projectdiscovery · Ice3man543 · Jun 21, 2018 · Jun 6, 2018 · Jun 20, 2018 · Jun 20, 2018
diff --git a/libsubfinder/engines/passive/passive.go b/libsubfinder/engines/passive/passive.go
@@ -46,6 +46,7 @@ import (
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/ptrarchive"
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/riddler"
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/securitytrails"
+	"github.com/Ice3man543/subfinder/libsubfinder/sources/shodan"
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/sitedossier"
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/threatcrowd"
 	"github.com/Ice3man543/subfinder/libsubfinder/sources/threatminer"
@@ -87,6 +88,7 @@ type Source struct {
 	Yahoo                   bool
 	Dogpile                 bool
 	Exalead                 bool
+	Shodan                  bool
 }
 
 func (s *Source) enableAll() {
@@ -117,6 +119,7 @@ func (s *Source) enableAll() {
 	s.Yahoo = true
 	s.Dogpile = true
 	s.Exalead = true
+	s.Shodan = true
 }
 
 func (s *Source) enable(dataSources []string) {
@@ -176,6 +179,8 @@ func (s *Source) enable(dataSources []string) {
 			s.Dogpile = true
 		case "exalead":
 			s.Exalead = true
+		case "shodan":
+			s.Shodan = true
 		}
 	}
 }
@@ -237,6 +242,8 @@ func (s *Source) disable(dataSources []string) {
 			s.Dogpile = false
 		case "exalead":
 			s.Dogpile = false
+		case "shodan":
+			s.Shodan = false
 		}
 	}
 }
@@ -323,6 +330,9 @@ func (s *Source) printSummary() {
 	if s.Exalead {
 		fmt.Printf("\nRunning Source: %sExalead%s\n", helper.Info, helper.Reset)
 	}
+	if s.Shodan {
+		fmt.Printf("\nRunning Source: %sShodan%s\n", helper.Info, helper.Reset)
+	}
 }
 
 //nbrActive ses reflection to get automatic active amount of searches
@@ -454,6 +464,9 @@ func discover(state *helper.State, domain string, sourceConfig *Source) (subdoma
 	if sourceConfig.Exalead {
 		domainDiscoverPool.Add(exalead.Query, domain, state)
 	}
+	if sourceConfig.Shodan {
+		domainDiscoverPool.Add(shodan.Query, domain, state)
+	}
 
 	domainDiscoverPool.Wait()
 

diff --git a/libsubfinder/helper/state.go b/libsubfinder/helper/state.go
@@ -59,6 +59,8 @@ type Config struct {
 
 	CensysUsername string `json:"censysUsername"` // Censys Username
 	CensysSecret   string `json:"censysSecret"`   // Censys API Key
+
+	ShodanAPIKey string `json:"shodanApiKey"` // Shodan API Key
 }
 
 type Setting struct {
@@ -68,6 +70,7 @@ type Setting struct {
 	BingPages    string // Ask search pages to check
 	DogpilePages string // Dogpile search pages to check
 	YahooPages   string // Yahoo search pages to check
+	ShodanPages  string // Shodan search pages to check
 }
 
 func InitializeSettings() (setting *Setting) {
@@ -80,6 +83,7 @@ func InitializeSettings() (setting *Setting) {
 	settings.BingPages = "50"
 	settings.DogpilePages = "16"
 	settings.YahooPages = "10"
+	settings.ShodanPages = "10"
 	return &settings
 }
 

diff --git a/libsubfinder/sources/shodan/shodan.go b/libsubfinder/sources/shodan/shodan.go
@@ -0,0 +1,64 @@
+//
+// Written By : @Mzack9999 (Marco Rivoli)
+//
+// Distributed Under MIT License
+// Copyrights (C) 2018 Ice3man
+//
+
+// A golang client for Shodan.io
+package shodan
+
+import (
+	"fmt"
+	"io/ioutil"
+	"regexp"
+	"strconv"
+
+	"github.com/Ice3man543/subfinder/libsubfinder/helper"
+)
+
+// all subdomains found
+var subdomains []string
+
+// Query function returns all subdomains found using the service.
+func Query(args ...interface{}) interface{} {
+
+	domain := args[0].(string)
+	state := args[1].(*helper.State)
+
+	shodanAPIKey := state.ConfigState.ShodanAPIKey
+	maxPages, _ := strconv.Atoi(state.CurrentSettings.ShodanPages)
+	for currentPage := 0; currentPage <= maxPages; currentPage++ {
+		resp, err := helper.GetHTTPResponse("https://api.shodan.io/shodan/host/search?query=hostname:"+domain+"&page="+strconv.Itoa(currentPage)+"&key="+shodanAPIKey, state.Timeout)
+		if err != nil {
+			fmt.Printf("\nerror: %v\n", err)
+			return subdomains
+		}
+
+		// Get the response body
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			fmt.Printf("\nerror: %v\n", err)
+			return subdomains
+		}
+
+		reSub := regexp.MustCompile(`"`)
+		src := reSub.ReplaceAllLiteralString(string(body), " ")
+
+		match := helper.ExtractSubdomains(src, domain)
+
+		for _, subdomain := range match {
+			if state.Verbose == true {
+				if state.Color == true {
+					fmt.Printf("\n[%sShodan%s] %s", helper.Red, helper.Reset, subdomain)
+				} else {
+					fmt.Printf("\n[Shodan] %s", subdomain)
+				}
+			}
+
+			subdomains = append(subdomains, subdomain)
+		}
+	}
+
+	return subdomains
+}
diff --git a/main.go b/main.go
@@ -106,6 +106,8 @@ func main() {
 				reflect.ValueOf(&state.ConfigState).Elem().FieldByName("CensysUsername").SetString(object[1])
 			} else if strings.EqualFold(object[0], "censyssecret") == true {
 				reflect.ValueOf(&state.ConfigState).Elem().FieldByName("CensysSecret").SetString(object[1])
+			} else if strings.EqualFold(object[0], "shodankey") == true {
+				reflect.ValueOf(&state.ConfigState).Elem().FieldByName("ShodanAPIKey").SetString(object[1])
 			}
 
 			configJson, _ := json.MarshalIndent(state.ConfigState, "", "	")
@@ -117,8 +119,6 @@ func main() {
 
 			fmt.Printf("Successfully configured %s%s%s=>%s\n", helper.Info, object[0], helper.Reset, object[1])
 		}
-
-		os.Exit(0)
 	}
 
 	if state.SetSetting != "none" {