A customizable, easy-to-navigate instrument for researching, pen testing, and protective with the power of Shodan.
With ShonyDanza, you are able to:
- Obtain IPs in line with search requirements
- Routinely exclude honeypots from the results in line with your pre-configured thresholds
- Pre-configure all IP searches to filter in your specified web range(s)
- Pre-configure search limits
- Use build-a-search to craft searches with easy development blocks
- Use stock searches and pre-configure your personal stock searches
- Check out if IPs are known malware C2s
- Get host and house profiles
- Scan on-demand
- To find exploits
- Get basic counts for searches and exploits
- Routinely save exploit code, IP lists, host profiles, house profiles, and scan results to directories inside of ShonyDanza
Arrange
git clone https://github.com/fierceoj/ShonyDanza.git
Must haves
cd ShonyDanza
pip3 arrange -r must haves.txt
Usage
Edit config.py to include your desired configurations
cd configs
sudo nano config.py
#config file for shonydanza searches#REQUIRED
#maximum collection of results that may be returned consistent with search
#default is 100
SEARCH_LIMIT = 100
#REQUIRED
#IPs exceeding the honeyscore restrict isn't going to show up in IP results
#scale is 0.0 to at least one.0
#modify to desired likelihood to restrict results via threshold, or keep at 1.0 to include all results
HONEYSCORE_LIMIT = 1.0
#REQUIRED - no less than one key: value pair
#add a shodan dork to the dictionary underneath as a way to upload it in your shonydanza stock searches menu
#see https://github.com/jakejarvis/awesome-shodan-queries for a super provide of queries
#check into "vuln:" filter if in case you have Small Business Plan or higher (e.g., vuln:cve-2019-11510)
STOCK_SEARCHES = {
'ANONYMOUS_FTP':'ftp anonymous good enough',
'RDP':'port:3389 has_screenshot:true',
'OPEN_TELNET':'port:23 console gateway -password',
'APACHE_DIR_LIST':'http.title:"Index of / "',
'SPRING_BOOT':'http.favicon.hash:116323821',
'HP_PRINTERS':'"Serial Amount:" "Built:" "Server: HP HTTP"',
'DOCKER_API':'"Docker Bins:" port:2375',
'ANDROID_ROOT_BRIDGE':'"Android Debug Bridge" "Software" port:5555',
'MONGO_EXPRESS_GUI':'"Set-Cookie: mongo-express=" "200 OK"',
'CVE-2019-11510_PULSE_VPN':'http.html:/dana-na/',
'CVE-2019-19781_CITRIX_NETSCALER':'http.waf:"Citrix NetScaler"',
'CVE-2020-5902_F5_BIGIP':'http.favicon.hash:-335242539 "3992"',
'CVE-2020-3452_CISCO_ASA_FTD':'200 "Set-Cookie: webvpn;"'
}
#OPTIONAL
#IP or cidr range constraint for searches that return checklist of IP addresses
#use comma-separated checklist to designate a few (e.g. 1.1.1.1,2.2.0.0/16,3.3.3.3,3.3.3.4)
#NET_RANGE = '0.0.0.0/0'
Run
cd ../
python3 shonydanza.py
See this how-to article for added usage instruction.
Jail Disclaimer
This enterprise is made for tutorial and ethical testing purposes best possible. Usage of ShonyDanza for attacking targets without prior mutual consent is prohibited. It is the end client’s accountability to obey all suitable local, state and federal regulations. Developers assume no felony accountability and are not accountable for any misuse or hurt resulted in via this program.