shodan-python icon indicating copy to clipboard operation
shodan-python copied to clipboard

Published 20 hours ago verified publisher icon achillean

Keep specific hostname when adding domain-based network alert

Open achillean opened this issue 2 years ago • 3 comments

If a user runs a command such as:

shodan alert domain www.shodan.io

Then the CLI will create a domain-based network alert for shodan.io. However, it should create a network alert for just www.shodan.io which is how the Shodan Monitor website operates.

achillean avatar Apr 15 '22 23:04 achillean

@achillean Is this issue still something that you would like to be added to the Shodan CLI?

rmhowe425 avatar Jul 09 '23 15:07 rmhowe425

Yes, but we probably need to add something like tldextract as a dependency to identify whether the user is setting up a specific hostname. The workflow would look something like:

  1. Parse the domain with tldextract
  2. Check if the provided domain has a subdomain
  3. If it has a subdomain then lookup the IPv4 and IPv6 addresses for the hostname and use that for the list of IPs. If it doesn't have a subdomain then grab the list of IPs from DNSDB; i.e. what we're currently doing.
  4. Create the new asset group with the list of IPs

achillean avatar Jul 11 '23 22:07 achillean

Understood! I'll work on this!

rmhowe425 avatar Jul 11 '23 22:07 rmhowe425