I am attempting to parse Shodan query results and print only the results that match the criteria I have set. The output need to be in JSON format to be integrated later in Splunk.
I'd like to iterate over the set of elements and removing an element if it doesn't match the location country_code
of "US".
Here is my code :
import shodan
import os
import sys
import json
SHODAN_API_KEY = os.environ.get("SHODAN_API_KEY")
api = shodan.Shodan(SHODAN_API_KEY)
query = sys.argv[1]
try:
query_results = api.search(query)
except shodan.APIError as err :
print('Error: {}'.format(err))
for element in query_results['matches']:
if 'US' in format(element['location']['country_code']):
del element
print(query_results['matches'])
But with this code my element
won't get removed from query_result['matches']
.
There are a few things:
Consider using the
Shodan.search_cursor(query)
method instead of justShodan.search(query)
. Thesearch_cursor()
method handles paging through results for you in case there are more than 100 results. Otherwise you need to do that on your own by providing thepage
parameter to thesearch()
method. Here is an article that explains it a bit further: https://help.shodan.io/guides/how-to-download-data-with-apiYou can actually filter out non-US results within the search query! Simply add " -country:US" to your query and you won't get any results for services in the US. I.e. do the following assuming you have Python 3.7: