uncover: Quickly discover exposed hosts on the internet
uncover
uncover is a go wrapper using APIs of well-known search engines to quickly discover exposed hosts on the internet. It is built with automation in mind, so you can query it and utilize the results with your current pipeline tools. Currently, it supports shodan, censys, and fofa search engine.
Feature
- Simple and Handy utility to query multiple search engine
- Multiple Search engine support (Shodan, Censys, Fofa)
- Automatic key/credential randomization
- stdin / stdout support for input and output
Install
uncover requires go1.17 to install successfully. Run the following command to get the repo –
go install -v github.com/projectdiscovery/uncover/cmd/uncover@latest
Provider Configuration
The default provider configuration file should be located at $HOME/.config/uncover/provider-config.yaml and has the following contents as an example. In order to run this tool, the API keys / credentials needs to be added in this config file or set as an environment variable.
shodan:
– SHODAN_API_KEY1
– SHODAN_API_KEY2
censys:
– CENSYS_API_ID:CENSYS_API_SECRET
fofa:
– FOFA_EMAIL:FOFA_KEY
When multiple keys/credentials are specified for the same provider in the config file, a random key will be used for each execution.
alternatively, you can also set the API key as an environment variable in your bash profile.
export SHODAN_API_KEY=xxx
export CENSYS_API_ID=xxx
export CENSYS_API_SECRET=xxx
export FOFA_EMAIL=xxx
export FOFA_KEY=xxx
Required keys can be obtained by signing up on Shodan, Censys, Fofa.
Use
Copyright (c) 2022 ProjectDiscovery
