Add new CLI command: shodan alert domain

achillean · Apr 6, 2020 · d91ffd8 · d91ffd8
1 parent b7a9978
commit d91ffd8
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 CHANGELOG
 =========
 
+1.23.0
+------
+* Add new CLI command: shodan alert domain
+
 1.22.1
 ------
 * Fix bug when converting data file to CSV using Python3

diff --git a/setup.py b/setup.py
@@ -2,12 +2,14 @@
 
 from setuptools import setup
 
+
 DEPENDENCIES = open('requirements.txt', 'r').read().split('\n')
 README = open('README.rst', 'r').read()
 
+
 setup(
     name='shodan',
-    version='1.22.1',
+    version='1.23.0',
     description='Python library and command-line utility for Shodan (https://developer.shodan.io)',
     long_description=README,
     long_description_content_type='text/x-rst',

diff --git a/shodan/cli/alert.py b/shodan/cli/alert.py
@@ -3,6 +3,7 @@
 
 from operator import itemgetter
 from shodan.cli.helpers import get_api_key
+from time import sleep
 
 
 @click.group()
@@ -46,6 +47,35 @@ def alert_create(name, netblocks):
     click.secho('Alert ID: {}'.format(alert['id']), fg='cyan')
 
 
+@alert.command(name='domain')
+@click.argument('domain', metavar='<domain>', type=str)
+@click.option('--triggers', help='List of triggers to enable', default='malware,industrial_control_system,internet_scanner,iot,open_database,new_service,ssl_expired,vulnerable')
+def alert_domain(domain, triggers):
+    """Create a network alert based on a domain name"""
+    key = get_api_key()
+
+    api = shodan.Shodan(key)
+    try:
+        # Grab a list of IPs for the domain
+        domain = domain.lower()
+        click.secho('Looking up domain information...', dim=True)
+        info = api.dns.domain_info(domain, type='A')
+        domain_ips = set([record['value'] for record in info['data']])
+
+        # Create the actual alert
+        click.secho('Creating alert...', dim=True)
+        alert = api.create_alert('__domain: {}'.format(domain), list(domain_ips))
+
+        # Enable the triggers so it starts getting managed by Shodan Monitor
+        click.secho('Enabling triggers...', dim=True)
+        api.enable_alert_trigger(alert['id'], triggers)
+    except shodan.APIError as e:
+        raise click.ClickException(e.value)
+
+    click.secho('Successfully created domain alert!', fg='green')
+    click.secho('Alert ID: {}'.format(alert['id']), fg='cyan')
+
+
 @alert.command(name='info')
 @click.argument('alert', metavar='<alert id>')
 def alert_info(alert):