Kali Linux

Shomon : Shodan Monitoring Integration For TheHive

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!

Functionalities

  • Can be used as Webhook OR Stream listener
    • Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public net
    • Stream listener connects to Shodan and fetches/parses the alert stream
  • Utilizes shadowscatcher/shodan (fantastic work) for Shodan interaction.
  • Console logs are in JSON format and can be ingested by any other further log management tools
  • CI/CD via Github Actions ensures that a proper Release with changelogs, artifacts, images on ghcr and dockerhub will be provided
  • Provides a working docker-compose file file for TheHive, dependencies
  • Super fast and Super mini in size
  • Complete code refactoring in v2.0 resulted in more modular, maintainable code
  • Via conf file or environment variables alert specifics including tags, type, alert-template can be dynamically adjusted. See config file.
  • Full banner can be included in Alert with direct link to Shodan Finding.

IP is added to observables

Usage

  • Parameters should be provided via conf.yaml or environment variables. Please see config file and docker-compose file
  • After conf or environment variables are set simply issue command: ./shomon

Notes

  • Alert reference is first 6 chars of md5(“ip:port”)
  • Only 1 mod can be active at a time. Webhook and Stream listener can not be activated together.

Setup & Compile Instructions

Get latest compiled binary from releases

  1. Check Releases section.

Compile from source code

  1. Make sure that you have a working Golang workspace.
  2. go build .
    • go build -ldflags="-s -w" . could be used to customize compilation and produce smaller binary.

Using Public Container Registries

  1. Thanks to new CI/CD integration, latest versions of built images are pushed to ghcr, DockerHub and can be utilized via:
    • docker pull ghcr.io/kaansk/shomon
    • docker pull kaansk/shomon

Using Dockerfile

  1. Edit config file or provide environment variables to commands bellow
  2. docker build -t shomon .
  3. docker run -it shomon

Using docker-compose file

  1. Edit environment variables and configurations in docker-compose file
  2. docker-compose run -d
R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

14 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

14 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

14 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

14 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

15 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

17 hours ago