shodan网站中有全球联网的主机设备信息,Metasploit集成了shodan,也就是说再MSF中可以直接从shodan中获取主机信息。
msf中使用shodan
使用auxiliary/gather/shodan_search模块:
msf6 auxiliary(scanner/smtp/smtp_enum) > use auxiliary/gather/shodan_search
msf6 auxiliary(gather/shodan_search) > show options
Module options (auxiliary/gather/shodan_search):
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE false no Add search results to the database
MAXPAGE 1 yes Max amount of pages to collect
OUTFILE no A filename to store the list of IPs
QUERY yes Keywords you want to search for
REGEX .* yes Regex search for a specific IP/City/Country/Hostname
SHODAN_APIKEY yes The SHODAN API key
填写主机检索关键字
在option设置检索关键字
msf6 auxiliary(gather/shodan_search) > set QUERY phpmyadmin
QUERY => phpmyadmin
填写shodan api key
如果没有shodan账号,可以从官网上注册:www.shodan.io,注册完成之后,可以找到api key信息:

拷贝到options中设置SHODAN_APIKEY:
msf6 auxiliary(gather/shodan_search) > set ShodAN_APIKEY R6G************************rvL7
ShodAN_APIKEY => R6G************************rvL7
执行检索
检索前先检查option:
msf6 auxiliary(gather/shodan_search) > show options
Module options (auxiliary/gather/shodan_search):
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE false no Add search results to the database
MAXPAGE 1 yes Max amount of pages to collect
OUTFILE no A filename to store the list of IPs
QUERY phpmyadmin yes Keywords you want to search for
REGEX .* yes Regex search for a specific IP/City/Country/Hostname
SHODAN_APIKEY R6G************************rvL7 yes The SHODAN API key
运行获得主机结果:

可以访问进行测试,例如访问第一个结果:

结语
shodan的主机与Metasploit的渗透工具集合,实在让这个世界边界扩大了很多!