Friday, October 28, 2011

Shodan: Maltego Add-on



Requirements


Installation

The Maltego add-ons for Shodan have 2 parts: entities and transforms. Entities are used to display
information in a sensible way in Maltego, while transforms let you modify and manipulate the
entities.

To get started, we will first import the new entities that Shodan provides for Maltego.


Entities

  1. Download the entities at: http://maltego.shodanhq.com/downloads/entities.mtz
  2. In Maltego, select "Manage Entities" in the "Manage" tab.
  3. Select "Import..."
  4. Locate the "entities.mtz" file you just downloaded and click "Next".
  5. Make sure all entities are checked, and click "Next".
  6. Enter "Shodan" as a category for the new entities. Click "Finish".
If you don't yet see the new entities in your Palette on the left side, right-click on the area and select
"Refresh Palette". You should now see a new category called "Shodan" with several new entities listed there.


Transforms

  1. Select "Discover Transforms" in the "Manage" tab.
  2. In the "Name" field, enter "Shodan"
  3. As a URL, use: https://cetas.paterva.com/TDS/runner/showseed/shodan
  4. Click "Add"
  5. Make sure the "Shodan" seed is selected, then click "Next"
  6. Again make sure you see "Shodan" selected, then click "Next"
  7. You now see a list of transforms that the "Shodan" seed has. Just click "Next" :)
  8. Click "Finish".
Alright, that's it for the installation! If you encounter any problems during this process,
just send an email or a message via Twitter.

Usage

There are 6 transforms available currently:
  • searchShodan
  • searchExploitDB
  • searchMetasploit
  • getHostProfile
  • searchShodanDomain
  • searchShodanNetblock
The first 3 transforms (searchShodan, searchExploitDB and searchMetasploit) take a "Phrase" as input, and return a set of "IPv4 Address", "ExploitDB Entry" and "MSF Module" entities. Then you can get more detailed information about an "IPv4 Address" by using the getHostProfile transform on it. The latter returns a list of "Banner" entities, "Domain"s and a "Location" entity (if available).

No comments:

Post a Comment