Recon Tool: Exposor

Reading Time: 2 Minutes

Exposor

Exposor, developed by abuyv, is a contactless reconnaissance tool focused on technology detection across Censys, Fofa, Shodan, and Zoomeye. With a unified syntax for multi-platform querying, It gives security researchers a clear view of exposed systems, enabling quick risk identification.

How it Works

• Configure your API keys for supported feeds.
• Use exposor’s query syntax to find technologies
• Retrive and analyze results accross multiple search engines in a single workflow.
• Contribute custom YAML files to extend detection capabilities.

Key Features

• Easily configure API credentials and keep the intelligence files updated.
• Perform targeted searches by netblock, country code, or hostname.
• Execute queries across multiple feeds with a unified syntax.
• Extend intel capabilities by contributing new YAML files.
• Identify exposed systems and potential vulnerabilities using CPEs or CVEs.

These features make Exposor a powerful tool for cybersecurity professionals conducting non-intrusive active reconnaissance.

Installation

You have two options to install Exposor:

#latest stable release

pip install exposor

Clone the repository

git clone https://github.com/abuyv/exposor.git

cd exposor

pip install -r requirements.txt

Note: For the latest stable releases, visit the Releases page

To use Exposor, you must configure API keys for the feeds you want to search. At least one API key is required to enable searching on a feed.

You can add your API keys in two ways:

1. Using –init option

Run exposor –init option to create a configuration file:

exposor --init shodan:api_key zoomeye:api_key censys:api_id:api_secret fofa:email:api_key

2. Using env variables

Set the API keys as environment variables using the following commands:

These keys will be automatically picked up by Exposor.

At least one API key must be configured to perform searches on any feed.

If you need to update your keys, you can either re-export them or re-run the –init command

Usage

Run Exposor to detect specific technologies using predefined YAML files:

   __
  /__\__  __ _ __    ___   ___   ___   _ __
 /_\  \ \/ /| '_ \  / _ \ / __| / _ \ | '__|
//__   >  < | |_) || (_) |\__ \| (_) || |
\__/  /_/\_\| .__/  \___/ |___/ \___/ |_|
            |_|
                                     version: 1.0.0 


Usage: exposor.py -q cpe:2.3:a:vendor:product --feed all -o result.csv

Explore multiple feeds for a given CPE or CVE. Supported feeds include Censys, Fofa, Shodan, and Zoomeye.

General Options:
-h, --help                Display this help message and exit
--init                    Initialize API keys for the supported feeds in the format `feed:credentials`
--update                  Update the intelligence files (intels folder) to include the latest queries

Query Options:
-q, --query               Specify the search query. 
                          (e.g. `cpe:2.3:a:vendor:product` for technologies or `CVE-2024-XXXX` for vulnerabilities)
-qL, --query-limit        Limit the number of queries sent to the specified feed for a given CPE. The default value 							  
                          is "yes", means the query is already limited to sending only one query per feed. If you 
                          want to send all possible queries in each feed, disable this option by using `-qL no`
-f, --feed                Chooese one or more data feeds to query from. Use 'all' to query all supported feeds
-c, --country             Search technologies by specific country using country codes (e.g. `US` for the USA) 
-n, --netblock            Provde a netblock or a specific IP address to search (e.g. `192.168.0.1/24` or `192.168.0.1`)
-d --domain-name          Specify the target domain to search (e.g. `example.com`)
--limit                   Set the maximum number of results to fetch for each query in each feed. For instance,
                          if the limit is 10 and there are 3 queries for a feed, a total of 30 results will 
                          be fetched (10 results × 3 queries). (default value is '50')

Result Options:
-v, --verbose             Enable verbose output to get detailed logs, increase output verbosity (-v, -vv)
-o, --output              Specify the output file name (e.g. `results.csv`)

Disclaimer

Use Exposor responsibly and follow all regulations. You are fully responsible for your actions. If you misuse this tool or break the law, it’s entirely your own responsibility.

Clone the repo from here: GitHub Link