Python - Removing result in shodan results

Question

I am attempting to parse Shodan query results and print only the results that match the criteria I have set. The output need to be in JSON format to be integrated later in Splunk.

I'd like to iterate over the set of elements and removing an element if it doesn't match the location country_code of "US".

Here is my code :

import shodan
import os
import sys
import json

SHODAN_API_KEY = os.environ.get("SHODAN_API_KEY")

api = shodan.Shodan(SHODAN_API_KEY)

query = sys.argv[1]

try:
    query_results = api.search(query)
except shodan.APIError as err :
    print('Error: {}'.format(err))

for element in query_results['matches']:
    if 'US' in format(element['location']['country_code']):
        del element
print(query_results['matches'])

But with this code my element won't get removed from query_result['matches'].

Answer 1

There are a few things:

1. Consider using the Shodan.search_cursor(query) method instead of just Shodan.search(query). The search_cursor() method handles paging through results for you in case there are more than 100 results. Otherwise you need to do that on your own by providing the page parameter to the search() method. Here is an article that explains it a bit further: https://help.shodan.io/guides/how-to-download-data-with-api

2. You can actually filter out non-US results within the search query! Simply add " -country:US" to your query and you won't get any results for services in the US. I.e. do the following assuming you have Python 3.7:

query_results = api.search(f'{query} -country:US')