After a short and relax time on holidays, go back to the blog! A short time ago, I discoveredthe onyphe.io service through of a post by FluProject friends. Onyphe is a search engine for Internet-connected devices similar to Shodan, Censys, ZoomEye or Fofa. In the same way to the commented services has a web portal to perform searches, as well as a free API (with its limitations of course).
The information it returns is grouped into the following categories:
- geoloc: information: registrar, organization, ASN,…
- pastries: Possible leaks in pastebin.
- inetnum: Subnet information.
- resolver: Identification of the domains located in the IP address by means of DNS resolution..
- syscan: Portscan
- datascan: Information returned by the application (banner, response headers,…).
- sniffer: It has a series of honeypots in Internet sniffing traffic that could be related to the search made.
- ctl: Information on the transparency of the certificate (if applicable)..
- Google maps: Geolocation using Google maps.
- threatlist:Results if the IP address is registerred in blacklists,
For more detailed information on the categories I recommend you consult the service blog: https://www.onyphe.io/blog/standard-information-categories/
As an example doing a simple search by IP address:
- Information about IP:
- Geolocation and blacklists:
In the same way, it is possible to search by keywords using the «data» parameter. Here is an example for the vulnerability on libssh.
So much for the information on the portal. Now let’s go to what interests us, the API. As mentioned above, it has a free API, but limited (30 requests/month and no access to some categories such as resolver), as well as a premium at a very low price (59 euros) considering that it is unlimited and for life. All this on an individual level. For more information, you can consult: https://www.onyphe.io/pricing/
The information about the use of the API you can find here very well detailed:: https://www.onyphe.io/documentation/api
Then I started messing with it and I got a simple script in python3 😉 to interact with the API and get the ports open. You could get more info and maybe I’ll play with it later, but above all I wanted it to be simple because I’ll add this script to my information gathering framework.
The script expects to receive in a txt file the IP addresses one on each line showing on screen the results and exporting by default the results in excel. Before you start you have to register and get your limited API and put it in the script, right here:
Below it is an example of how to use it:
In case anyone finds it useful, you can find it in my github: https://github.com/n4xh4ck5/pyonyphe
See you in the next post
The best defence is a good attack