🔺Shodan Queries
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"canterbury.ac.nz" --fields ip_str --limit 1000 | tee -a ip.txt && naabu -list ip.txt -p 1-65535 -c 100 | tee ip-with-ports.txt &&Check Proof of ownership of IP
Check Proof of ownership of IPhttps://ipinfo.io/50.76.140.86
whois 50.76.140.86
rdap 50.76.140.86
site:github.com CVE-2024-34102 PoC
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"epa.gov" --fields ip_str --limit 1000 | tee -a all-ip.txt && shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"epa.gov" 200 --fields ip_str --limit 1000 | tee -a all-ip.txt && cat all-ip.txt | sort -u | tee ip.txt && cat ip.txt | wc -l
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"stanford.edu" 200 --fields ip_str --limit 1000 | tee -a all-ip.txt && shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"stanford.edu" 200 --fields ip_str --limit 1000 | tee -a all-ip.txt && cat all-ip.txt | sort -u | tee ip.txt && rm all-ip.txt && cat ip.txt | wc -l && cat ip.txt | httpx -title -sc -server -td -location && naabu -tp 1000 -l ip.txt -c 50 | tee internal-development-services.txt && cat internal-development-services.txt | httpx -title -sc -server -td -location && nuclei -l ip.txt --tags cve --s info,high,critical,medium -es unknown -c 30 nuclei -l ip.txt --tags panel,tech,osint --s info,low,high,critical,medium -es unknown -c 30 nuclei -l ip.txt --tags magento --s info,low,high,critical,medium -es unknown -c 30
nuclei -l ip.txt --tags oracle --s info,low,high,critical,medium -es unknown -c 30
nuclei -l ip.txt -tags cve --s info,low,high,critical,medium -es unknown -c 30 -o cves.txt
nuclei -l ip.txt -t vulnerabilities/ --s low,high,critical,medium -es unknown -c 30 -o vulnerabilities.txt
nuclei -l ip.txt -t exposures/ --s low,high,critical,medium -es unknown -c 30 -o exposures.txt
nuclei -l ip.txt -t misconfiguration/ --s low,high,critical,medium -es unknown -c 30 -o misconfiguration.txt
nuclei -l ip.txt -t default-logins/ --s info,high,critical,medium -es unknown -c 30 -o default-logins.txt
nuclei -l ip.txt -t exposed-panels/ --s info,high,critical,medium -es unknown -c 30 -o exposed-panels.txt
nuclei -l ip.txt -t takeovers/ --s info,high,critical,medium -es unknown -c 30 -o takeovers.txtcurl -s "https://www.virustotal.com/vtapi/v2/domain/report?domain=quizlet.com&apikey=e4726b21a95fb9db348aaa70bbe44121aa5054ada6171a61e680fc2b398bdbe1" | jq -r '.. | .ip_address? // empty' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | tee virustotal-IPs.txt
curl -s "https://otx.alienvault.com/api/v1/indicators/hostname/quizlet.com/url_list?limit=500&page=1" | jq -r '.url_list[]?.result?.urlworker?.ip // empty' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | tee otx.alienvault-IPs.txt
curl -s "https://urlscan.io/api/v1/search/?q=domain:quizlet.com&size=10000" | jq -r '.results[]?.page?.ip // empty' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | tee urlscan-IPs.txt
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"quizlet.com" --fields ip_str | tee shodan-ip.txt
cat virustotal-IPs.txt otx.alienvault-IPs.txt urlscan-IPs.txt shodan-ip.txt | sort -u | tee > Public-IPs.txtcat ip.txt | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sort -u | tee only-ip.txt && naabu -tp 1000 -l only-ip.txt -c 50 -nmap-cli 'nmap -sV' naabu-full.txt cat ip.txt | \
while read host; do \
for path in /admin/config.json /config.js /config.json /app/config.json /app/config.js /settings.json /database.json /firebase.json /.env /.env.production /api_keys.json /credentials.json /secrets.json /google-services.json /package.json /package-lock.json /composer.json /pom.xml /docker-compose.yml /service-worker.js /Trace.axd; do \
echo "$host$path"; \
done; \
done | httpx -mc 200 -sc -cl -titlewhile read -r host; do
echo "Querying: $host"
ip=$(nslookup "$host" | awk '/^Address: / {print $2}' | tail -n1)
if [[ -n "$ip" ]]; then
echo "$host $ip"
else
echo "No IP found for $host" >&2
fi
done < sub.txtssl.cert.subject.CN:"target.com" http.title:"Login","Log in","Register","Signin","Sign in","Sign up" 200 -http.title:"cPanel","Webmail"change hostname value Domain.com
ssl.cert.subject.CN:"target.com" -port:80 -port:443 -port:8080 -port:8443 200
ssl.cert.subject.CN:"target.com" http.title:"panel","dashboard"
ssl.cert.subject.CN:"target.com" http.html:"create admin"
ssl.cert.subject.CN:"target.com" http.html:"admin setup"
ssl.cert.subject.CN:"target.com" http.title:"IIS"
ssl.cert.subject.CN:"target.com" http.title:"Index of"
ssl.cert.subject.CN:"target.com" http.title:"dashboard"
ssl.cert.subject.CN:"target.com" http.title:"Swagger UI"
ssl.cert.subject.CN:"target.com" http.title:"phpinfo()"
ssl.cert.subject.CN:"target.com" http.component:php
ssl.cert.subject.CN:"target.com" http.component:java
ssl.cert.subject.CN:"target.com" http.component:ASP.NET
ssl.cert.subject.CN:"target.com" http.component:perl
ssl.cert.subject.CN:"target.com" http.component:CFML
ssl.cert.subject.CN:"target.com" html:"liferayPortalCSS"
ssl.cert.subject.CN:"target.com" http.title:"GlobalProtect Portal"
ssl.cert.subject.CN:"target.com" os:"PAN-OS"
ssl.cert.subject.CN:"target.com" http.html:"Langflow"
ssl.cert.subject.CN:"target.com" product:"Grafana"
ssl.cert.subject.CN:"target.com" http.component:"Adobe ColdFusion"
ssl.cert.subject.CN:"target.com" http.component:"Swagger UI"
ssl.cert.subject.CN:"target.com" http.component:"Mura CMS"
ssl.cert.subject.CN:"target.com" http.html:"Check Point ssl network"
ssl.cert.subject.CN:"target.com" http.title:"Ivanti Connect"
ssl.cert.subject.CN:"target.com" http.title:"HugeGraph"
ssl.cert.subject.CN:"target.com" http.title:"Vite App"
ssl.cert.subject.CN:"target.com" http.html"Langflow"How I stay updated with CVEs 🔥🔥🔥 ?
curl -s https://cvedb.shodan.io/cves | jq | grep "cve_id"
curl -k https://cvedb.shodan.io/cves | jq '.cves[] | {cveid: .cve_id, summary: .summary}'
curl -k https://cvedb.shodan.io/cves | jq -c '.cves[] | {cveid: .cve_id, summary: .summary}' | grep -i "reflected"Last updated