Passively scan targets using Nmap via Shodan

shodan-hq-nse is an nmap nse script to query the Shodan API and passively get information about hosts.

Installation

git clone https://github.com/glennzw/shodan-hq-nse.git

cd shodan-hq-nse

cp shodan-hq.nse /usr/local/share/nmap/scripts/

Usage

You can set your Shodan API key in the shodan-hq.nse file itself to save you having to type it in every time:

-- Set your Shodan API key here to avoid typing it in every time:

local apiKey = ""



nmap --script shodan-hq.nse <target> --script-args 'apikey=<yourShodanAPIKey'

Warning:

nmap will still scan the target host normally. If you only want to look up the target in Shodan you need to include the -sn -Pn -n flags. e.g:

nmap –script shodan-hq.nse -sn -Pn -n <target>

You could instead specify a single target with the target script argument. e.g:

nmap –script shodan-hq.nse –script-args ‘apikey=<yourShodanAPIKey>,target=<hackme>’

Saving to file

The results can be written to file with the outfile script argument. e.g:

nmap –script shodan-hq.nse -sn -Pn -n <target> -sn -Pn -n –script-args ‘outfile=potato.csv’

Demo

https://www.youtube.com/watch?v=WaLrqyNCC8o

Source: Github