Package Documentation
Storm Package: synapse-shodan
The following Commands are available from this package. This documentation is generated for version 5.1.0 of the package.
Storm Commands
This package implements the following Storm Commands.
shodan.apiinfo
Display Shodan API info for the API key.
Usage: shodan.apiinfo [options]
Options:
--help : Display the command usage.
shodan.dns.domain
Use the Shodan /dns/domain API endpoint to enrich an inet:fqdn.
Costs 1 query per page. Each page contains 100 results.
Example
inet:fqdn=vertex.link | shodan.dns.domain
Usage: shodan.dns.domain [options]
Options:
--help : Display the command usage.
--type <type> : The type of DNS records to return. (A MX NS TXT AAAA CNAME).
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node). (default: 100)
--yield : Yield the newly created inet:flow nodes.
--no-tags <no_tags> : Construct nodes but do not record tags returned by the Shodan API. (default: False)
shodan.enrich
Enrich a node using the Shodan API to get additional context.
NOTE - If you are using a free API key, you will need to specify --no-history
Example
inet:ipv4=8.8.8.8 | shodan.enrich --asof now
Usage: shodan.enrich [options]
Options:
--help : Display the command usage.
--asof <asof> : Use cached results dating back this far. Use "--asof now" to disable. (default:
-30days)
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node). (default: 100)
--yield : Yield the newly created inet:flow nodes.
--no-tags : Construct nodes but do not record tags returned by the Shodan API.
--no-history : Do not request historical results.
shodan.search
Populate and link inet:flow nodes by ingesting the results of a Shodan search query.
Costs 1 query per page beyond the first page. Users attempting to query beyond
the first page must have the power-ups.shodan.spend permission. Each page
contains 100 results.
This command will also create an it:exec:query node to represent the
query syntax and link resulting inet:flow nodes to it via -(found)> edges.
Usage: shodan.search [options] <query>
Options:
--help : Display the command usage.
--size <size> : Limit the number of results ingested to the given size. (default: 100)
--debug : Show verbose debug output.
--yield : Yield the newly created inet:flow nodes.
--no-tags : Add nodes but do not record tags returned by the Shodan API.
Arguments:
<query> : A query string in Shodan search syntax.
shodan.setup.apikey
Manage the Shodan API key.
Examples
// Set a global Shodan API key
shodan.setup.apikey abcd1234
// Set a Shodan API key for the current user
shodan.setup.apikey --self abcd1234
// Display the API key scope of the current key
shodan.setup.apikey --show-scope
// Display the current API key.
shodan.setup.apikey --show-apikey
// Remove the current global API key.
shodan.setup.apikey --remove
// Remove the per-user API key for the current user.
shodan.setup.apikey --self --remove
Usage: shodan.setup.apikey [options] <apikey>
Options:
--help : Display the command usage.
--self : Set or remove the key as a user variable. If not used, the key is set globally.
--show-scope : Display the API key scope in use (global vs self).
--show-apikey : Display the API key value (requires admin perms or a "self" scope key.
--remove : Remove the configured API key. May be used with --self.
Arguments:
[apikey] : The Shodan API key string.
shodan.setup.tagprefix
Set the tag prefix used when recording shodan tags.
The default tag prefix is "rep.shodan" if not specified.
Any tags provided by a shodan API will be added within the given namespace.
For example, the shodan tag "foo" would result in "#rep.shodan.foo". Any
characters incompatible with tag names are replaced with "_".
Usage: shodan.setup.tagprefix [options] <tagname>
Options:
--help : Display the command usage.
Arguments:
<tagname> : The tag prefix to use.
Storm Modules
This package does not export any Storm APIs.