jShodan

Powerful Shodan client written using RxJava and Retrofit. You can integrate this client into existing apps or create new one. With this Shodan client you can:

• Search Shodan
• Exploit search
• Streaming API to consume Shodan data in real time (in development)

Installation

If you use gradle add to your build.gradle

repositories {
    jcenter()
}

Also you can use maven central

repositories {
    mavenCentral()
}

And in your dependencies block add this line

compile 'com.fooock:jshodan:0.4.9'

or if you are using maven add to you pom.xml

<dependency>
  <groupId>com.fooock</groupId>
  <artifactId>jshodan</artifactId>
  <version>0.4.9</version>
  <type>pom</type>
</dependency>

Getting started

You need an API key to use this client. You can do this in Shodan.io

• Rest API

ShodanRestApi api = new ShodanRestApi("your api key here");

A simple example of query Shodan with facet info. Note that executing this query consumes 1 query credit

api.hostSearch("port:8333", "bitcoin.ip:10,city:10")
    .subscribe(new DisposableObserver<HostReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(HostReport hostReport) {
            // result of the query
        }
});

The result of this, if success, is an object HostReport that contains all info.

int total = hostReport.getTotal();
List<Banner> banners = hostReport.getBanners();
FacetReport facet = hostReport.getFacet();

You can use other method calls from the rest API. See the ApiService class for a complete list.

• Exploit API Use this API to search for exploits from multiple data sources like Exploit DB, Metasploit and CVE. The use of this API is very simply and similar to the previous

ShodanExploitApi api = new ShodanExploitApi("your api key here");

A simple example

api.search("ssl", "type")
    .subscribe(new DisposableObserver<ExploitReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(ExploitReport exploitReport) {
            // result of the query
        }
});

The result of this call, if success, is ExploitReport class that contains all info

• Streaming API This API returns a real-time stream of data collected by Shodan.

ShodanStreamingApi api = new ShodanStreamingApi("your api key here");

Example to get all data that Shodan collects

api.banners()
    .subscribe(new DisposableObserver<BannerReport>() {
        @Override
        public void onCompleted() {
            // called when the request is completed
        }

        @Override
        public void onError(Throwable e) {
            // called if an error occurs
        }

        @Override
        public void onNext(BannerReport bannerReport) {
            // result of the query
        }
});

Note: To use the streaming API you need a Shodan subscription-based API plan. You can obtain it in Shodan pricing

Android support

If your plan is to create a new Android app using this, you need to add this dependency

compile 'io.reactivex.rxjava2:rxandroid:x.y.z'

Dependencies

• RxJava2 for its reactive-functional API
• Retrofit HTTP client for Android and Java
• Gson Retrofit converter A converter wich uses Gson for serialization to and from JSON
• RxJava2 adapter for Retrofit An adapter for rxJava2 types

Enjoy it!

Roadmap

1. Testing
2. Documentation
3. Better readme with more examples

Links

• Shodan.io
• API Documentation