Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ENH: add alert parameter to Shodan stream collector #2492

Merged
merged 1 commit into from
Apr 18, 2024
Merged

ENH: add alert parameter to Shodan stream collector #2492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@

### Bots
#### Collectors
- `intelmq.bots.collectors.shodan.collector_stream` (PR#2492 by Mikk Margus Möll):
- Add `alert` parameter to Shodan stream collector to allow fetching streams by configured alert ID

#### Parsers
- `intelmq.bots.parsers.shadowserver._config`:
Expand Down
4 changes: 4 additions & 0 deletions docs/user/bots.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,10 @@ Only the proxy is used (requires `shodan-python > 1.8.1`). Certificate is always

() A list of countries to query for. If it is a string, it will be spit by `,`.

**`alert`**

() Alert ID from monitor.shodan.io.

If the stream is interrupted, the connection will be aborted using the timeout parameter. No error will be logged if the
number of consecutive connection fails does not reach the parameter
`error_max_retries`. Instead of errors, an INFO message is logged. This is a measurement against too frequent ERROR
Expand Down
23 changes: 19 additions & 4 deletions intelmq/bots/collectors/shodan/collector_stream.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,15 @@
* api_key: The API key

Selectors:
The only possible selector is currently the country:
* countries: A list of strings or a comma separated list with country codes
* alert: An alert ID from monitor.shodan.io
"""
import pkg_resources
from http.client import IncompleteRead
from urllib3.exceptions import ProtocolError, ReadTimeoutError

from requests.exceptions import ChunkedEncodingError, ConnectionError
from typing import List
from typing import List, Optional

from intelmq.lib.bot import CollectorBot

Expand All @@ -31,6 +31,7 @@ class ShodanStreamCollectorBot(CollectorBot):
"Collect the Shodan stream from the Shodan API"
api_key: str = "<INSERT your API key>"
countries: List[str] = []
alert: Optional[str] = None

def init(self):
if shodan is None:
Expand All @@ -46,14 +47,28 @@ def init(self):
self.api = shodan.Shodan(self.api_key,
proxies=self.proxy)
if isinstance(self.countries, str):
if self.countries and self.alert:
raise ValueError('Both alert and country filters specified. Please use only one selector.')
self.countries = self.countries.split(',')

self.__error_count = 0

def process(self):
try:
for line in self.api.stream.countries(timeout=self.http_timeout_sec, raw=True,
countries=self.countries):
if self.alert:
stream = self.api.stream.alert(
aid=self.alert,
timeout=self.http_timeout_sec,
raw=True,
)
else:
stream = self.api.stream.countries(
countries=self.countries,
timeout=self.http_timeout_sec,
raw=True,
)

for line in stream:
report = self.new_report()
report.add('raw', line)
self.send_message(report)
Expand Down
Loading