feat: add internetdb plugin (Shodan InternetDB host recon)

Free, keyless API returning open ports, hostnames, CPEs, tags, and known CVEs for any public IP. All requests routed through SOCKS5. 21 test cases (927 total). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 17:41:51 +01:00
parent 442fea703c
commit 3de3f054df
6 changed files with 487 additions and 8 deletions
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -237,9 +237,10 @@ Categories: sqli, xss, ssti, lfi, cmdi, xxe
 !blacklist 1.2.3.4             # DNSBL reputation check
 ```

-## Intelligence (local databases)
+## Intelligence (local databases + APIs)

 ```
+!internetdb 8.8.8.8           # Shodan InternetDB: ports, CVEs, CPEs, tags
 !geoip 8.8.8.8                # GeoIP: city, country, coords, tz
 !asn 8.8.8.8                  # ASN: number + organization
 !tor 1.2.3.4                  # Check Tor exit node
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -133,6 +133,7 @@ format = "text"               # Log format: "text" (default) or "json"
 | `!abuse <ip> report <cats> <comment>` | Report IP to AbuseIPDB (admin) |
 | `!vt <hash\|ip\|domain\|url>` | VirusTotal lookup |
 | `!emailcheck <email> [email2 ...]` | SMTP email verification (admin) |
+| `!internetdb <ip>` | Shodan InternetDB host recon (ports, CVEs, CPEs) |
 | `!shorten <url>` | Shorten a URL via FlaskPaste |
 | `!pastemoni <add\|del\|list\|check>` | Paste site keyword monitoring |

@@ -935,6 +936,29 @@ Polling and announcements:
 - `list` shows keyword and per-backend error counts
 - `check` forces an immediate poll across all backends

+### `!internetdb` -- Shodan InternetDB
+
+Look up host information from Shodan's free InternetDB API. Returns open ports,
+reverse hostnames, CPE software fingerprints, tags, and known CVEs. No API key
+required.
+
+```
+!internetdb 8.8.8.8
+```
+
+Output format:
+
+```
+8.8.8.8 -- dns.google | Ports: 53, 443 | CPEs: cpe:/a:isc:bind | Tags: cloud
+```
+
+- Single IP per query (IPv4 or IPv6)
+- Private/loopback addresses are rejected
+- Hostnames truncated to first 5; CVEs truncated to first 10 (with `+N more`)
+- CPEs truncated to first 8
+- All requests routed through SOCKS5 proxy
+- Returns "no data available" for IPs not in the InternetDB index
+
 ### FlaskPaste Configuration

 ```toml