n0x08 · February 25, 2021 11:19 · Jun 4, 2018 · Jun 4, 2018 · May 11, 2018 · May 11, 2018
diff --git a/shoGrey_ip.py b/shoGrey_ip.py
@@ -3,9 +3,9 @@
 #
 # Stupid simple IP lookup against Greynoise.io
 # Also looks up against Shodan and returns ports, tags, vulns
-# requires pygments, json, requests
+# requires json, requests, shodan
 #
-# Also requires Shodan Enterprise API key
+# Also requires Shodan API key
 #
 # Example: python3 shoGrey_ip.py 1.2.3.4
 #
@@ -14,7 +14,6 @@
 import requests
 import shodan
 
-
 headers = {'key': '[INSERT GREYNOISE API KEY HERE]'}
 SHODAN_API_KEY = "[INSERT SHODAN API HERE]"
 

diff --git a/shoGrey_ip.py b/shoGrey_ip.py
@@ -1,25 +1,25 @@
 # !/usr/bin/env python
-# gn_ip.py
+# shoGrey_ip.py
 #
 # Stupid simple IP lookup against Greynoise.io
 # Also looks up against Shodan and returns ports, tags, vulns
 # requires pygments, json, requests
 #
+# Also requires Shodan Enterprise API key
+#
 # Example: python3 shoGrey_ip.py 1.2.3.4
 #
 import sys
 import json
 import requests
 import shodan
-import pygments
-from pygments import highlight
-from pygments.lexers import YamlLexer
-from pygments.formatters import TerminalFormatter
+
 
 headers = {'key': '[INSERT GREYNOISE API KEY HERE]'}
 SHODAN_API_KEY = "[INSERT SHODAN API HERE]"
 
 api = shodan.Shodan(SHODAN_API_KEY)
+bots = {}
 
 ip = sys.argv[1]
 
@@ -34,8 +34,15 @@
     data['shodan_tags'] = tags
     data['vulns'] = vulns
     data['open_ports'] = ports
+    # Compare open Shodan ports against GN scan ports to find bots
+    for i in data['raw_data'].get('scan'):
+        if i['port'] in host['ports']:
+            key = i['port']
+            bots[key] = 'True'
+    data['bots'] = bots
+
 except:
     pass
 
-json_str = json.dumps(data, indent=4, sort_keys=True)
-print(highlight(json_str, YamlLexer(), TerminalFormatter()))
+json_str = json.dumps(data, indent=4, sort_keys=False)
+print(json_str)
diff --git a/shoGrey_ip.py b/shoGrey_ip.py
@@ -5,7 +5,7 @@
 # Also looks up against Shodan and returns ports, tags, vulns
 # requires pygments, json, requests
 #
-# Example: python3 gn_ip.py 1.2.3.4
+# Example: python3 shoGrey_ip.py 1.2.3.4
 #
 import sys
 import json

diff --git a/shoGrey_ip.py b/shoGrey_ip.py
@@ -0,0 +1,41 @@
+# !/usr/bin/env python
+# gn_ip.py
+#
+# Stupid simple IP lookup against Greynoise.io
+# Also looks up against Shodan and returns ports, tags, vulns
+# requires pygments, json, requests
+#
+# Example: python3 gn_ip.py 1.2.3.4
+#
+import sys
+import json
+import requests
+import shodan
+import pygments
+from pygments import highlight
+from pygments.lexers import YamlLexer
+from pygments.formatters import TerminalFormatter
+
+headers = {'key': '[INSERT GREYNOISE API KEY HERE]'}
+SHODAN_API_KEY = "[INSERT SHODAN API HERE]"
+
+api = shodan.Shodan(SHODAN_API_KEY)
+
+ip = sys.argv[1]
+
+gnr = requests.get('https://enterprise.api.greynoise.io/v2/noise/context/' + ip, headers = headers) #V2 IP API lookup
+data = gnr.json()
+
+try:
+    host = api.host(ip)
+    tags = host['tags']
+    vulns = host['vulns']
+    ports = host['ports']
+    data['shodan_tags'] = tags
+    data['vulns'] = vulns
+    data['open_ports'] = ports
+except:
+    pass
+
+json_str = json.dumps(data, indent=4, sort_keys=True)
+print(highlight(json_str, YamlLexer(), TerminalFormatter()))
No results found