File tree Expand file tree Collapse file tree 3 files changed +74
-0
lines changed
intelmq/bots/collectors/shodan Expand file tree Collapse file tree 3 files changed +74
-0
lines changed Original file line number Diff line number Diff line change @@ -24,6 +24,7 @@ Please refer to the [NEWS](NEWS.md) for a list of changes which have an affect o
2424
2525### Bots
2626#### Collectors
27+ - ` intelmq.bots.collectors.shodan.collector_alert ` : Added a new collector to query the Shodan Alert API (PR #2618
2728
2829#### Parsers
2930
Original file line number Diff line number Diff line change @@ -1004,6 +1004,10 @@ Requires the shodan library to be installed:
10041004
10051005Only the proxy is used (requires ` shodan-python > 1.8.1 ` ). Certificate is always verified.
10061006
1007+ ** ` api_key ` **
1008+
1009+ Your Shodan API Key.
1010+
10071011** ` countries ` **
10081012
10091013() A list of countries to query for. If it is a string, it will be spit by ` , ` .
@@ -1021,6 +1025,30 @@ applies, if not null.
10211025
10221026---
10231027
1028+ ### Shodan Alert <div id =" intelmq.bots.collectors.shodan.collector_alert " />
1029+
1030+ Queries the Shodan Alert Streaming API.
1031+
1032+ Configure Alerts in the Shodan Interface (Website or CLI tool), then receive the data on the alerts via the Streaming service.
1033+
1034+ Requires the shodan library to be installed:
1035+
1036+ - < https://github.com/achillean/shodan-python/ >
1037+
1038+ - < https://pypi.org/project/shodan/ >
1039+
1040+ ** Module:** ` intelmq.bots.collectors.shodan.collector_alert `
1041+
1042+ ** Parameters (also expects [ feed parameters] ( #feed-parameters ) and [ HTTP parameters] ( #http-parameters ) ):**
1043+
1044+ Of the generic HTTP parameters, only the proxy is used (requires ` shodan-python > 1.8.1 ` ). The API endpoint certificate is always verified.
1045+
1046+ ** ` api_key ` **
1047+
1048+ Your Shodan API Key.
1049+
1050+ ---
1051+
10241052### TCP <div id =" intelmq.bots.collectors.tcp.collector " />
10251053
10261054TCP is the bot responsible to receive events on a TCP port (ex: from TCP Output of another IntelMQ instance). Might not
Original file line number Diff line number Diff line change 1+ """
2+ SPDX-FileCopyrightText: 2025 Institute for Common Good Technology & Malawi CERT
3+ SPDX-License-Identifier: AGPL-3.0-or-later
4+ """
5+
6+ from intelmq .lib .bot import CollectorBot
7+
8+ from json import dumps as json_dumps
9+ from typing import Optional
10+
11+ try :
12+ from shodan import Shodan
13+ except ImportError :
14+ shodan = None
15+
16+
17+ class ShodanAlertCollector (CollectorBot ):
18+ """
19+ Stream Listener for Shodan Alerts
20+ """
21+
22+ api_key : Optional [str ] = None
23+
24+ def init (self ):
25+ if shodan is None :
26+ raise ValueError ("Library 'shodan' is needed but not installed." )
27+
28+ self .set_request_parameters ()
29+ if tuple (int (v ) for v in pkg_resources .get_distribution ("shodan" ).version .split ('.' )) <= (1 , 8 , 1 ):
30+ if self .proxy :
31+ raise ValueError ('Proxies are given but shodan-python > 1.8.1 is needed for proxy support.' )
32+ else :
33+ self .api = shodan .Shodan (self .api_key )
34+ else :
35+ self .api = shodan .Shodan (self .api_key ,
36+ proxies = self .proxy )
37+
38+ def process (self ):
39+ for alert in self .api .stream .alert ():
40+ report = self .new_report ()
41+ report ['raw' ] = json_dumps (alert )
42+ self .send_message (report )
43+
44+
45+ BOT = ShodanAlertCollector
You can’t perform that action at this time.
0 commit comments