___ _ _ _
| __|_ ___ __| |___(_) |_ ___ _ _
| _|\ \ / '_ \ / _ \ | _/ -_) '_|
|___/_\_\ .__/_\___/_|\__\___|_|
|_|
Mass exploitation tool. Queries Shodan's public facet endpoint by any dork field, pulls facet data, filters by country, and writes results to disk. No API key needed.
| flag | what it does |
|---|---|
-d |
any shodan dork (http.title, org, ssl, port, city, ...) |
-f |
facet to extract: 15 types: ip, country, asn, org, port, os, product, device, city, isp, domain, http.title, http.waf, ssl.version, vuln |
-c |
country code filter, prefix matching (-c U lists UA UG UM US UY UZ) |
-o |
write results to file (-o results.txt) |
-C |
load config profile from ~/.config/exploiter/ (-C MyCfg) |
--make-cfg |
interactive config generator |
| IPv4 validation baked into the parser. malformed addresses get dropped | |
| UPX compression on every build |
# Debian/Ubuntu
sudo apt install libcurl4-openssl-dev upx-ucl
# Fedora
sudo dnf install libcurl-devel upx
# Arch
sudo pacman -S curl upx
# macOS
brew install curl upx
UPX is optional. install it for a compressed binary; the build skips it if not found.
git clone https://github.com/NCRIF/exploiter.git
cd exploiter
./install.sh
This builds the binary and interactively creates ~/.config/exploiter/default.
Or just build without installing:
make
exploiter <query> [-C <profile>] [-d <dork>] [-f <facet>] [-c <cc>] [-o <file>]
Only the query is required. everything else falls back to config defaults or built-in defaults (dork=http.title, facet=ip).
exploiter IPCam # http.title:IPCam, ip facet, all countries
exploiter IPCam -f org -c US # same query, org facet, US only
exploiter IPCam -d ssl -f ip -c DE # ssl dork, ip facet, germany
exploiter IPCam -C cams # loads ~/.config/exploiter/cams
Country prefix matching:
$ exploiter IPCam -c U
cc 'U' matches:
UA
UG
UM
US
UY
UZ
$ exploiter IPCam -c US # exact match, runs normally
Configs:
$ exploiter --make-cfg myprofile
dork [http.title]:
facet [ip]: org
country (optional) []: US
query (optional) []:
wrote /home/cran/.config/exploiter/myprofile
$ exploiter -C myprofile IPCam # uses the profile's defaults
Results are one per line to stdout. -o <file> writes to a file instead. Stderr gets the result count and parse time.
exploiter.c entry point, arg parsing, usage
helpers/
common.h / common.c ccodes, ftypes, validators, prefix matching
fetch.h / fetch.c HTTP fetch, HTML parse, URL encoding, IPv4 validation
config.h / config.c config paths, load/save, interactive template generator
Makefile build, upx, clean
install.sh build + setup default config
AGPLv3. Copyright (C) 2026 NCRIF.