|
3 | 3 |
|
4 | 4 | from operator import itemgetter
|
5 | 5 | from shodan.cli.helpers import get_api_key
|
| 6 | +from time import sleep |
6 | 7 |
|
7 | 8 |
|
8 | 9 | @click.group()
|
@@ -46,6 +47,35 @@ def alert_create(name, netblocks):
|
46 | 47 | click.secho('Alert ID: {}'.format(alert['id']), fg='cyan')
|
47 | 48 |
|
48 | 49 |
|
| 50 | +@alert.command(name='domain') |
| 51 | +@click.argument('domain', metavar='<domain>', type=str) |
| 52 | +@click.option('--triggers', help='List of triggers to enable', default='malware,industrial_control_system,internet_scanner,iot,open_database,new_service,ssl_expired,vulnerable') |
| 53 | +def alert_domain(domain, triggers): |
| 54 | + """Create a network alert based on a domain name""" |
| 55 | + key = get_api_key() |
| 56 | + |
| 57 | + api = shodan.Shodan(key) |
| 58 | + try: |
| 59 | + # Grab a list of IPs for the domain |
| 60 | + domain = domain.lower() |
| 61 | + click.secho('Looking up domain information...', dim=True) |
| 62 | + info = api.dns.domain_info(domain, type='A') |
| 63 | + domain_ips = set([record['value'] for record in info['data']]) |
| 64 | + |
| 65 | + # Create the actual alert |
| 66 | + click.secho('Creating alert...', dim=True) |
| 67 | + alert = api.create_alert('__domain: {}'.format(domain), list(domain_ips)) |
| 68 | + |
| 69 | + # Enable the triggers so it starts getting managed by Shodan Monitor |
| 70 | + click.secho('Enabling triggers...', dim=True) |
| 71 | + api.enable_alert_trigger(alert['id'], triggers) |
| 72 | + except shodan.APIError as e: |
| 73 | + raise click.ClickException(e.value) |
| 74 | + |
| 75 | + click.secho('Successfully created domain alert!', fg='green') |
| 76 | + click.secho('Alert ID: {}'.format(alert['id']), fg='cyan') |
| 77 | + |
| 78 | + |
49 | 79 | @alert.command(name='info')
|
50 | 80 | @click.argument('alert', metavar='<alert id>')
|
51 | 81 | def alert_info(alert):
|
|
0 commit comments