Thought I'd share with you guys how I use the API to grab the IOCs and then convert the JSON report into a CSV, which could then be used in many ways.
All of this is happening AFTER Shodan API keys have been successfully initialised (described in a post earlier).
First up, simply fire up the shodan CLI to download the indicators by running the command below.
Syntax:
$ shodan download --limit [number of results you want eg. 1000] filename [whatever you want to call it. eg. malware-iocs-date category:malware
Example:
$ shodan download --limit 1000 malware category:malware
This should dump the results for you in a JSON format file.
Next, if you want to, convert the results into a CSV:
$ shodan convert malware.json.gz csv
That's it. It'll dump a CSV version of the file for you to use whatever way you want to.
:)
No comments:
Post a Comment