Note

shef is a minimal tool for bringing facets into your terminal without any API key.

• _{supports All kind of shodan query (those which only supported on facet)}
• _{extracts multiple facets (Use -list flag to see all facet types)}
• _{rotates random User-Agent}
• _{clean and pipe friendly output}

Installation

go install github.com/1hehaq/shef@latest

setup autocomletion for facet names

echo -e "complete -W '\$(shef -list)' shef" >> ~/.bashrc && source ~/.bashrc

• _{then try this}

  shef -q nginx -f <TAB>

  shef -q nginx -f http.<TAB>

Flags

  -q    : search query (required)
  -f    : facet type (default: ip)
  -list : list all facet types
  -json : stdout in JSON format
  -h    : show help message

Example Commands

# get specific target's IPs and take web screenshots then view the images in terminal
shef -q org:tesla -f ip | sed 's/^/http:\/\//' | klik && yazi screenshots

klik yazi

# get related/own domains of the query, sometime it exposes internal portals (they shouldn't be same root domain)
shef -q hackerone.com -f domain # chain it with amass for getting more wide attack surfaces

# same for ports
shef -q hackerone.com -f port

# gets asn number(s) of the query then asn lookup with asnmap
asnmap -asn $(shef -q hackerone.com -f asn) # loop it if multiple asn numbers gets as shef's result

asnmap

# gets relative domains and probe {title, IP, status code} then filter non 403 only (sometime, it shows real IPs, non WAF areas)
shef -q hackerone -f domain | httpx -sc -ip -title -silent | grep -vE '403|Cloudflare|Access Denied|Not Allowed'

httpx

# find known vulnerabilities of a product
shef -q "product:jboss" -f vuln

• If you see no results or errors
  • _{verfiy your query}
  • _{check your internet connection}
  • _{use -h for guidance}

Caution

never use shef for any illegal activites, I'm not responsible for your deeds with it. Do for justice.

kindly for hackers