From 43834b6d517d3652628380c3744eed312811813c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 15 Sep 2016 15:11:04 +0200
Subject: [PATCH] Add simple Shodan module

---
 misp_modules/modules/expansion/__init__.py |  2 +-
 misp_modules/modules/expansion/shodan.py   | 48 ++++++++++++++++++++++
 setup.py                                   |  5 ++-
 3 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100755 misp_modules/modules/expansion/shodan.py

diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py
index 9d818d3..71a2bd7 100644
--- a/misp_modules/modules/expansion/__init__.py
+++ b/misp_modules/modules/expansion/__init__.py
@@ -1,2 +1,2 @@
 __all__ = ['asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns',
-           'eupi', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois']
+           'eupi', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan']
diff --git a/misp_modules/modules/expansion/shodan.py b/misp_modules/modules/expansion/shodan.py
new file mode 100755
index 0000000..4bb35e7
--- /dev/null
+++ b/misp_modules/modules/expansion/shodan.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+
+import json
+try:
+    import shodan
+except ImportError:
+    print("shodan module not installed.")
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['ip-src', 'ip-dst'], 'output': ['freetext']}
+moduleinfo = {'version': '0.1', 'author': 'Raphaël Vinot',
+              'description': 'Query on Shodan',
+              'module-type': ['expansion']}
+
+moduleconfig = ['apikey']
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if request.get('ip-src'):
+        toquery = request['ip-src']
+    elif request.get('ip-dst'):
+        toquery = request['ip-dst']
+    else:
+        misperrors['error'] = "Unsupported attributes type"
+        return misperrors
+
+    if not request.get('config') and not (request['config'].get('apikey')):
+        misperrors['error'] = 'shodan authentication is missing'
+        return misperrors
+    api = shodan.Shodan(request['config'].get('apikey'))
+
+    return handle_expansion(api, toquery)
+
+
+def handle_expansion(api, domain):
+    return {'results': [{'types': mispattributes['output'], 'values': api.host(domain)}]}
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
diff --git a/setup.py b/setup.py
index d48e13e..8ad517e 100644
--- a/setup.py
+++ b/setup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 from setuptools import setup, find_packages
 
@@ -11,7 +11,7 @@ setup(
     url='https://github.com/MISP/misp-modules',
     description='MISP modules are autonomous modules that can be used for expansion and other services in MISP',
     packages=find_packages(),
-    entry_points = {'console_scripts': ['misp-modules = misp_modules:main']},
+    entry_points={'console_scripts': ['misp-modules = misp_modules:main']},
     test_suite="tests",
     classifiers=[
         'License :: OSI Approved :: GNU Affero General Public License v3',
@@ -37,5 +37,6 @@ setup(
         'cybox',
         'pillow',
         'pytesseract',
+        'shodan',
     ]
 )