Conversation
Documentation
…into documentation
ketumbra
left a comment
ketumbra
left a comment
There was a problem hiding this comment.
Thanks for your input!
I think we should really focus on making something useful before we get too deep into README best practices. External People are unlikely to want to help until it's at least a bit useful first anyway.
| - passive dns domain (dumpsterDNS, circl.lu etc) | ||
| - reverse dns domain (exclude answers that contain the ip address in reverse as prob just the ISP?) | ||
| - check BGP and repeat for other IPs in the subnet, find a pattern? | ||
| This script is for fingerprinting servers to find potential vunerabilities for responsible disclosure. |
There was a problem hiding this comment.
No, this is not to find vulns. This script is just meant to find the owners of vulnerable systems in bulk so we can contact them.
|
|
||
| Requirements are in the requirements.txt | ||
|
|
||
| ```python |
There was a problem hiding this comment.
so why duplicate them here? This will just get out of sync with the ground truth.
| ## Shodan Input | ||
|
|
||
| ### Shodan - Set up and configuration. | ||
|
|
There was a problem hiding this comment.
Mhm, not sure it's our responsibility to tell people how to use Shodan. There is a shodan import for convenience as we can often use shodan to find the vulnerable IPs and the export contains other useful clues we can use to find a contact.
|
|
||
| ## How to contribute | ||
|
|
||
| ADD HOW TO CONTRIBUTE HERE No newline at end of file |
There was a problem hiding this comment.
Make a PR :)
We don't yet have a complicated process to get through.
3 participants
I've restructured the entire readme documentation, it's still a starting point.
The more I look at the code the more I see what we could do, but I'd like us to agree first on the documentation before I look into the code itself.
Could you help out expanding the how to use section?
There is something, oddly enough I have never use in the code which is :
in main.py:
from sys import argv from .ipid import identifyIP if len(argv)>1: print(identifyIP(argv[1]))By the looks of it, this looks like the script main entry point that's calling the identifyIP with an argument when you run it from the command line, is this correct ?
Are you ok with me splitting up the code across different files?
Also best if you could add to how to contribute (not sure what to put in there)
I have added what I know of shodan and what the input should look like and what the output from shodan should look like.
Before going any further I would like your input to make sure I'm on the right track here to begin with.
Cheers