Monday, October 24, 2022
HomeHackerShodan Monitoring Integration For TheHive

Shodan Monitoring Integration For TheHive




ShoMon is a Shodan alert feeder for TheHive written in GoLang. With model 2.0, it’s extra highly effective than ever!

  • Can be utilized as Webhook OR Stream listener

    • Webhook listener opens a restful API endpoint for Shodan to ship alerts. This implies it’s essential make this endpoint out there to public web
    • Stream listener connects to Shodan and fetches/parses the alert stream
  • Makes use of shadowscatcher/shodan (improbable work) for Shodan interplay.

  • Console logs are in JSON format and could be ingested by every other additional log administration instruments

  • CI/CD through Github Actions ensures {that a} correct Launch with changelogs, artifacts, photos on ghcr and dockerhub shall be supplied

  • Offers a working docker-compose file file for TheHive, dependencies

  • Tremendous quick and Tremendous mini in dimension

  • Full code refactoring in v2.0 resulted in additional modular, maintainable code

  • By way of conf file or setting variables alert specifics together with tags, sort, alert-template could be dynamically adjusted. See config file.

  • Full banner could be included in Alert with direct hyperlink to Shodan Discovering.

  • IP is added to observables

  • Parameters needs to be supplied through conf.yaml or setting variables. Please see config file and docker-compose file

  • After conf or setting variables are set merely difficulty command:

    ./shomon

Notes

  • Alert reference is first 6 chars of md5(“ip:port”)
  • Only one mod could be lively at a time. Webhook and Stream listener can’t be activated collectively.

Get newest compiled binary from releases

  1. Test Releases part.

Compile from supply code

  1. Just remember to have a working Golang workspace.
  2. go construct .
    • go construct -ldflags="-s -w" . could possibly be used to customise compilation and produce smaller binary.

Utilizing Public Container Registries

  1. Due to new CI/CD integration, newest variations of constructed photos are pushed to ghcr, DockerHub and could be utilized through:
    • docker pull ghcr.io/kaansk/shomon
    • docker pull kaansk/shomon
  1. Edit config file or present setting variables to instructions bellow
  2. docker construct -t shomon .
  3. docker run -it shomon
  1. Edit setting variables and configurations in docker-compose file
  2. docker-compose run -d



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments