:ssl:cert nodes.

  • Update Power-Up to use risk:vulnerable nodes instead of using the deprecated -(has)> risk:vuln convention.

Bugfixes

  • Update the Synapse-Shodan meta:source node to remove the v3 identifier from the :name property.

v4.2.0 - 2024-04-01

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

  • Update risk:vuln node generation to deconflict on the :reporter:name property.

v4.1.1 - 2024-02-20

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v4.1.0 - 2023-11-16

Features and Enhancements

  • Add an Optic node action to enrich FQDNs using the shodan.dns.domain command.

v4.0.0 - 2023-06-21

Features and Enhancements

  • Extract subdomains field as inet:fqdn nodes.

  • Extract domains field as inet:dns:a or inet:dns:aaaa nodes.

  • Extract hostnames field as inet:dns:rev or inet:dns:rev6 nodes.

  • Extract file:bytes nodes from certificates in the ssl.chains field.

  • Extract cpe23 fields into inet:flow:dst:cpes

  • Extract vulns field to risk:vuln nodes.

  • Link risk:vuln nodes to inet:server and inet:flow nodes using -(has)> edges.

  • Tag inet:server and inet:flow nodes with rep.shodan.cve_YYYY_XXXXX tags.

  • Extract HTTP favicon data as an inet:urlfile node.

  • Optimize retrieval for very short cursor lifespan.

  • Integrate synapse-fileparser for parsing extracted files.

Bugfixes

  • Only cache responses which include HTTP code 200.

  • Remove caching of paginated API results due to cursor incompatibility.

  • Remove cached data from paginated API results to stay tidy.

Updating from 3.x.x

  • The shodan.search command no longer has an --asof option.

  • The shodan.dns.domain command no longer has an --asof option.

  • The shodan.search() API arguments have been updated.

  • The shodan.getDnsDomain() API arguments have been updated.

v3.6.0 - 2023-03-22

Features and Enhancements

  • Update Power-Up to build with code signing.

v3.5.0 - 2023-01-05

Features and Enhancements

  • Added support for ingesting inet:ssl:jarmsample nodes for shodan flows.

  • Retry API requests on HTTP response codes > 500.

v3.4.0 - 2022-09-02

Features and Enhancements

  • Update the crypto:x509:certificate:serial behavior to reflect the modeling change in Synapse v2.104.0.

  • Update shodan.search to use it:exec:query nodes.

  • Update warning message to include the name of the missing permission (power-ups.shodan.spend) for users attempting to spend credits.

  • Populate the :server property on inet:http:request nodes created by shodan.search and shodan.enrich.

v3.3.0 - 2022-05-17

Features and Enhancements

  • Cached API responses are now stored in the JsonStor instead of in nodedata.

Bugfixes

  • Fix a possible BadTypeValu exception when making crypto:x509 nodes with the shodan.enrich command.

  • Add the :time secondary property when making inet:search:query nodes to track Shodan searches.

v3.2.1 - 2022-01-10

Bugfixes

  • Fix an issue with getting host history.

v3.2.0 - 2021-12-30

Features and Enhancements

  • Add --no-history option to shodan.enrich to request only recent data. This option must be used if you are using a free API key.

  • Add --remove option to shodan.setup.apikey to allow API keys to be unset.

  • Add --show-scope option to shodan.setup.apikey to display the current API key scope.

  • Add --show-apikey option to shodan.setup.apikey to display the current API key if permissions allow.

Bugfixes

  • Properly handle Shodan backend timeouts with the shodan.enrich command. This now retries a request without pulling down the IP address history.

v3.1.2 - 2021-12-16

Bugfixes

  • Add .seen property to inet:banner nodes and add a seen light edge connecting them to the Synapse-Shodan meta:source node.

  • Fix double word usage in the userguide doc.

v3.1.1 - 2021-11-10

Bugfixes

  • Fix a possible BadTypeValu exception when making crypto:x509 nodes with the shodan.enrich command.

v3.1.0 - 2021-11-03

Features and Enhancements

  • Always specify history=True to hosts API endpoint.

  • Capture server handshake as inet:flow:dst:handshake

  • Parse and ingest inet:http:request and inet:http:header nodes for each HTTP flow.

v3.0.1 - 2021-10-27

Bugfixes

  • Fix an issue with the shodan.dns.domain Storm command.

v3.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-Shodan v3.0.0

Updating from 2.x.x

The previous 2.x.x version of synapse-shodan was distributed as a storm-service using a Docker container. This service must be removed from the Cortex prior to updating.

See the Admin Guide for details on setting up the API key and user permissions.