ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever!
Functionalities
- Can be used as Webhook OR Stream listener
- Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to public net
- Stream listener connects to Shodan and fetches/parses the alert stream
- Utilizes shadowscatcher/shodan (fantastic work) for Shodan interaction.
- Console logs are in JSON format and can be ingested by any other further log management tools
- CI/CD via Github Actions ensures that a proper Release with changelogs, artifacts, images on ghcr and dockerhub will be provided
- Provides a working docker-compose file file for TheHive, dependencies
- Super fast and Super mini in size
- Complete code refactoring in v2.0 resulted in more modular, maintainable code
- Via conf file or environment variables alert specifics including tags, type, alert-template can be dynamically adjusted. See config file.
- Full banner can be included in Alert with direct link to Shodan Finding.
IP is added to observables
Usage
- Parameters should be provided via
conf.yaml
or environment variables. Please see config file and docker-compose file - After conf or environment variables are set simply issue command:
./shomon
Notes
- Alert reference is first 6 chars of md5(“ip:port”)
- Only 1 mod can be active at a time. Webhook and Stream listener can not be activated together.
Setup & Compile Instructions
Get latest compiled binary from releases
- Check Releases section.
Compile from source code
- Make sure that you have a working Golang workspace.
go build .
go build -ldflags="-s -w" .
could be used to customize compilation and produce smaller binary.
Using Public Container Registries
- Thanks to new CI/CD integration, latest versions of built images are pushed to ghcr, DockerHub and can be utilized via:
docker pull ghcr.io/kaansk/shomon
docker pull kaansk/shomon
- Edit config file or provide environment variables to commands bellow
docker build -t shomon .
docker run -it shomon
- Edit environment variables and configurations in docker-compose file
docker-compose run -d