All Apps and Add-ons

Does the Hurricane Labs App for Shodan support CIDR notation when populating the CSV file it references?

hazaklioglu
New Member
0 Karma

rdaul
New Member

I also faced the same problem. Hurricane labs app is querying Shodan and providing the results. I figured out in my case, the API is broken. Shodan REST API documentation (link below) specifies that net filter to be used for the CIDR notation. However, I know the API key works as I tested with the 4.2.2.2, but it wont work for CIDR, for ex: query=net:4.2.2.0/30 (which ideally should return the results)
https://developer.shodan.io/api

You can try this on your browser with your API key and query as per the document.
https://api.shodan.io/shodan/host/search?key={YOUR_API_KEY}&query={query}

I presume if this gets fixed then the app will work for CIDR.

0 Karma

gaylorddusautoi
New Member

I'm facing issue with CIDR.
I made some tests with 8.8.8.8, it's working properly but not with 8.8.8.0/24 notation.
Did I miss something ?

0 Karma

mcmaster
Communicator

The only CSV I can think of for the app is the one you set up under "Configure" in the app (shodan_lookup.csv), which absolutely supports CIDR notation.

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...