exploit the vulnerability with Shodan in Metasploit and use Sodan in the terminal.
- Installing shodan
pip install -U --user shodan
- show you a list of possible sub-commands for the Shodan CLI.
shodan
- Finally, initialize the Shodan CLI with your API key
shodan init YOUR_API_KEY
Usage: shodan [OPTIONS] COMMAND [ARGS]...
Options:
-h, --help Show this message and exit.
Commands:
alert Manage the network alerts for your account
convert Convert the given input data file into a different format.
count Returns the number of results for a search
data Bulk data access to Shodan
domain View all available information for a domain
download Download search results and save them in a compressed JSON...
honeyscore Check whether the IP is a honeypot or not.
host View all available information for an IP address
info Shows general information about your account
init Initialize the Shodan command-line
myip Print your external IP address
org Manage your organization's access to Shodan
parse Extract information out of compressed JSON files.
radar Real-Time Map of some results as Shodan finds them.
scan Scan an IP/ netblock using Shodan.
search Search the Shodan database
stats Provide summary information about a search query
stream Stream data in real-time.
trends Search Shodan historical database
version Print version of this tool.
- Install the prerequisites.
sudo apt update
sudo apt-get install -y ruby-dev libpq-dev libpcap-dev libsqlite3-dev postgresql git ruby-bundler build-essential patch ruby-dev zlib1g-dev liblzma-dev libgmp-dev
- Create the folder to accommodate the files.
sudo mkdir /opt/metasploit
- Grant the correct permissions to the folder.
sudo chown $USER:root -R /opt/metasploit
sudo chmod 770 -R /opt/metasploit
- Clone the msf directory on github to your local folder.
git clone https://github.com/rapid7/metasploit-framework.git /opt/metasploit
- Make the files executable.
sudo chmod +x /opt/metasploit/
- Run the following command to start installing everything Ruby related.
cd /opt/metasploit
gem install bundler -v'~>1.16'
bundle install
git config --global user.name "NAME HERE"
git config --global user.email "email@example.com"
- Update metasploit.
sudo /opt/metasploit/msfupdate
- Finally launch the metasploit console.
/opt/metasploit/msfconsole
Find Vulnerable Webcams with Shodan [Metasploit Framework]
sudo msfconsole
msf6 > search shodan
auxiliary/gather/shodan_host
msf6 auxiliary(gather/shodan_search) >
set your API KEY
msf6 auxiliary(gather/shodan_search) > set SHODAN_APIKEY Your_API_KEY
msf6 auxiliary(gather/shodan_search) > set QUERY webcams
msf6 auxiliary(gather/shodan_search) > exploit
Next, you paste that copied IP:port combo into any web browser URL bar.
my script samglish_shodan.sh
└──╼ $bash /home/samglish/Desktop/vb.sh
***********************************************************
* Ethical Hacking *
* VULNERABILITY SHODAN METASPLOIT *
* Samglish *
***********************************************************
Installing tools...
------------------------------------------------------------
***TheHarvester***
Please wait...
set Your API_KEY your_api_key
Error: Invalid API key
1. show my IP
2. Scan webcams
3. Scan servers
4. Scan routers
5. Scan printers
6. Scan switches
7. Scan cameras
8. Scan sensors
Choix :