Shodan API ========== You can save your Shodan API Key (https://www.shodan.io) to use it with Habu. API Key Configuration --------------------- The configuration it's really simple. Use the following command with your API Key: :: $ habu.config.set SHODAN_APIKEY put-here-your-shodan-api-key Usage ----- The command habu.shodan allows you to query for a specific IP address, like this: :: $ habu.shodan 216.58.222.36 asn AS15169 isp Google hostnames eze04s06-in-f4.1e100.net, gru09s17-in-f36.1e100.net country_code US region_code CA city Mountain View org Google open_ports tcp/443, tcp/80 It supports four output formats: txt (default), csv, json and nmap (will be shown below). The JSON output prints the whole Shodan API response. The CSV output it's good to process with other tools/script or save to a database. Cache ----- By default, the command uses a requests cache, to no send repeated queries to the Shodan API. If you want to disable the cache, use the option '--no-cache'. Scan Open Ports with Nmap ------------------------- If you want to use Nmap to scan only the ports that Shodan sees has open, you can use the 'nmap' output format as the port specification, like this: :: $ nmap -v -p $(habu.shodan --format nmap 216.58.222.36) 216.58.222.36 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-13 23:33 -03 Initiating Ping Scan at 23:33 Scanning 216.58.222.36 [2 ports] Completed Ping Scan at 23:33, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 23:33 Completed Parallel DNS resolution of 1 host. at 23:33, 0.01s elapsed Initiating Connect Scan at 23:33 Scanning eze04s06-in-f4.1e100.net (216.58.222.36) [2 ports] Discovered open port 443/tcp on 216.58.222.36 Discovered open port 80/tcp on 216.58.222.36 Completed Connect Scan at 23:33, 0.04s elapsed (2 total ports) Nmap scan report for eze04s06-in-f4.1e100.net (216.58.222.36) Host is up (0.020s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds **Note:** Obviously, you can customize the Nmap options. For example, to detect operating systems and service versions.