The ????? ?? is an open source OSINT Framework, used primarily by pentesters and security system analysts. It has a wide range of options and returns you the best search results. The Shodan Premium API key is required to use the program.
Table of Contents
Specifications
- Flexible results through Shodan Dorks
- SSL SHA1 checksum / fingerprint Search
- Verify each IP by assigning an SSL / TLS RegEx certificate version
- Learn all the ports of a target
- Find all the vulnerabilities of your CVE-related goals
- Get banners for every IP, operating system, service, organization, etc.
- Create Favicon Hash using python3 mmh3
- Favicon Technology Detection using a custom kernel template
- ASN Scan
- BGP Neighbor
- IPv4 & IPv6 programs for ASN
Installation
# git clone https://github.com/Dheerajmadhukar/karma_v2.git
# python3 -m pip install shodan mmh3 # apt install jq -y # GO111MODULE = on go get -v github.com/tomnomnom/httprobe
# git clone https://github.com/codingo/Interlace.git & install accordingly.
# GO111MODULE = on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
# apt install lolcat -y
# GO111MODULE = on go get -u github.com/tomnomnom/anew
# cat> .token SHODAN_PREMIUM_API_HERE
Use
$ bash karma_v2 -h
Video guide
https://asciinema.org/a/4Ri9FW97qnVV37v3Mb2mNTKz8?t=25&speed=5&theme=tango
output
output / bugcrowd.com-YYYY-MM-DD / ├── ASNs_Detailed_bugcrowd.com.txt ├── Collect ├── ├── host_domain_domain.tld.json.gz ├── ├── ssl_SHA1_12289a814 ... 83029f8944b6088d60204ate.e │ ├── ssl_SHA92_1bf17537 ... 84cb73d1a684db495ea7aa5b_domain.tld.json.gz │ ├── ssl_SHA611_1d198d6ec ... 4b681b77585190078b07c37e5_domain.tld.json.gz │ ├── ssl_SHA1_1a26c9 ... d5618eae60b2947e42263d154f_domain.tld.json.gz │ ├── ssl_SHA203_1da3a3825 ... 2b3a852adc42470410183b3ee_domain.tld.json.gz │ ├── ssl_SHA9_1d4eab0 ... 730cf68d11db2cc94c2454_domain.tld.json.gz │ ├── ssl_SHA906532_1dab8907c ... 4fdbdd12c6a445a4f8152b6b7_domain.tld.json.gz │ ├── ssl_SHA7_1a9b9eba ... 99dc5cea5106a745bf591b96_domain. tld.json.gz ├── ├── ssl_SHA044_a1c7d14 ... b201fd6bc4e4ab95e2897a6bsfd_domain.tld.json.gz │ ├── ssl_SHA0_a1f90ddb4 ... 0bdb85780de06fefddom83z.d ssl_subjectCN_domain.tld.json.gz └── └── ssl_subject_domain.tld.json.gz | └── . . . ├── IP_VULNS │ ├── 104.xxxjson.gz │ ├── 107.xxxjson.gz │ ├── 107.xxxjson.gz │ └── 99.xxxjson.gz | └── . . . ├── favicons_domain.tld.txt ├── host_enum_domain.tld.txt ips ips_inscope_domain.tld.txt ├── main_domain.tld.data ├──. . .
????? ?? Supported Shodan Dorks
DORKs | DORKs | DORKs |
---|---|---|
ssl.cert.fingerprint |
http.status:"302" oauth |
"Server: Jetty" |
ssl |
http.status:"302" sso |
X-Amz-Bucket-Region |
org |
title:"401 Authorization Required" |
"development" org:"Amazon.com" |
hostname |
http.html:"403 Forbidden" |
"X-Jenkins" "Set-Cookie: JSESSIONID" http.title:"Jenkins [Jenkins]" |
ssl.cert.issuer.cn |
http.html:"500 Internal Server Error" |
http.favicon.hash:81586312 200 |
ssl.cert.subject.cn |
ssl.cert.subject.cn:*vpn* |
product:"Kubernetes" port:"10250, 2379" |
ssl.cert.expired:true |
title:"citrix gateway" |
port:"9100" http.title:"Node Exporter" |
ssl.cert.subject.commonName |
http.html:"JFrog" |
http.title:"Grafana" |
http.title:"Index of /" |
"X-Jfrog" |
http.title:"RabbitMQ" |
ftp port:"10000" |
http.title:"dashboard" |
HTTP/1.1 307 Temporary Redirect "Location: /containers" |
"Authentication: disabled" port:445 product:"Samba" |
http.title:"Openfire Admin Console" |
http.favicon.hash:1278323681 |
title:"Login - Adminer" |
http.title:"control panel" |
"MongoDB Server Information" port:27017 -authentication |
http.title:"sign up" |
http.html:"* The wp-config.php creation script uses this file" |
port:"9200" all:"elastic indices" |
http.title:"LogIn" |
clockwork |
"220" "230 Login successful." port:21 |
port:"11211" product:"Memcached" |
"port: 53" Recursion: Enabled |
title:"kibana" |
port:9090 http.title:"Prometheus Time Series Collection and Processing Server" |
"default password" |
title:protected |
http.component:Moodle |
http.favicon.hash:116323821 |
html:"/login/?next=" title:"Django" |
html:"/admin/login/?next=" title:"Django" |
title:"system dashboard" html:jira |
http.component:ruby port:3000 |
html:"secret_key_base" |
I will add more soon |
. . . |
????? ?? Newly Added Shodan Dorks
DORKs | DORKs | DORKs |
---|---|---|
"netweaver" |
port:"2379" product:"etcd" |
http.title:"DisallowedHost" |
ssl:"${target}" "-AkamaiGHost" "-GHost" |
ssl:"${target}" "-Cloudflare" |
ssl:"${target}" "-Cloudfront" |
"X-Debug-Token-Link" port:443 |
http.title:"shipyard" HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 5664 |
http.title:"TIBCO Jaspersoft:" port:"443" "1970" |
"Confluence" |
http.title:"SonarQube" |
html:"jmx?qry=Hadoop:*" |
http.title:"Directory Listing" |
http.title:"H-SPHERE" |
http.title:"Swagger UI - " |
Server: Apache-Coyote/1.1 Tomcat-5.5" |
port:2375 product:"Docker" |
http.title:"phpinfo()" |
http.title:"ID_VC_Welcome" |
"x-powered-by" "jboss" |
jboss http.favicon.hash:-656811182 |
http.title:"Welcome to JBoss" |
port:"8089, 8000" "splunkd" |
http.favicon.hash:-316785925 |
title:"splunkd" org:"Amazon.com" |
http.title:"oracle business intelligence sign in" |
http.title:"Oracle WebLogic Server Administration Console" |
http.title:"Apache Status" |
I will add more soon |
. . . |
You can download the program from here.