metasploit-framework
metasploit-framework copied to clipboard
rapid7
auxiliary/gather/shodan_honeyscore does not return calculated scores
Steps to reproduce
I tried to use auxiliary/gather/shodan_honeyscore to check if an IP is a honeypot while it returns errors like below:
root@kali:~# msfconsole
msf5 > use auxiliary/gather/shodan_honeyscore
msf5 auxiliary(gather/shodan_honeyscore) > set SHODAN_APIKEY
SHODAN_APIKEY =>
msf5 auxiliary(gather/shodan_honeyscore) > set TARGET 8.8.8.8
TARGET => 8.8.8.8
msf5 auxiliary(gather/shodan_honeyscore) > run
[*] Scanning 8.8.8.8
[-] Shodan did not respond in an expected way. Check your api key
[*] Auxiliary module execution completed
Expected behavior
Based on the information provided by shodan, the honeyscore should return things like this:
msf auxiliary(shodan_honeyscore) > run
[*] Scanning 8.8.8.8
[-] 8.8.8.8 is not a honeypot
[*] 8.8.8.8 honeyscore: 0.0/1.0
[*] Auxiliary module execution completed
Current behavior
Shodan honeyscore returns the error "Shodan did not respond in an expected way. Check your api key". I test other commands (e.g. shodan host scan) on the same IP which works properly. I think my API Key works fine and I read other blogs which show they can gain the honeyscore after targeting 8.8.8.8. I tried the honeyscore webpage https://honeyscore.shodan.io/ as well but it returns "No information available for that IP, please try another address.". I tried the webpage version on different computers and they all returns the same error.
I really don't know what the problem is, can somebody help to see what could be the possible reason for the error messages?
@WenluZhang1 For what its worth I tested this and am also getting errors on the web site version. Its possible they may be experiencing issues with their database or do not have a complete data set so you are hitting errors were they have gaps in their coverage.
As for the API issue, I'd check to see if you can access other functions of that API using the same API key but a different function to confirm that the API key is valid and its just a specific function that is failing.
If its a specific function then I'd double check if you are able to make it work locally in something like Burp or PostMan after editing the request; if that works and our module doesn't, then its likely the format of the request we use in our module is wrong. If it still doesn't work, then its possible the API on their side has broken, and there is unfortunately nothing we can do from our side to fix that; you'd have to speak to Shodan and let them know about the issue.
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi again!
It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Have you solved this problem? It seems like I've encountered the same issue as well. msf6 auxiliary(gather/shodan_honeyscore) > set TARGET 83.166.169.248 TARGET => 83.166.169.248 msf6 auxiliary(gather/shodan_honeyscore) > run
[] Scanning 83.166.169.248 [-] Shodan did not respond in an expected way. Check your api key [] Auxiliary module execution completed Meanwhile, when I try to look up this IP on the website, it displays "No information available for that IP, please try another address."
