Package Documentation
Storm Package: synapse-shodan
The following Commands are available from this package. This documentation is generated for version 6.0.0 of the package.
Storm Commands
This package implements the following Storm Commands.
shodan.apiinfo
Display Shodan API info for the API key.
Endpoints:
/api-info : Returns information about the API plan belonging to the given API key.
Usage: shodan.apiinfo [options]
Options:
--help : Display the command usage.
--config <config> : Override the default config with the provided name.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.user
shodan.config.add
Add a Synapse-Shodan configuration.
The proxy argument can be set to one of the following values:
true: Use the Cortex configured proxy if set.
false: Do not use the Cortex configured proxy if set.
<str>: A proxy URL to use.
Examples:
// Add a global configuration
shodan.config.add default myapikey1234
// Add a configuration for the current user
shodan.config.add --scope self myconfig myapikey5678
Usage: shodan.config.add [options] <name> <apikey>
Options:
--help : Display the command usage.
--ssl-noverify : Do not perform SSL/TLS verification.
--proxy <proxy> : Configure the proxy usage. (default: True)
--tag-prefix <tag_prefix> : The tag prefix to use when recording data from Shodan. (default: rep.shodan)
--scope <scope> : Set the scope on the configuration. (default: global, choices: global, self, unscoped)
Arguments:
<name> : A unique name for the configuration.
<apikey> : The Shodan API key string.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.adminpower-ups.shodan.user
shodan.config.del
Delete a Synapse-Shodan configuration.
Examples:
// Delete the "myconfig" configuration
shodan.config.del myconfig
Usage: shodan.config.del [options] <name>
Options:
--help : Display the command usage.
Arguments:
<name> : The name of the configuration.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.adminpower-ups.shodan.user
shodan.config.list
Display the list of Synapse-Shodan configurations you have access to.
Usage: shodan.config.list [options]
Options:
--help : Display the command usage.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.adminpower-ups.shodan.user
shodan.config.migrate
Migrate options for all Synapse-Shodan configurations.
The proxy argument can be set to one of the following values:
true: Use the Cortex configured proxy if set.
false: Do not use the Cortex configured proxy if set.
<str>: A proxy URL to use.
Examples:
// Migrate the tag prefix for all configurations
shodan.config.migrate --tag-prefix my.tagpref
Usage: shodan.config.migrate [options]
Options:
--help : Display the command usage.
--ssl-verify <ssl_verify> : Set whether to verify the SSL certificate of the server. (default: None)
--proxy <proxy> : Configure the proxy usage. (default: None)
--tag-prefix <tag_prefix> : The tag prefix to use when recording data from Shodan. (default: None)
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.admin
shodan.config.show
Show the details of a configuration.
Examples:
// Show the in-use configuration for the current user
shodan.config.show
// Show a configuration by name
shodan.config.show myconfig
Usage: shodan.config.show [options] <name>
Options:
--help : Display the command usage.
Arguments:
[name] : The name of the configuration.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.adminpower-ups.shodan.user
shodan.config.update
Update the configuration of a defined Synapse-Shodan configuration.
The proxy argument can be set to one of the following values:
true: Use the Cortex configured proxy if set.
false: Do not use the Cortex configured proxy if set.
<str>: A proxy URL to use.
Examples:
// Set the permission level for user "myuser" to "admin" on the "myconfig"
// configuration
shodan.config.update myconfig --perm user myuser admin
// Set the permission level for the "all" role to "deny" on the
// "myconfig" configuration
shodan.config.update myconfig --perm role all deny
// Do not verify the SSL certificate when connecting to "myconfig"
shodan.config.update myconfig --ssl-verify (false)
// Change the name of the "myconfig" configuration to "otherconfig"
shodan.config.update myconfig --name otherconfig
Usage: shodan.config.update [options] <config>
Options:
--help : Display the command usage.
--apikey <apikey> : The Shodan API key string. (default: None)
--perm <perm> : Set the permission level for a user or role on this configuration.
Arguments to this option are ``scope``, ``name``, ``level``:
<scope>: The scope for the permission, either "user" or "role".
<name>: The user/role name depending on scope.
<level>: The $lib.auth.easyperm.level, or None to remove the permission.
(default: None)
--ssl-verify <ssl_verify> : Set whether to verify the SSL certificate of the server. (default: None)
--proxy <proxy> : Configure the proxy usage. (default: None)
--tag-prefix <tag_prefix> : The tag prefix to use when recording data from Shodan. (default: None)
--name <name> : Rename the configuration. (default: None)
Arguments:
<config> : The name of the configuration to modify.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.adminpower-ups.shodan.user
shodan.dns.domain
Use the Shodan API to enrich an inet:fqdn.
Costs 1 query per page. Each page contains 100 results.
Example
// Get dns records for the domain vertex.link and associated subdomains
inet:fqdn=vertex.link | shodan.dns.domain --yield
// Get subdomains for the domain vertex.link
inet:fqdn=vertex.link | shodan.dns.domain | -> inet:fqdn:zone
Endpoints:
/dns/domain/{domain} : Get all the subdomains and other DNS entries for the given domain.
Usage: shodan.dns.domain [options]
Options:
--help : Display the command usage.
--type <type> : The type of DNS records to return. (A MX NS TXT AAAA CNAME).
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node). (default: 100)
--yield : Yield the newly created inet:dns:* nodes.
--no-tags <no_tags> : Construct nodes but do not record tags returned by the Shodan API. (default: False)
--config <config> : Override the default config with the provided name.
Inputs:
inet:fqdn : inet:fqdn nodes
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.spendpower-ups.shodan.user
shodan.enrich
Enrich a node using the Shodan API to get additional context.
NOTE - If you are using a free API key, you will need to specify --no-history
Example
inet:ipv4=8.8.8.8 | shodan.enrich --asof now
Endpoints:
/shodan/host/{ipaddr} : Returns all services that have been found on the given host IP from the Shodan API.
Usage: shodan.enrich [options]
Options:
--help : Display the command usage.
--asof <asof> : Use cached results dating back this far. Use "--asof now" to disable. (default:
-30days)
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node). (default: 100)
--yield : Yield the newly created inet:flow nodes.
--no-tags : Construct nodes but do not record tags returned by the Shodan API.
--no-history : Do not request historical results.
--config <config> : Override the default config with the provided name.
Inputs:
inet:ipv4 : inet:ipv4 nodes
inet:ipv6 : inet:ipv6 nodes
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.user
shodan.search
Populate and link inet:flow nodes by ingesting the results of a Shodan search query.
Costs 1 query per page beyond the first page. Users attempting to query beyond
the first page must have the power-ups.shodan.spend permission. Each page
contains 100 results.
This command will also create an it:exec:query node to represent the
query syntax and link resulting inet:flow nodes to it via -(found)> edges.
Endpoints:
/shodan/host/search : Search Shodan using the same query syntax as the website and use facets to get summary
information for different properties.
Usage: shodan.search [options] <query>
Options:
--help : Display the command usage.
--size <size> : Limit the number of results ingested to the given size. (default: 100)
--debug : Show verbose debug output.
--yield : Yield the newly created inet:flow nodes.
--no-tags : Add nodes but do not record tags returned by the Shodan API.
--config <config> : Override the default config with the provided name.
Arguments:
<query> : A query string in Shodan search syntax.
The command is accessible to users with one or more of the following permissions:
power-ups.shodan.user
Storm Modules
This package does not export any Storm APIs.