https://github.com/mathis2001/showldan

Recon tool using shodan API to automate shodan information gathering process and find juicy stuff during bug hunting.
https://github.com/mathis2001/showldan

bug-bounty information-gathering pentest pentesting recon reconnaissance shodan shodan-api shodan-python

Last synced: 10 months ago
JSON representation

Recon tool using shodan API to automate shodan information gathering process and find juicy stuff during bug hunting.

• Host: GitHub
• URL: https://github.com/mathis2001/showldan
• Owner: mathis2001
• Created: 2023-03-01T13:24:42.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-02-20T10:47:38.000Z (almost 2 years ago)
• Last Synced: 2024-02-20T11:53:30.438Z (almost 2 years ago)
• Topics: bug-bounty, information-gathering, pentest, pentesting, recon, reconnaissance, shodan, shodan-api, shodan-python
• Language: Python
• Homepage:
• Size: 37.1 KB
• Stars: 6
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Showldan

Reconnaissance tool using shodan API automating shodan information gathering process to find juicy stuff during bug hunting. 

## Prerequisites:

- shodan

- argparse

## Install:

```bash

$ git clone https://github.com/mathis2001/Showldan

$ cd Showldan

$ python3 showldan.py

```

## Usage:

To use this tool, you'll have to get your shodan.io api key at https://account.shodan.io/ and put it in your variable environment under the name "SHODAN".

Then, you can use the tool as follow:

```bash

#Search by domain name

python3 showldan.py -t  [-s] [-p] [-i] [-d]

#Search by organization name

python3 showldan.py -O -t  [-s] [-p] [-i] [-d]

#Search by domain name or organization name without prefix tag like "hostname:", "ssl:" or "org:"

python3 showldan.py -n -t  [-s] [-p] [-i] [-d]

```

## Options:

```bash

  -h, --help                      show this help message and exit

  

  -t, --target                    Target domain/organization 

  

  -O, --organization              Search by organization name

  

  -n, --no-prefixtag              Search without prefix tag before target

  

  -s, --exposed-services          Search for exposed services

  

  -p, --default-pass              Search for default credentials

  

  -i, --info-disclosure           Search for information disclosure

  

  -d, --domain-takeover           Search for domain takeover

  

  -l, --limit                     Limit of responses fetched

```

## Screenshots:

![image](https://user-images.githubusercontent.com/40497633/222399394-0bde1a6b-bba3-4428-a888-c6b6530a9f76.png)

![image](https://user-images.githubusercontent.com/40497633/222180857-9419ca55-7491-4b16-bad5-146301a8f222.png)

![image](https://user-images.githubusercontent.com/40497633/222180918-64c81e76-5b5c-4506-a438-5e3b1408b651.png)

![image](https://user-images.githubusercontent.com/40497633/222398700-ad36b25f-606a-4c14-bfc3-e37bb0583118.png)