ShoMon is a Shodan alert feeder for TheHive written in GoLang. With model 2.0, it’s extra highly effective than ever!
-
Can be utilized as Webhook OR Stream listener
- Webhook listener opens a restful API endpoint for Shodan to ship alerts. This implies it’s essential make this endpoint out there to public web
- Stream listener connects to Shodan and fetches/parses the alert stream
-
Makes use of shadowscatcher/shodan (improbable work) for Shodan interplay.
-
Console logs are in JSON format and could be ingested by every other additional log administration instruments
-
CI/CD through Github Actions ensures {that a} correct Launch with changelogs, artifacts, photos on ghcr and dockerhub shall be supplied
-
Offers a working docker-compose file file for TheHive, dependencies
-
Tremendous quick and Tremendous mini in dimension
-
Full code refactoring in v2.0 resulted in additional modular, maintainable code
-
By way of conf file or setting variables alert specifics together with tags, sort, alert-template could be dynamically adjusted. See config file.
-
Full banner could be included in Alert with direct hyperlink to Shodan Discovering.
-
IP is added to observables
-
Parameters needs to be supplied through
conf.yaml
or setting variables. Please see config file and docker-compose file -
After conf or setting variables are set merely difficulty command:
./shomon
Notes
- Alert reference is first 6 chars of md5(“ip:port”)
- Only one mod could be lively at a time. Webhook and Stream listener can’t be activated collectively.
Get newest compiled binary from releases
- Test Releases part.
Compile from supply code
- Just remember to have a working Golang workspace.
go construct .
go construct -ldflags="-s -w" .
could possibly be used to customise compilation and produce smaller binary.
Utilizing Public Container Registries
- Due to new CI/CD integration, newest variations of constructed photos are pushed to ghcr, DockerHub and could be utilized through:
docker pull ghcr.io/kaansk/shomon
docker pull kaansk/shomon
- Edit config file or present setting variables to instructions bellow
docker construct -t shomon .
docker run -it shomon
- Edit setting variables and configurations in docker-compose file
docker-compose run -d