Class: Fluent::Plugin::ShodanSearch

Inherits:
Input
  • Object
show all
Defined in:
lib/fluent/plugin/in_shodan_search.rb

Constant Summary collapse

SUPPORTED_FILTERS = 
[
  'asn','city','country','cpe','device','geo','has_ipv6','has_screenshot',
  'has_ssl','has_vuln','hash','hostname','ip','isp','link','net','org','os',
  'port','postal','product','region','scan','shodan.module','state',
  'version','screenshot.label','cloud.provider','cloud.region',
  'cloud.service','http.component','http.component_category',
  'http.favicon.hash','http.html','http.html_hash','http.robots_hash',
  'http.securitytxt','http.status','http.title','http.waf','bitcoin.ip',
  'bitcoin.ip_count','bitcoin.port','bitcoin.version','snmp.contact',
  'snmp.location','snmp.name','ssl','ssl.alpn','ssl.cert.alg',
  'ssl.cert.expired','ssl.cert.extension','ssl.cert.fingerprint',
  'ssl.cert.issuer.cn','ssl.cert.pubkey.bits','ssl.cert.pubkey.type',
  'ssl.cert.serial','ssl.cert.subject.cn','ssl.chain_count',
  'ssl.cipher.bits','ssl.cipher.name','ssl.cipher.version','ssl.ja3s',
  'ssl.jarm','ssl.version','ntp.ip','ntp.ip_count','ntp.more','ntp.port',
  'telnet.do','telnet.dont','telnet.option','telnet.will','telnet.wont',
  'ssh.hassh','ssh.type', 'tag', 'vuln'
]

Instance Method Summary collapse

Instance Method Details

#configure(conf) ⇒ Object

Raises:

  • (Fluent::ConfigError) 


47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/fluent/plugin/in_shodan_search.rb', line 47

def configure(conf)
  super

  @client = Shodanz.client.new(key: @api_key)
  begin
    log.info "Shodan client properly registered", client_info: @client.info
  rescue RuntimeError => exception
    raise Fluent::ConfigError.new "Invalid Shodan API key"
  end

  raise Fluent::ConfigError.new("At least a query or one filter should be configured") if @query.empty? and @filters.empty?

  @search_filters = {}
  @filters.each do |filter|
    @search_filters[filter.name] = filter.value
  end
end

#multi_workers_ready?Boolean

Returns:

  • (Boolean) 


65
66
67
 
# File 'lib/fluent/plugin/in_shodan_search.rb', line 65

def multi_workers_ready?
  false
end

#startObject 



69
70
71
72
73
 
# File 'lib/fluent/plugin/in_shodan_search.rb', line 69

def start
  super

  timer_execute("shodan_#{self.class.name}_#{@tag}".to_sym, @interval, repeat: true, &method(:run))
end