shomon: Shodan Monitoring integration for TheHive

by do son ·

Shodan Monitoring

shomon

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!

Functionalities

  • Can be used as Webhook OR Stream listener

    • Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to the public net
    • Stream listener connects to Shodan and fetches/parses the alert stream

  • Utilizes shadowscatcher/shodan (fantastic work) for Shodan interaction.

  • Console logs are in JSON format and can be ingested by any other further log management tools

  • CI/CD via Github Actions ensures that a proper Release with changelogs, artifacts, and images on ghcr and dockerhub will be provided

  • Provides a working docker-compose file file for TheHive, dependencies

  • Super fast and Super mini in size

  • Complete code refactoring in v2.0 resulted in more modular, maintainable code

  • Via conf file or environment variables, alert specifics including tags, type, alert-template can be dynamically adjusted. See config file.

  • A full banner can be included in Alert with a direct link to Shodan Finding.

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!

Functionalities

  • Can be used as Webhook OR Stream listener

    • Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public net
    • Stream listener connects to Shodan and fetches/parses the alert stream

  • Utilizes shadowscatcher/shodan (fantastic work) for Shodan interaction.

  • Console logs are in JSON format and can be ingested by any other further log management tools

  • CI/CD via Github Actions ensures that a proper Release with changelogs, artifacts, images on ghcr and dockerhub will be provided

  • Provides a working docker-compose file file for TheHive, dependencies

  • Super fast and Super mini in size

  • Complete code refactoring in v2.0 resulted in more modular, maintainable code

  • Via conf file or environment variables alert specifics including tags, type, alert-template can be dynamically adjusted. See config file.

  • Full banner can be included in Alert with a direct link to Shodan Finding.

  • IP is added to observables

Install & Use

Copyright (c) 2020 KaanSK

Tags: Shodan Monitoring