Lampyre

Introduction

This guide explains how to use Lampyre's integrated Shodan capabilities to discover and analyze internet-connected devices, specifically focusing on finding and exploring open databases. Lampyre combines the advantages of many Cyber Threat Intelligence and Open Source Intelligence Gathering (OSINT) tools for convenient data analysis.

Prerequisites: Setup and Configuration

1. Lampyre Client: You need to have the Lampyre Desktop Client installed and licensed.

2. Shodan API Key: You'll need a Shodan API key. You can get one by signing up on the Shodan website. A free tier is available, but paid plans offer more credits and capabilities.

Running Shodan Requests in Lampyre

Finding Open MongoDBs

This request allows you to search Shodan's vast database for specific products, like MongoDB.

1. Start a New Investigation:

   Open the Lampyre client and create a new investigation.

2. Select Shodan Search Request:

   Go to WINDOWS -> List of Requests (or Ctrl + Y).

   In the "List of Requests" window, choose the Shodan Search request.

3. Configure Search Parameters:

   In the input parameters for the Shodan Search request:

   • Fill in the Shodan API Key field with your own key.
   • Set "mongodb" as the Query.

4. Execute the Request:

   Click Execute. Lampyre will then display the found MongoDB instances, providing initial information indexed by Shodan, including database structure, collections, and technical parameters.

5. Select IPs and Explore:

   After obtaining your initial Shodan Search results, select the IP addresses of the MongoDBs you wish to explore (e.g., directly within the results table or after transferring them to a schema for better organization).

Similar research can be performed in Lampyre for Elasticsearch and FTP services using Shodan search requests, costing only 1 photon per request.