shodan-crt.sh is a script designed to automate the process of gathering Open Source Intelligence (OSINT) on a particular domain. It extracts subdomains using crt.sh, resolves them to IP addresses, and then queries Shodan for detailed information about these IPs.
- Subdomain Extraction: Fetch subdomains from crt.sh.
- IP Resolution: Resolve each subdomain to its corresponding IP address.
- Shodan Lookup: Query resolved IPs on Shodan for a detailed security footprint.
- jq: Command-line JSON processor.
- curl: Command-line tool for transferring data with URLs.
- Shodan CLI: Tool to interact with the Shodan API.
Before using the script, initialize your Shodan CLI with your API key:
shodan init YOUR_API_KEYReplace YOUR_API_KEY with your actual Shodan API key. Get your API key from your Shodan account.
Clone the repository and make the script executable:
git clone https://github.com/your-username/shodan-crt.sh.git
cd shodan-crt.sh
chmod +x shodan-crt.shRun the script by passing the target domain as an argument:
./shodan-crt.sh <domain>For example:
./shodan-crt.sh example.comThe script can be easily customized to fit more specific OSINT requirements or workflows.