Open Source Intelligence Gathering
Grabbing Exploitation points from OSINT
A series of scripts to gather vulnerabilities from publicy facing assets
This is under construction but the basics are here:
~/nuclei-templates/grep -rn shodan | tee OSINT_Metric1.txt
Creates a list like this:
CVE-2023-31465.yaml:24: shodan-query: http.favicon.hash:2134367771
CVE-2010-0219.yaml:30: shodan-query: http.html:"Apache Axis"
CVE-2017-14135.yaml:29: shodan-query: title:"Dreambox WebControl"
docker-daemon-exposed.yaml:12: shodan-query: port:2375 product:"docker"
CVE-2016-6195.yaml:32: shodan-query: title:"Powered By vBulletin"
CVE-2017-17731.yaml:30: shodan-query: http.html:"DedeCms"
CVE-2017-7925.yaml:29: shodan-query: http.favicon.hash:2019488876
CVE-2017-9791.yaml:32: shodan-query: title:"Struts2 Showcase"
fortiportal-log4j-rce.yaml:18: shodan-query: html:"FortiPortal"
CVE-2022-39952.yaml:30: shodan-query: title:"FortiNAC"
CVE-2019-16759.yaml:30: shodan-query: http.component:"vBulletin"
CVE-2022-22954.yaml:30: shodan-query: http.favicon.hash:-1250474341
CVE-2021-36260.yaml:30: shodan-query: http.favicon.hash:999357577
#!/bin/bash
while IFS= read -r line
do
yaml=$(echo "$line" | cut -d ':' -f1)
echo $yaml
query=$(echo $line | cut -d ':' -f4,5,6,7,8)
echo $query
shodan=$(echo "$query" | sed 's|:|%3A|g' | sed 's| |%20|g')
echo $shodan
curl -X GET "https://api.shodan.io/shodan/host/search?key=(YOURKEY)&query=$shodan+country%3A"US"" | jq | tee ../thing2/$yaml.json
cat ../thing2/$yaml.json | jq | grep ip_str | cut -d '"' -f4 | httprobe | nuclei -t $yaml -nc -j| tee -a ../vulnerable.json
sleep 30
done < OSINT_Metric1.txt