Monday, October 24, 2022
HomeHackerShodan Monitoring Integration For TheHive
Hacker

Shodan Monitoring Integration For TheHive

Admin
By Admin
0
1




ShoMon is a Shodan alert feeder for TheHive written in GoLang. With model 2.0, it’s extra highly effective than ever!

  • Can be utilized as Webhook OR Stream listener

    • Webhook listener opens a restful API endpoint for Shodan to ship alerts. This implies it’s essential make this endpoint out there to public web
    • Stream listener connects to Shodan and fetches/parses the alert stream

  • Makes use of shadowscatcher/shodan (improbable work) for Shodan interplay.

  • Console logs are in JSON format and could be ingested by every other additional log administration instruments

  • CI/CD through Github Actions ensures {that a} correct Launch with changelogs, artifacts, photos on ghcr and dockerhub shall be supplied

  • Offers a working docker-compose file file for TheHive, dependencies

  • Tremendous quick and Tremendous mini in dimension

  • Full code refactoring in v2.0 resulted in additional modular, maintainable code

  • By way of conf file or setting variables alert specifics together with tags, sort, alert-template could be dynamically adjusted. See config file.

  • Full banner could be included in Alert with direct hyperlink to Shodan Discovering.

  • IP is added to observables

  • Parameters needs to be supplied through conf.yaml or setting variables. Please see config file and docker-compose file

  • After conf or setting variables are set merely difficulty command:

    ./shomon

Notes

  • Alert reference is first 6 chars of md5(“ip:port”)
  • Only one mod could be lively at a time. Webhook and Stream listener can’t be activated collectively.

Get newest compiled binary from releases

  1. Test Releases part.

Compile from supply code

  1. Just remember to have a working Golang workspace.
  2. go construct .
    • go construct -ldflags="-s -w" . could possibly be used to customise compilation and produce smaller binary.

Utilizing Public Container Registries

  1. Due to new CI/CD integration, newest variations of constructed photos are pushed to ghcr, DockerHub and could be utilized through:
    • docker pull ghcr.io/kaansk/shomon
    • docker pull kaansk/shomon
  1. Edit config file or present setting variables to instructions bellow
  2. docker construct -t shomon .
  3. docker run -it shomon
  1. Edit setting variables and configurations in docker-compose file
  2. docker-compose run -d



Previous articlec# – Cease an object from rotating previous a sure rotation worth in Unity
Admin
Adminhttps://www.handla.it
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

handla.it is your computer, laptop, software and cyber security website. We provide you with the latest breaking news and videos straight from the computer industry.

POPULAR POSTS

POPULAR CATEGORY

copyright 2022 © handla.it. All rights reserved.