
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Example Search Result
A professional command-line tool for searching IP addresses using the Shodan API. SIPG provides an intuitive interface for security researchers, penetration testers, and network administrators to discover and analyze internet-connected devices.
pip install sipg
git clone https://github.com/emptymahbob/sipg.git
cd sipg
pip install -e .
sipg configure
# Search for IPs with SSL certificates from Uber
sipg search 'ssl:"Uber Technologies Inc"'
# Search with detailed information
sipg search 'http.server:Apache' --details
# Display results in a table format
sipg search 'port:80' --table
# Save results to a file
sipg search 'country:"United States"' -o results.txt
# Limit results and add delay
sipg search 'product:"nginx"' -m 50 -d 2.0
# Get results from pages 2 to 5 (i.e., results 101-500)
sipg search 'http.server:Apache' --details --start-page 2 --end-page 5
# Save results from pages 5 to 10 to a file
sipg search 'country:"United States"' -o us.txt --start-page 5 --end-page 10
sipg configure
Configure your Shodan API key securely.
sipg search <query>
Search for IP addresses using Shodan.
Options:
-o, --output FILE
: Save results to file. If not specified, results are printed to the console. Only IPs are saved for simple output, or detailed JSON for --details.-m, --max-results N
: Maximum number of results to return. Default: all available results.-d, --delay SECONDS
: Delay (in seconds) between API requests to avoid rate limits.--details
: Show detailed results with additional information (organization, location, hostnames, etc).--table
: Display results in a formatted table (implies --details).--start-page N
: Start fetching results from this page (1-based, default: 1).--end-page N
: End fetching results at this page (inclusive). If not set, fetches up to the last available page or max-results.How output is saved:
-o/--output
to save results to a file. If --details
is used, detailed JSON is saved; otherwise, only IPs are saved.--max-results
to limit the number of results.--start-page
and --end-page
to fetch results from a specific page range (each page = 100 results).--delay
to avoid hitting Shodan rate limits (default: 1.0s).Examples:
# Get the first 200 results
sipg search 'ssl:"Uber Technologies Inc"' --max-results 200
# Get results from pages 2 to 5 (i.e., results 101-500)
sipg search 'http.server:Apache' --details --start-page 2 --end-page 5
# Save results from pages 5 to 10 to a file
sipg search 'country:"United States"' -o us.txt --start-page 5 --end-page 10
sipg info
Show information about your Shodan API key and usage.
sipg examples
Display example search queries.
sipg clear
Clear the stored API key.
# SSL certificates
sipg search 'ssl:"Uber Technologies Inc"'
sipg search 'ssl.cert.subject.CN:"*.uber.com"'
# HTTP servers
sipg search 'http.server:Apache'
sipg search 'http.status:200'
# Geographic location
sipg search 'country:"United States"'
sipg search 'city:"New York"'
# Port scanning
sipg search 'port:80'
sipg search 'port:443'
# Products and services
sipg search 'product:"nginx"'
sipg search 'product:"MySQL"'
# Organizations
sipg search 'org:"Amazon"'
sipg search 'org:"Google"'
# Complex queries
sipg search 'ssl:"Uber Technologies Inc" http.status:200'
sipg search 'port:80 -http.title:"Invalid URL"'
git clone https://github.com/emptymahbob/sipg.git
cd sipg
pip install -e ".[dev]"
pytest
black sipg/
mypy sipg/
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
This tool is for educational and authorized security research purposes only. Always ensure you have proper authorization before scanning any networks or systems. The authors are not responsible for any misuse of this tool.
FAQs
A professional command-line tool for searching IP addresses using Shodan API
We found that sipg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.