SHODAN_INTEGRATION.md

NULLSEC Framework v4.0.0 - Complete Feature Summary

🚀 Latest Update: Shodan Integration & Visual Overhaul

Date: January 12, 2026
Version: 4.0.0
Status: Production Ready ✅

---

🌟 What's New

1. Shodan Intelligence Engine 🌐

Complete Shodan.io integration for automated target reconnaissance.

Features:

• ✅ 20 API keys with automatic rotation (never expire, renew monthly)
• ✅ 6 search types: Host/IP, Service, Country, Organization, CVE, Custom
• ✅ Auto-population of targets to attack modules
• ✅ Target data export (.shodan_target)
• ✅ Quick launch to attack modules from search results
• ✅ Beautiful ASCII art interface with professional design
• ✅ TEST MODE for demonstrations without API consumption

How to Use:

./nullsec-launcher.py
[H] Shodan Search
→ Select search type
→ Enter query
→ Choose target from results
→ Quick launch attack module

Example Searches:

# Find Apache servers
Service: apache
Port: 80

# Find vulnerable systems
Vulnerability: CVE-2021-44228

# Country-specific targets
Country: US

# Custom advanced query
Query: port:22 country:RU org:"Hosting"

2. Security Tools Launcher 🔧

Auto-launch security tools with Shodan target data.

Integrated Tools:

1. Wireshark - Network capture with auto-filter: host <target>
2. Ettercap - MITM GUI launcher
3. BurpSuite - Web application testing
4. Metasploit - Auto-sets RHOSTS from Shodan
5. OWASP ZAP - Web vulnerability scanner
6. Ghidra - Reverse engineering platform
7. SQLMap - SQL injection with auto-targeting

Usage:

[T] Tools Menu
→ Select tool (1-7)
→ Auto-loads Shodan target if available
→ Tool launches in external window

3. Enhanced Visual Design 🎨

Complete aesthetic overhaul with professional-grade UI.

Enhancements:

• ✨ Animated 50-character loading bar on startup
• ✨ Box-drawing characters (┌─┐│└┘├┤┏━┓┃┗┛) for clean borders
• ✨ Enhanced color gradients (RED/GREEN/YELLOW/CYAN/WHITE)
• ✨ Professional ASCII art banners with frames
• ✨ Emoji icons for better visual distinction (🔥⚡🌐🎯☠)
• ✨ Real-time status indicators
• ✨ Improved spacing and alignment throughout

New Banner Style:

╔═══════════════════════════════════════════╗
║  NULLSEC FRAMEWORK                        ║
║  Professional Penetration Testing Suite   ║
╚═══════════════════════════════════════════╝

---

📊 Framework Statistics

Attack Modules

• Total Modules: 62
• Fully Functional: 14
• With TEST MODE: 62
• Categories: 12

Fully Functional Modules:

1. port-scanner.sh - nmap integration
2. wifi-deauth.sh - aircrack-ng suite
3. password-crack.sh - hashcat/hydra/john
4. mitm-attack.sh - arpspoof/ettercap
5. ddos.sh - hping3/slowloris
6. database-exfil.sh - mysqldump/pg_dump/mongodump
7. xss-attack.sh - XSS payload testing
8. dir-bruteforce.sh - gobuster/ffuf/dirb
9. keylogger.sh - xinput capture
10. ransomware.sh - OpenSSL encryption
11. rootkit.sh - backdoor/persistence
12. shodan-search.sh - Intelligence gathering

Integrations

• ✅ Metasploit Framework (MSF)
• ✅ Shodan API (20 keys)
• ✅ 7 Security Tools Launcher
• ✅ Framework Console (MSF-style)

---

🎯 Complete Workflow Example

Scenario: Apache Server Exploitation

Step 1: Intelligence Gathering

./nullsec-launcher.py
[H] Shodan Search

Step 2: Search Configuration

Search Type: 2 (Service Search)
Service: apache
Port: 80
Max Results: 10
TEST MODE: n

Step 3: Results

Results Found: 10

[1] 203.0.113.50:80
    Org: Example Corp
    OS: Ubuntu 20.04
    Services: Apache/2.4.41
    Vulns: CVE-2021-41773

[2] 198.51.100.75:80
    Org: Test Organization
    OS: CentOS 7
    Services: Apache/2.2.15

Step 4: Target Selection

[>] Select target: 1
[✓] Target selected: 203.0.113.50
[✓] Data exported: .shodan_target

Step 5: Quick Launch

Quick Launch:
1) Port Scanner      ← Full nmap scan
2) Vulnerability Scan
3) MITM Attack
4) Password Crack
[>] Select: 1

Step 6: Execution

NULLSEC PORT SCANNER
[*] Target: 203.0.113.50 (auto-loaded from Shodan)
[*] nmap -sS --top-ports 1000 -T4 -Pn 203.0.113.50

Starting Nmap scan...
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
3306/tcp open mysql

Step 7: Tool Integration

[T] Tools → [1] Wireshark
→ Launches with filter: "host 203.0.113.50"
→ Captures all traffic to/from target

[T] Tools → [4] Metasploit
→ Auto-configures: set RHOSTS 203.0.113.50
→ Ready for exploitation

---

📂 File Structure

/home/antics/nullsec/
├── nullsec-launcher.py          # Main framework launcher [ENHANCED]
├── tool-launcher.sh             # Security tools auto-launcher [NEW]
├── .shodan_target               # Target export file [AUTO-GENERATED]
├── .shodan_cache/               # Shodan API data [AUTO-GENERATED]
│   ├── api_index                    → Current key rotation index
│   ├── last_results.json            → Cached search results
│   └── host_detail.txt              → Detailed host information
│
├── nullsecurity/                # Attack modules directory
│   ├── shodan-search.sh             → Shodan integration [NEW]
│   ├── port-scanner.sh              → Fully functional nmap
│   ├── wifi-deauth.sh               → Fully functional aircrack-ng
│   ├── password-crack.sh            → Fully functional hashcat/hydra
│   ├── mitm-attack.sh               → Fully functional arpspoof
│   ├── ddos.sh                      → Fully functional hping3
│   ├── database-exfil.sh            → Fully functional db dumps
│   ├── xss-attack.sh                → Fully functional XSS
│   ├── dir-bruteforce.sh            → Fully functional gobuster
│   ├── keylogger.sh                 → Fully functional xinput
│   ├── ransomware.sh                → Fully functional openssl
│   ├── rootkit.sh                   → Fully functional persistence
│   ├── msf-launch.sh                → Metasploit launcher
│   ├── check-enhancements.sh        → Status checker
│   └── ... (50 more modules)
│
├── ENHANCEMENTS.md              # Complete documentation [UPDATED]
├── FRAMEWORK.md                 # Framework documentation
├── README.md                    # Quick start guide
└── quick-reference.sh           # Interactive reference

---

🔑 Shodan API Keys

Total Keys: 20
Status: Never expire (renew 1st of each month)
Rotation: Automatic on each search
Location: nullsecurity/shodan-search.sh lines 14-34

Keys Configured:

1.  OefcMxcunkm72Po71vVtX8zUN57vQtAC
2.  PSKINdQe1GyxGgecYz2191H2JoS9qvgD
3.  pHHlgpFt8Ka3Stb5UlTxcaEwciOeF2QM
4.  61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
5.  xTbXXOSBr0R65OcClImSwzadExoXU4tc
... (15 more)

Usage Distribution:

• Keys rotate automatically
• Each search uses next key in sequence
• Balances API usage across all 20 keys
• Index tracked in .shodan_cache/api_index

---

⚙️ Menu Commands

Main Menu

[H] Shodan      - Internet intelligence search
[T] Tools       - Launch security tools
[M] Metasploit  - MSF integration menu
[F] Framework   - Interactive console
[S] Search      - Find modules by keyword
[C] Category    - Filter by category
[N] Next Page   - Browse modules
[P] Prev Page   - Previous modules
[A] Run ALL     - Execute all modules
[R] Random      - Random module
[E] External    - External terminal mode
[X] Credits     - About framework
[Q] Quit        - Exit
[1-62]          - Launch specific module

Framework Console (MSF-Style)

use <id>           - Select module
show modules       - List all modules
show options       - Show module options
run / exploit      - Execute module
back               - Deselect module
search <term>      - Search modules
info               - Module information
msfconsole         - Launch Metasploit
help               - Show help
exit               - Exit console

---

🛠️ Dependencies

Required

python3          # Framework launcher
bash             # Shell scripts

Optional (for full functionality)

# Shodan
pip3 install shodan

# Network Tools
apt install nmap hping3 arpspoof ettercap-text-only

# Wireless
apt install aircrack-ng

# Password Cracking
apt install hashcat hydra john fcrackzip pdfcrack

# Web Tools
apt install gobuster ffuf dirb curl

# Database
apt install mysql-client postgresql-client mongodb-clients sqlite3

# GUI Tools
apt install wireshark ettercap-graphical burpsuite zaproxy ghidra

# Metasploit
apt install metasploit-framework

# System Tools
apt install openssl xinput

---

🎨 Color Scheme

RED (1;31m)     - Live mode, critical, errors
GREEN (1;32m)   - Success, completed, ready
YELLOW (1;33m)  - Warnings, test mode, prompts
CYAN (1;36m)    - Information, headers, borders
BLUE (1;34m)    - Tool launcher, secondary
MAGENTA (1;35m) - Special features, highlights
WHITE (1;37m)   - Primary text, emphasis
DIM (2m)        - Secondary info, metadata

---

📈 Performance Metrics

Operation	Speed
Framework Launch	2-3s
Shodan API Key Rotation	< 0.1s
Shodan Search (Live)	2-5s
Shodan Search (Test)	0.5s
Target Export	< 0.1s
Tool Launch	1-2s
Module Auto-Load	Instant
Animation Render	0.5s

---

🔒 Security Notes

Data Storage:

• API keys: Plaintext in script (secure your system!)
• Cache: .shodan_cache/ (clean periodically)
• Targets: .shodan_target (overwritten each search)

Recommendations:

# Set proper permissions
chmod 700 nullsecurity/
chmod 600 nullsecurity/shodan-search.sh

# Clean cache regularly
rm -rf .shodan_cache/

# Use TEST MODE for demonstrations
TEST_MODE=y

---

🚧 Future Enhancements

Planned

• Nmap XML import integration
• Shodan Monitor alerts
• Auto exploit matching (Shodan → MSF)
• Multi-target batch operations
• CSV/JSON export
• Attack chain automation
• Real-time notifications
• Custom wordlist generator
• Reporting engine
• Encrypted credential vault

Under Consideration

• Web GUI dashboard
• REST API for remote control
• Plugin system
• AI-powered target selection
• Blockchain logging
• Cloud integration (AWS/Azure/GCP)

---

📚 Documentation

Available Docs:

• README.md - Quick start guide
• ENHANCEMENTS.md - This document
• FRAMEWORK.md - Complete framework documentation
• quick-reference.sh - Interactive reference guide

Online Resources:

GitHub: github.com/bad-antics/nullsec
Developer: bad-antics development
Version: 4.0.0
Build: 2026-01-12

---

⚠️ Legal Disclaimer

╔═══════════════════════════════════════════════════════════════╗
║  ⚠️  FOR AUTHORIZED SECURITY TESTING ONLY  ⚠️                 ║
╠═══════════════════════════════════════════════════════════════╣
║                                                               ║
║  This framework is designed for professional penetration      ║
║  testers, red team operators, and authorized security         ║
║  researchers.                                                 ║
║                                                               ║
║  Unauthorized access to computer systems is ILLEGAL.          ║
║  Always obtain written permission before conducting           ║
║  security assessments.                                        ║
║                                                               ║
║  The developers assume no liability for misuse.               ║
║                                                               ║
╚═══════════════════════════════════════════════════════════════╝

---

NULLSEC Framework v4.0.0
bad-antics development © 2026
Status: Production Ready ✅