Intruxpert

Shodan Telegram Notifier – Automate Security Alerts with Telegram Integration

Posted on by intruxpert

Introduction

Security researchers and penetration testers depend on Shodan to detect exposed services and potential vulnerabilities. Manually reviewing Shodan results becomes time-consuming when performed continually.

Shodan Telegram Notifier is a Go-based application that tracks Shodan webhooks to evaluate received data before generating service screenshots that are automatically sent to a Telegram channel for immediate alerting.

The tool provides an automated system for reconnaissance operations and security monitoring process improvement that benefits cybersecurity professional work.

 

Key Features

Shodan Webhook Listener

  • This tool automatically detects Shodan webhooks, which trigger immediate notifications to security personnel about newly exposed services.

SQLite Database for Data Storage

  • All data was received in an SQLite database, which enabled the application to stop processing duplicate entries of the same IP and port combination for optimal discovery processing.

Automated Screenshot Capture

  • Chromedp (headless Chrome) enables the application to take screenshots of discovered internet protocol services which run over HTTP and HTTPS to help analysts with visual data assessment.

Telegram Channel Integration

  • Service information, together with screen captures, gets sent to a Telegram channel to offer speedy security notifications to teams.

Duplicate Detection Mechanism

  • The system checks the database for existing data before processing webhooks to eliminate duplicate information that triggers unneeded alerts.

Prerequisites

Before setting up Shodan Telegram Notifier, ensure you have the following:

  • Go installed on your system.
  • Shodan API key with webhook capabilities.
  • A Telegram bot (must be an admin in the target channel).
  • SQLite3 was installed for local database storage.
  • Headless Chrome installed for screenshot capturing via chromedp.

 

Installation & Setup Guide

1️⃣ Clone the Repository

Start by cloning the official GitHub repository:

git clone https://github.com/IntruXpert/ShodanWebHook.git

cd ShodanWebHook

2️⃣ Install Dependencies

Ensure all required Go modules are installed:

go mod tidy

3️⃣ Configure the Application

Edit main.go To set up the Telegram bot API token and channel ID:

var channelID int64 = YOUR_TELEGRAM_CHANNEL_ID // Replace with your Telegram channel ID
bot, err = tgbotapi.NewBotAPI("YOUR_TELEGRAM_BOT_API_TOKEN") // Replace with your bot token

Make sure your Telegram bot is an admin in the target channel.

4️⃣ Set Up Shodan Webhook

Configure Shodan to send webhooks to your server by running:

http://yourserver.com:9080/updat1X73rj92

Replace yourserver.com with your server’s public IP or domain.

5️⃣ Start the Application

Run the Go application to begin listening for Shodan webhooks:

go run main.go

By default, the webhook listener runs on port 9080.

6️⃣ Configure Server Accessibility

Ensure that port 9080 is accessible by:

  • Adjusting your firewall rules.
  • Setting up port forwarding if running behind a NAT.
  • Using a reverse proxy (e.g., Nginx) for security.

 

How It Works

📌 1. Webhook Reception

  • The server listens for incoming webhook data from Shodan whenever your defined trigger conditions are met.

📌 2. Data Parsing

  • Extracts essential details from the Shodan JSON payload, including:
    • IP Address
    • Open Port
    • Service Banner
    • HTTP Titles & Metadata

📌 3. Database Check

  • Queries the SQLite database to verify if the IP and port combination has already been processed.

📌 4. Data Insertion

  • The application stores the newly found services in the database in order to prevent duplicate operations.

📌 5. Screenshot Capture

  • Uses Chromedp to:
    • Open the discovered service in a headless Chrome instance.
    • Capture and store a screenshot for reference.

📌 6. Telegram Notification

  • The application transfers three pieces of information to the Telegram channel:
    • Service information (IP, port, banner).
    • Screenshot of the exposed service.
    • Direct link to the discovered asset (if applicable).

Important Notes

  • Ensure Chromedp can execute headless Chrome in your environment.
  • The webhook endpoint must be publicly accessible to receive data from Shodan.
  • Adjust the delay time (time.Sleep(3 * time.Second)) if necessary to prevent rate-limiting issues.

Conclusion

Security professionals, bug hunters, and penetration testers find the Shodan Telegram Notifier indispensable for automating Shodan monitoring because it sends instant alerts through Telegram.

This tool improves security monitoring efficiency through its automatic screenshot capture mechanism, duplicate detection feature, and instant Telegram notifications function.

Leave a Reply

Your email address will not be published. Required fields are marked *