I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters.
In version 1.0, it was only possible to generate composite searches based on list of countries, however in version 1.1, one may specify any filter (i.e. not just “country”) for use with the list of parameters.
Previously, one could specify a list of searches (-s/-S) and a list of countries (-c/-C) and TriOp would run each search for each specified country and even potentially output results for each country into a specific file (–country_names).
In the updated version, one may specify an arbitrary filter (–filter) and a list of parameters for that filter (-p/-P) along with a list of searches (-s/-S) and the result will be the same. The “one output file per parameter” option is available as well (–filter_names).
What I assume will be of most useful when it comes to this feature, will be the filter “net” – the following example shows how a command using it might look:
triop.py -s "port:80,port:443" --filter net -p "126.96.36.199/16,188.8.131.52/16"
in which case, the output might look similar to:
Current IP count for query port:80 net:"184.108.40.206/16" is 1643 Current IP count for query port:443 net:"220.127.116.11/16" is 1474 Current IP count for query port:80 net:"18.104.22.168/16" is 819 Current IP count for query port:443 net:"22.214.171.124/16" is 798
A country search could be done in the following manner:
triop.py -s "port:22,port:23" --filter country -p "CZ,DE"
and the output would be the same as with the use of the -c option:
Current IP count for query port:22 country:"CZ" is 83007 Current IP count for query port:23 country:"CZ" is 21143 Current IP count for query port:22 country:"DE" is 1467418 Current IP count for query port:23 country:"DE" is 31595
The original “country” options are still present but will be removed in future versions.
You may download the latest version of TriOp from my GitHub.