{"id":37096517,"url":"https://github.com/kaansk/shomon","last_synced_at":"2026-01-14T11:52:48.153Z","repository":{"id":37721437,"uuid":"267926571","full_name":"kaansk/shomon","owner":"kaansk","description":"Shodan Monitoring integration for TheHive.","archived":false,"fork":false,"pushed_at":"2024-12-12T20:10:24.000Z","size":263,"stargazers_count":131,"open_issues_count":0,"forks_count":19,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-10-14T19:30:12.226Z","etag":null,"topics":["golang","incident-management","incident-response","incident-response-tooling","security","security-tools","shodan","thehive"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kaansk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"kaansk","ko_fi":"kaansk"}},"created_at":"2020-05-29T18:20:25.000Z","updated_at":"2025-07-10T20:21:39.000Z","dependencies_parsed_at":"2022-07-19T02:32:15.098Z","dependency_job_id":null,"html_url":"https://github.com/kaansk/shomon","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/kaansk/shomon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaansk%2Fshomon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaansk%2Fshomon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaansk%2Fshomon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaansk%2Fshomon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kaansk","download_url":"https://codeload.github.com/kaansk/shomon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaansk%2Fshomon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28419272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","incident-management","incident-response","incident-response-tooling","security","security-tools","shodan","thehive"],"created_at":"2026-01-14T11:52:47.566Z","updated_at":"2026-01-14T11:52:48.139Z","avatar_url":"https://github.com/kaansk.png","language":"Go","funding_links":["https://github.com/sponsors/kaansk","https://ko-fi.com/kaansk"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"images/logo.png\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://goreportcard.com/badge/github.com/KaanSK/shomon\" /\u003e\n  \u003cimg src=\"https://img.shields.io/github/downloads/kaansk/shomon/total?color=%233ABE25\u0026label=Release%20Downloads\" /\u003e\n  \u003cimg src=\"https://img.shields.io/docker/pulls/kaansk/shomon?color=%233ABE25\u0026label=DockerHub%20Pulls\" /\u003e\n\u003c/p\u003e\n\n\n\u003cp align=\"center\"\u003e\nShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!\n\u003c/p\u003e\n\n\n# Functionalities\n* Can be used as Webhook OR Stream listener\n    * Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public net\n    * Stream listener connects to Shodan and fetches/parses the alert stream\n* Utilizes [shadowscatcher/shodan](https://github.com/shadowscatcher/shodan) (fantastic work) for Shodan interaction.\n* Console logs are in JSON format and can be ingested by any other further log management tools\n* CI/CD via Github Actions ensures that a proper Release with changelogs, artifacts, images on ghcr and dockerhub will be provided\n* Provides a working [docker-compose file](docker-compose.yml) file for TheHive, dependencies\n* Super fast and Super mini in size\n* Complete code refactoring in v2.0 resulted in more modular, maintainable code\n* Via conf file or environment variables alert specifics including tags, type, alert-template can be dynamically adjusted. See [config file](conf.yaml).\n* Full banner can be included in Alert with direct link to Shodan Finding.\n\n    ![Alert example](images/alert.png)\n* IP is added to observables\n\n    ![Observable example](images/observable.png)\n\n# Usage\n* Parameters should be provided via ```conf.yaml``` or environment variables. Please see [config file](conf.yaml) and [docker-compose file](docker-compose.yml)\n* After conf or environment variables are set simply issue command: \n\n    `./shomon`\n\n## Notes\n* Alert reference is first 6 chars of md5(\"ip:port\")\n* Only 1 mod can be active at a time. Webhook and Stream listener can not be activated together.\n\n# Setup \u0026 Compile Instructions\n## Get latest compiled binary from releases\n1. Check [Releases](https://github.com/KaanSK/shomon/releases/latest)  section.\n\n## Compile from source code\n1. Make sure that you have a working Golang workspace.\n2. `go build .`\n    * `go build -ldflags=\"-s -w\" .` could be used to customize compilation and produce smaller binary.\n\n## Using Public Container Registries\n1. Thanks to new CI/CD integration, latest versions of built images are pushed to ghcr, DockerHub and can be utilized via:\n    * `docker pull ghcr.io/kaansk/shomon`\n    * `docker pull kaansk/shomon`\n\n## Using [Dockerfile](Dockerfile)\n1. Edit [config file](conf.yaml) or provide environment variables to commands bellow\n2. `docker build -t shomon .`\n3. `docker run -it shomon`\n\n## Using [docker-compose file](docker-compose.yml)\n1. Edit environment variables and configurations in [docker-compose file](docker-compose.yml)\n2. `docker-compose run -d`\n\n# Credits\n* Logo Made via LogoMakr.com\n* [shadowscatcher/shodan](https://github.com/shadowscatcher/shodan) \n* [Dockerfile Reference](https://www.cloudreach.com/en/resources/blog/cts-build-golang-dockerfiles/) \n* Release management with [GoReleaser](https://goreleaser.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaansk%2Fshomon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaansk%2Fshomon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaansk%2Fshomon/lists"}