需要帮助从Shodan Python获取SSL

Question

我正在使用这个脚本来获取abc1234搜索术语的systems的I，但我也想获取发布到: SSL证书的公共名称，但我不知道如何在python中这样做。

#!/usr/bin/env python

import shodan
import sys

SHODAN_API_KEY = "key"
api = shodan.Shodan(SHODAN_API_KEY)

try:
# Search Shodan
    results = api.search('abc1234')
# Show the results
    print 'Results found: %s' % results['total']
    for result in results['matches']:
        print 'IP: %s' % result['ip_str']
        print ''
except shodan.APIError, e:
    print 'Error: %s' % e

Answer 1

支持SSL连接的服务将有一个带有顶级属性的Shodan横幅，名为ssl。ssl字典包含许多子属性。下面是一个示例：

{
    "dhparams": null,
    "tlsext": [],
    "versions": ["TLSv1", "-SSLv2", "-SSLv3", "-TLSv1.1", "-TLSv1.2"],
    "acceptable_cas": [],
    "cert": {
        "sig_alg": "sha256WithRSAEncryption",
        "issued": "20180227000000Z",
        "expires": "20190717120000Z",
        "pubkey": {
            "bits": 2048,
            "type": "rsa"
        },
        "version": 2,
        "extensions": [{
            "data": "0\\x16\\x80\\x14\\x90X\\xff\\xb0\\x9cu\\xa8QTw\\xb1\\xed\\xf2\\xa3C\\x168\\x9el\\xc5",
            "name": "authorityKeyIdentifier"
        }, {
            "data": "\\x04\\x14\\x0c3w\\xc7\\xee\\x14\\xbb\\xd1A\\xf4\\xa5\\xb9\\xe4W%/\\x9ac\\x05w",
            "name": "subjectKeyIdentifier"
        }, {
            "data": "0\\x1e\\x82\\x0e*.secure.ne.jp\\x82\\x0csecure.ne.jp",
            "name": "subjectAltName"
        }, {
            "critical": true,
            "data": "\\x03\\x02\\x05\\xa0",
            "name": "keyUsage"
        }, {
            "data": "0\\x14\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x01\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x03\\x02",
            "name": "extendedKeyUsage"
        }, {
            "data": "0503\\xa01\\xa0/\\x86-http://cdp.geotrust.com/GeoTrustRSACA2018.crl",
            "name": "crlDistributionPoints"
        }, {
            "data": "0C07\\x06\\t`\\x86H\\x01\\x86\\xfdl\\x01\\x020*0(\\x06\\x08+\\x06\\x01\\x05\\x05\\x07\\x02\\x01\\x16\\x1chttps://www.digicert.com/CPS0\\x08\\x06\\x06g\\x81\\x0c\\x01\\x02\\x01",
            "name": "certificatePolicies"
        }, {
            "data": "0g0&\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x01\\x86\\x1ahttp://status.geotrust.com0=\\x06\\x08+\\x06\\x01\\x05\\x05\\x070\\x02\\x861http://cacerts.geotrust.com/GeoTrustRSACA2018.crt",
            "name": "authorityInfoAccess"
        }, {
            "data": "0\\x00",
            "name": "basicConstraints"
        }, {
            "data": "\\x04\\x82\\x01k\\x01i\\x00w\\x00\\xbb\\xd9\\xdf\\xbc\\x1f\\x8aq\\xb5\\x93\\x94#\\x97\\xaa\\x92{G8W\\x95\\n\\xabR\\xe8\\x1a\\x90\\x96d6\\x8e\\x1e\\xd1\\x85\\x00\\x00\\x01a\\xd5\\x0e\\x03\\xf0\\x00\\x00\\x04\\x03\\x00H0F\\x02!\\x00\\x81\\xac\\xb0\\xfe\\xfa\\xe2\\x16\\x15W\\x01\\xf7M\\xb9a]\\xbd\\xef\\xee\\x9d\\t\\xfc\\x1dA\\x13\\xe0\\xc9\\xd5\\xb6\\xc7 ;\\x83\\x02!\\x00\\xa2\\xec\\xde+\\x84h\\x9c[s\\x9e\\xeb\\x13\\xb2C\\xaa\\xed\\t\\x8c\\x14\\xca\\xa1o\\xaa\\t\\x11LM\\x9d\\xde\\x87\\xb7H\\x00u\\x00\\x87u\\xbf\\xe7Y|\\xf8\\x8cC\\x99_\\xbd\\xf3n\\xffV\\x8dGV6\\xffJ\\xb5`\\xc1\\xb4\\xea\\xff^\\xa0\\x83\\x0f\\x00\\x00\\x01a\\xd5\\x0e\\x03\\x82\\x00\\x00\\x04\\x03\\x00F0D\\x02 \\'-\\xf7\\x80\\x12\\xf7\\x8d\\x86\\xe5\\x19\\xe9\\xc8\\xcc\\n\\xd3>hSW\\xb0\\xb0\\xef(P\\x82\\xe4X#\\x8aTH\\xed\\x02 (7\\x96i\\x12\\xae\\x13\\xb9\\xd0\\xec\\x19\\xd4h\\xd8\\x11\\xf0\\xcd\\xb1WK\\x91\\x06<\\xc2\\x9e\\xa4&=\\xde\\xfd:\\xbc\\x00w\\x00oSv\\xac1\\xf01\\x19\\xd8\\x99\\x00\\xa4Q\\x15\\xffw\\x15\\x1c\\x11\\xd9\\x02\\xc1\\x00)\\x06\\x8d\\xb2\\x08\\x9a7\\xd9\\x13\\x00\\x00\\x01a\\xd5\\x0e\\x05\\x9c\\x00\\x00\\x04\\x03\\x00H0F\\x02!\\x00\\xbaG(\\xaf=G[a\\x986&\\x0eC\\xac\\x9e\\x1b3\\xf9X\\xf3\\xf5\\xfc\\xc8=\\xf7B\\xe8j2\\xbe\\x7f\\xc5\\x02!\\x00\\xd1ad\\\\,v\\xe4\\xaa\\xf8g\\x90=\\x99x\\xe1\\x82\\x90I9\\x8eV\\x8c\\xcem\\xfd\\xae\\x8e\\xd11\\xe8\\x82\\xf4",
            "name": "ct_precert_scts"
        }],
        "fingerprint": {
            "sha256": "ece537bf521573813df656e69051824ceb9c552df1bb0f6cef48be6ec16bf15e",
            "sha1": "18b2886966e5e0eb8f046907c38a1f6cfdd485d6"
        },
        "serial": 6596692990875508509620539832346469659,
        "issuer": {
            "C": "US",
            "OU": "www.digicert.com",
            "O": "DigiCert Inc",
            "CN": "GeoTrust RSA CA 2018"
        },
        "expired": false,
        "subject": {
            "CN": "*.secure.ne.jp"
        }
    },
    "cipher": {
        "version": "TLSv1/SSLv3",
        "bits": 256,
        "name": "AES256-SHA"
    },
    "chain": ["-----BEGIN CERTIFICATE-----\nMIIGMjCCBRqgAwIBAgIQBPZ6E0SYqtY6w9glplHlGzANBgkqhkiG9w0BAQsFADBe\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe\nFw0xODAyMjcwMDAwMDBaFw0xOTA3MTcxMjAwMDBaMBkxFzAVBgNVBAMMDiouc2Vj\ndXJlLm5lLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUYeOSIR\nWi+SnNDmjgfdZ57IbcmWrdKBIrLLeTiYQ5/mRP1E/YiwR/KcAih3mkiTlCp4k7Ye\ngRLu/e+unQdumTkAu95AX7HrT/BTd6qv6nEqkjwyGbVao5m6l63+x2Naxq0LcvQ4\njGMKjJ/jXTtPRwu05MBoHgtJHrL89sitDGzhzvjRyZ6t1BAwptxpLo+xVi8cUB7f\nOIEkrX3Qc1p68N0GsbVnusjY7KTbFDSet4oNE2Wwrg3+fsqnI3TYiTEyLhwSl7wT\n7hBVZwjYA7dykLxiYbtWZmS972vjrSziiD79op1Jo9RTyQcNkIozOM8phworC1RD\nAMR57/JpzgsfEQIDAQABo4IDLzCCAyswHwYDVR0jBBgwFoAUkFj/sJx1qFFUd7Ht\n8qNDFjiebMUwHQYDVR0OBBYEFAwzd8fuFLvRQfSlueRXJS+aYwV3MCcGA1UdEQQg\nMB6CDiouc2VjdXJlLm5lLmpwggxzZWN1cmUubmUuanAwDgYDVR0PAQH/BAQDAgWg\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNVHR8ENzA1MDOgMaAv\nhi1odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJTQUNBMjAxOC5jcmww\nTAYDVR0gBEUwQzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93\nd3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMCYG\nCCsGAQUFBzABhhpodHRwOi8vc3RhdHVzLmdlb3RydXN0LmNvbTA9BggrBgEFBQcw\nAoYxaHR0cDovL2NhY2VydHMuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4\nLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwC72d+8\nH4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWHVDgPwAAAEAwBIMEYCIQCB\nrLD++uIWFVcB9025YV297+6dCfwdQRPgydW2xyA7gwIhAKLs3iuEaJxbc57rE7JD\nqu0JjBTKoW+qCRFMTZ3eh7dIAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq\n/16ggw8AAAFh1Q4DggAABAMARjBEAiAnLfeAEveNhuUZ6cjMCtM+aFNXsLDvKFCC\n5FgjilRI7QIgKDeWaRKuE7nQ7BnUaNgR8M2xV0uRBjzCnqQmPd79OrwAdwBvU3as\nMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWHVDgWcAAAEAwBIMEYCIQC6\nRyivPUdbYZg2Jg5DrJ4bM/lY8/X8yD33QuhqMr5/xQIhANFhZFwsduSq+GeQPZl4\n4YKQSTmOVozObf2ujtEx6IL0MA0GCSqGSIb3DQEBCwUAA4IBAQAcZh9iEaMER4YF\nmk87QbeEg8PrKvuV+Tdw8vKxkcv8B0AEHyVOXO1i28EtoUEfTQpC3D9Dip2D+G5g\n1z6MDPnFGN3uHR9TOm2+z+qLFf2c/zp3LYe+fUNAelGzTjrINB/N5CVzo80CpVLn\nXubBI6ZBJCG1UG/Rg9ySIEU2dW1vrbHlq4ACSx/+qfXqxP0YJhl/+47yrhBSDmRK\nzwIGQyqX74P0L/EzyyQeNY/kN6h2c1qxJSgrwxEMdDxS4pQSNj2+GxSftZaRK19e\nEAFMYJrXeW8h43Ze67nCEMjivXYvgrfGZovy1iGGtTYmVp7D0jvXg7iLi3zphxKw\nqaSUjhyC\n-----END CERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\nMIIEizCCA3OgAwIBAgIQBUb+GCP34ZQdo5/OFMRhczANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xNzExMDYxMjIzNDVaFw0yNzExMDYxMjIzNDVaMF4xCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAv4rRY03hGOqHXegWPI9/tr6HFzekDPgxP59FVEAh\n150Hm8oDI0q9m+2FAmM/n4W57Cjv8oYi2/hNVEHFtEJ/zzMXAQ6CkFLTxzSkwaEB\n2jKgQK0fWeQz/KDDlqxobNPomXOMJhB3y7c/OTLo0lko7geG4gk7hfiqafapa59Y\nrXLIW4dmrgjgdPstU0Nigz2PhUwRl9we/FAwuIMIMl5cXMThdSBK66XWdS3cLX18\n4ND+fHWhTkAChJrZDVouoKzzNYoq6tZaWmyOLKv23v14RyZ5eqoi6qnmcRID0/i6\nU9J5nL1krPYbY7tNjzgC+PBXXcWqJVoMXcUw/iBTGWzpwwIDAQABo4IBQDCCATww\nHQYDVR0OBBYEFJBY/7CcdahRVHex7fKjQxY4nmzFMB8GA1UdIwQYMBaAFAPeUDVW\n0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF\nBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo\nMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E\nOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i\nYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo\ndHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAw\n8YdVPYQI/C5earp80s3VLOO+AtpdiXft9OlWwJLwKlUtRfccKj8QW/Pp4b7h6QAl\nufejwQMb455OjpIbCZVS+awY/R8pAYsXCnM09GcSVe4ivMswyoCZP/vPEn/LPRhH\nhdgUPk8MlD979RGoUWz7qGAwqJChi28uRds3thx+vRZZIbEyZ62No0tJPzsSGSz8\nnQ//jP8BIwrzBAUH5WcBAbmvgWfrKcuv+PyGPqRcc4T55TlzrBnzAzZ3oClo9fTv\nO9PuiHMKrC6V6mgi0s2sa/gbXlPCD9Z24XUMxJElwIVTDuKB0Q4YMMlnpN/QChJ4\nB0AFsQ+DU0NCO+f78Xf7\n-----END CERTIFICATE-----\n"],
    "alpn": []
}

下面是一种更具可读性的gist格式：

https://gist.github.com/achillean/88531c3e47cc2b9fc94435b6fd8fce08

您要寻找的属性是ssl.cert.issuer.CN.。在Python中，这转换为：

results = api.search('port:443')
for banner in results:
    # Only care about services that use SSL
    if 'ssl' in banner:
        # You should also check to make sure this property exists or wrap whatever you're doing with it in a try/ except clause
        print(banner['ssl']['cert']['issuer']['CN'])

您还应该查看Shodan (https://cli.shodan.io)，它可以处理与Shodan相关的80%的用例。我们这里有几段视频让你开始：

https://asciinema.org/~Shodan

对于这类问题，我建议打印出整个对象：

print(banner)

然后，一旦你看到了整个对象所提供的东西，就会知道它的确切属性。