Skip to content
Shodan Book

nrich

Everyone

A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be used in a data pipeline.

Terminal window
5.196.94.201 (ns376758.ip-5-196-94.eu, devserv.fr)
  Ports: 443
  Tags: eol-product
  CPEs: cpe:/a:f5:nginx:1.22.1


223.130.11.165
  Ports: 80, 443
  Tags: eol-product
  CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/o:linux:linux_kernel, cpe:/a:f5:nginx:1.18.0
  Vulnerabilities: CVE-2023-44487, CVE-2021-3618, CVE-2021-23017


134.209.171.37
  Ports: 22
  Tags: cloud
  CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux
Developer information

The following API method(s) are used:

  • https://internetdb.shodan.io/{IP}

Installation

Grab the latest release for your operating system. For example, to install the nrich command in Ubuntu:

Terminal window
$ wget https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_x86_64.deb
$ sudo dpkg -i nrich_latest_x86_64.deb

For MacOS, install from tap repository with homebrew

Terminal window
$ brew tap shodan-public/homebrew-shodan https://gitlab.com/shodan-public/homebrew-shodan
$ brew install nrich

To confirm that it's working you can pipe an IP to the command. For example:

Terminal window
$ echo 159.65.148.231 | nrich -
159.65.148.231 (guardian.smartedubd.net)
  Ports: 22, 80, 443, 3306
  Tags: database, cloud, eol-product
  CPEs: cpe:/a:oracle:mysql:8.0.41-0ubuntu0.20.04.1, cpe:/o:linux:linux_kernel, cpe:/a:openbsd:openssh:8.2p1, cpe:/a:f5:nginx:1.18.0, cpe:/o:canonical:ubuntu_linux, cpe:/a:getbootstrap:bootstrap
  Vulnerabilities: CVE-2023-44487, CVE-2021-3618, CVE-2021-23017

Usage

The nrich command only requires a single argument: the filename that contains the IPs. By default, it will show the information in a human-friendly output but it also supports output as JSON for piping to other tools (ex. jq).

$ nrich --help
nrich 0.1.0
Add network information to IPs


USAGE:
    nrich [OPTIONS] <filename>


FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information


OPTIONS:
    -o, --output <output>    Output format (shell or json) [default: shell]


ARGS:
    <filename>    File containing an IP per line. Non-IPs are ignored

Examples

Install the tool and run it against a list of emerging threats