Hunting Vulnerable Devices
- Bagaimana cara mencari device IoT yang vulnerable?
Recon: Atur target Build: Bruteforce, Public Exploit Post: Get access, Botnet, Malware, etc.
- Bagaimana cara mencari device IoT berdasarkan perusahaan yang ditargetkan?
Untuk query awal hanya menggunakan pencarian saja.
$ curl "https://api.shodan.io/shodan/host/search?key={Token}&query='Indosat'" | python -m json.tool | less
Untuk pencarian yang lebih tepat bisa menggunakan ASN, namun harus upgrade Plan API.
Solusi sementara, bisa menggunakan query search biasa dan menggunakan tambahan parsing JSON.
import requests
import json
import pprint
import time
# case 1: https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='Indonesia'
# status: success
# count: 14
# case 2: https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='Telkom'
# status: success
# count: 50
# case 3: https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='PT'
# status: success
# count: 1
# Untuk mencari target berdasarkan perusahaan, ASN saja cukup!
def search(query):
time.sleep(1)
url = "https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='%s'" % (query)
x = requests.get(url)
data = json.loads(x.content)
p = 0
for d in data['matches']:
try:
if 'AS17974' == d['asn']:
# pprint.pprint(d)
# print p, d['ip_str'], d['org']
p += 1
except:
# '[!] No ASN'
pass
return p
cases = ['PT', 'Telkom', 'Indonesia']
for case in cases:
print '{:<8} {:<8}'.format(case, search(case))
PT 1
Telkom 50
Indonesia 14
Menggabungkan Hasil
import requests
import json
import pprint
import time
def search(query):
time.sleep(1)
url = "https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='%s'" % (query)
x = requests.get(url)
data = json.loads(x.content)
p = 0
valid = []
for d in data['matches']:
try:
if 'AS17974' == d['asn']:
p += 1
valid.append(d)
except:
pass
return p, valid
merged = []
cases = ['PT', 'Telkom', 'Indonesia']
for case in cases:
count, single = search(case)
print '{:<8} {:<8}'.format(case, count)
merged += single
print 'Merged {:<8}'.format(len(merged))
PT 1
Telkom 50
Indonesia 14
Merged 65
Menggabungkan dan mencetak informasi yang diinginkan
import requests
import json
import pprint
import time
def search(query):
time.sleep(1)
url = "https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='%s'" % (query)
x = requests.get(url)
data = json.loads(x.content)
p = 0
valid = []
for d in data['matches']:
try:
if 'AS17974' == d['asn']:
p += 1
valid.append(d)
except:
pass
return p, valid
merged = []
cases = ['PT', 'Telkom', 'Indonesia']
for case in cases:
count, single = search(case)
print '{:<8} {:<8}'.format(case, count)
merged += single
print '{:<8} {:<8}'.format('Merged', len(merged))
for i,m in enumerate(merged):
try:
print '{:<8} {:<32} {:<32}'.format(i, m['ip_str'], m['product'])
except KeyError:
try:
print '{:<8} {:<32} {:<32}'.format(i, m['ip_str'], m['tags'])
except KeyError:
print '{:<8} {:<32} {:<32}'.format(i, m['ip_str'], m['port'])
else:
pass
0 36.67.126.49 MikroTik router ftpd
1 36.75.164.115 Apache httpd
2 36.66.198.217 [u'vpn']
...
Ini dia script lengkapnya.
import requests
import json
import pprint
import time
"""
0 PT Telkom Indonesia AS17974
1 PT Indosat Tbk. AS4761
"""
def search(query, asn):
time.sleep(1)
url = "https://api.shodan.io/shodan/host/search?key=jWvScG6x3XmwrqZ3e3R0DbAKYkKaMgXX&query='%s'" % (query)
x = requests.get(url)
data = json.loads(x.content)
p = 0
valid = []
for d in data['matches']:
try:
if asn == d['asn']:
p += 1
valid.append(d)
except:
pass
return p, valid
def merge(cases, asn):
merged = []
for case in cases:
count, single = search(case, asn)
print '{:<8} {:<8}'.format(case, count)
merged += single
print '{:<8} {:<8}'.format('Merged', len(merged))
for i,m in enumerate(merged):
try:
print '{:<8} {:<32} {:<32} {:<32} {:<32}'.format(i, m['ip_str'], m['product'], m['tags'], m['port'])
except KeyError:
try:
print '{:<8} {:<32} {:<32} {:<32} {:<32}'.format(i, m['ip_str'], 'NA', m['tags'], m['port'])
except KeyError:
print '{:<8} {:<32} {:<32} {:<32} {:<32}'.format(i, m['ip_str'], 'NA', 'NA' ,m['port'])
else:
pass
if __name__ == '__main__':
asn = 'AS17974'
cases = 'PT Telkom Indonesia'.split(chr(32))
asn = 'AS4761'
cases = 'PT Indosat Tbk. Indonesia'.split(chr(32))
merge(cases, asn)
PT 0
Telkom 50
Indonesia 14
Merged 64
0 36.67.126.49 NA NA 21
1 36.75.164.115 NA NA 8081
2 36.66.198.217 NA [u'vpn'] 1723
3 36.66.230.125 NA [u'vpn'] 1723
4 36.67.76.201 NA [u'vpn'] 1723
Info Tambahan
Beberapa informasi menyebutkan bahwa negara yang paling banyak menyediakan IoT device adalah negera Korea src.
Sedangkan aktivitas Botnet mulai aktif di beberapa negara di dunia src.
Unduh dokumen lengkap src.