Shodmon

The Shodan monitoring tools allow you to monitor shodan listed servers basis on the filter you select

Usage

This tool can be used to monitor internet exposed surface, specifically speaking, your servers. Shodan scans the entire internet periodically and maps out details such as Ports open, type of service running, certificate details, an organization to which the server belong, etc, all this to an IP Address. This is good for blue teamers to monitor your internet exposed servers and equivalently good for red teamers to find loopholes onto exposed servers.

Usecases

1. As a Blue teamer, you might have to keep an eye if your company puts a new server out on the web or to Map out your existing exposed surface. You might also want to keep check if any new port is opened, or content on the existing ports have changed.
2. As a Red teamer, you might want to keep an eye on the exposed surface to find any loopholes and simulate as attackers who are finding a single instance of misconfiguration to enter in your network.

Requirements

1. Shodan API Key

• Create a free account on shodan
• Get API Key
• Free Shodan account is enough to monitor a small number of servers (up to 100)

2. A Filter that shortlists servers that you want to monitor.

• It should cover any servers that are already exposed, as well as if something new pops up.
• I prefer to use org:”YOUR ORG” filter, or ASN:”ASXXXXX” filter

3. An Email account with SMTP Login VIA APIs

• Any email service which allows you to log in via SMTP
• I used Gmail and created an Isolated account

4. (OPTIONAL) If you like periodic Monitoring, you might want to run this script on Cloud.

• I used AWS Cloud as it was easiest to set up and free for one year!

5. Python 2.7.X and Internet Connection

Install && Use

Author: @Ngrovyer