Skip to content

Commit

Permalink
ENH: add alert parameter to Shodan stream collector
Browse files Browse the repository at this point in the history
  • Loading branch information
monoidic committed Apr 9, 2024
1 parent 4eb0f7a commit cf9d5e4
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@
- The 'json' option is no longer supported as the 'csv' option provides better performance (PR#2372 by elsif2).
- `intelmq.bots.collectors.alienvault_otx.collector` (PR#2449 by qux-bbb):
- Fix modified_pulses_only is always False.
- `intelmq.bots.collectors.shodan.collector_stream` (PR#x by Mikk Margus Möll):
- Add `alert` parameter to Shodan stream collector to allow fetching streams by configured alert ID


#### Parsers
Expand Down
4 changes: 4 additions & 0 deletions docs/user/bots.md
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,10 @@ Only the proxy is used (requires `shodan-python > 1.8.1`). Certificate is always

() A list of countries to query for. If it is a string, it will be spit by `,`.

**`alert`**

() Alert ID from monitor.shodan.io.

If the stream is interrupted, the connection will be aborted using the timeout parameter. No error will be logged if the
number of consecutive connection fails does not reach the parameter
`error_max_retries`. Instead of errors, an INFO message is logged. This is a measurement against too frequent ERROR
Expand Down
19 changes: 17 additions & 2 deletions intelmq/bots/collectors/shodan/collector_stream.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ class ShodanStreamCollectorBot(CollectorBot):
"Collect the Shodan stream from the Shodan API"
api_key: str = "<INSERT your API key>"
countries: List[str] = []
alert: str = ''

def init(self):
if shodan is None:
Expand All @@ -46,14 +47,28 @@ def init(self):
self.api = shodan.Shodan(self.api_key,
proxies=self.proxy)
if isinstance(self.countries, str):
if self.countries and self.alert:
raise ValueError('both alert and country filters specified in Shodan collector.')
self.countries = self.countries.split(',')

self.__error_count = 0

def process(self):
try:
for line in self.api.stream.countries(timeout=self.http_timeout_sec, raw=True,
countries=self.countries):
if self.alert:
stream = self.api.stream.alert(
aid=self.alert,
timeout=self.http_timeout_sec,
raw=True,
)
else:
stream = self.api.stream.countries(
countries=self.countries,
timeout=self.http_timeout_sec,
raw=True,
)

for line in stream:
report = self.new_report()
report.add('raw', line)
self.send_message(report)
Expand Down

0 comments on commit cf9d5e4

Please sign in to comment.