Package Documentation

Storm Package: synapse-shodan

The following Commands are available from this package. This documentation is generated for version 4.1.1 of the package.

Storm Commands

This package implements the following Storm Commands.

shodan.apiinfo

Display Shodan API info for the API key.


Usage: shodan.apiinfo [options]

Options:

  --help                      : Display the command usage.

shodan.dns.domain

Use the Shodan /dns/domain API endpoint to enrich an inet:fqdn.

Costs 1 query per page.  Each page contains 100 results.

Example

  inet:fqdn=vertex.link | shodan.dns.domain


Usage: shodan.dns.domain [options]

Options:

  --help                      : Display the command usage.
  --type <type>               : The type of DNS records to return. (A MX NS TXT AAAA CNAME).
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node). (default: 100)
  --yield                     : Yield the newly created inet:flow nodes.
  --no-tags <no_tags>         : Construct nodes but do not record tags returned by the Shodan API. (default: False)

shodan.enrich

Enrich a node using the Shodan API to get additional context.

NOTE - If you are using a free API key, you will need to specify --no-history

Example

  inet:ipv4=8.8.8.8 | shodan.enrich --asof now


Usage: shodan.enrich [options]

Options:

  --help                      : Display the command usage.
  --asof <asof>               : Use cached results dating back this far. Use "--asof now" to disable. (default: -30days)
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node). (default: 100)
  --yield                     : Yield the newly created inet:flow nodes.
  --no-tags                   : Construct nodes but do not record tags returned by the Shodan API.
  --no-history                : Do not request historical results.

shodan.setup.apikey

Manage the Shodan API key.

Examples

    // Set a global Shodan API key
    shodan.setup.apikey abcd1234

    // Set a Shodan API key for the current user
    shodan.setup.apikey --self abcd1234

    // Display the API key scope of the current key
    shodan.setup.apikey --show-scope

    // Display the current API key.
    shodan.setup.apikey --show-apikey

    // Remove the current global API key.
    shodan.setup.apikey --remove

    // Remove the per-user API key for the current user.
    shodan.setup.apikey --self --remove


Usage: shodan.setup.apikey [options] <apikey>

Options:

  --help                      : Display the command usage.
  --self                      : Set or remove the key as a user variable. If not used, the key is set globally.
  --show-scope                : Display the API key scope in use (global vs self).
  --show-apikey               : Display the API key value (requires admin perms or a "self" scope key.
  --remove                    : Remove the configured API key. May be used with --self.

Arguments:

  [apikey]                    : The Shodan API key string.

shodan.setup.tagprefix

Set the tag prefix used when recording shodan tags.
The default tag prefix is "rep.shodan" if not specified.

Any tags provided by a shodan API will be added within the given namespace.
For example, the shodan tag "foo" would result in "#rep.shodan.foo".  Any
characters incompatible with tag names are replaced with "_".


Usage: shodan.setup.tagprefix [options] <tagname>

Options:

  --help                      : Display the command usage.

Arguments:

  <tagname>                   : The tag prefix to use.

Storm Modules

This package does not export any Storm APIs.