This repo houses the code I made to mine various C2/malware IPs from Shodan. Most of the searches used were sourced from Michael Koczwara's and @BushidoToken's (Will's) research (see references below). Huge thanks to the both of them!
- C2's
- Malware
- AcidRain Stealer
- Misha Stealer (AKA Grand Misha)
- Patriot Stealer
- RAXNET Bitcoin Stealer
- Titan Stealer
- Collector Stealer
- Mystic Stealer
- Tools
I currently have this script running nightly on a crontab and automatically updating the files in data. There is a backup of the data in backup, this is not touched by the automation and will occassionally be updated manually.
Last Backup: 1/6/2023
However if you want to host a private version, put your Shodan API key in an environment variable called SHODAN_API_KEY
echo SHODAN_API_KEY=API_KEY >> ~/.bashrc
bash
python3 -m pip install -r requirements.txt
python3 tracker.py- Write scripts to analyze DNS/WHOIS info
- Build automation into the script
- Write script to identify servers with multiple frameworks running
- Track metrics over time