A client to gather vulnerability-related information from the Shadowserver Foundation. The collected data is then sent to the Vulnerability-Lookup API as sightings.
pipx is an easy way to install and run Python applications in isolated environments. It's easy to install.
$ pipx install ShadowSight $ export SHADOWSIGHT_CONFIG=~/.ShadowSight/conf.py
The configuration should be defined in a Python file (e.g., ~/.ShadowSight/conf.py).
You must then set an environment variable (SHADOWSIGHT_CONFIG) with the full path to this file.
You can have a look at this example of configuration.
git clone https://github.com/vulnerability-lookup/ShadowSight cd ShadowSight # Make sure conf.py exists in the project root before running docker compose up --build
Note
The docker-compose.yml expects a conf.py file in the root directory. You can create it manually or copy the provided example:
$ cp shadowsight/conf_sample.py conf.py
$ ShadowSight --help
usage: ShadowSight [-h] [--method {exploited,common}] [--since SINCE] [--limit LIMIT]
ShadowSight Query Script
options:
-h, --help show this help message and exit
--method {exploited,common}
The set of vulnerabilities (honeypot/exploited-vulnerabilities or honeypot/common-vulnerabilities) from the honeypot group.
--since SINCE Query for exploited vulnerabilities from Shadow Server (back until) this date inclusive (yyyy-mm-dd), or specify an integer to represent days in the past.
--limit LIMIT Limit number of results.
$ ShadowSight --since 2025年01月21日 --limit 10
$ ShadowSight --since 3d --limit 10
$ ShadowSight --since 30d --limit 10 --method commonSets of sightings available on Vulnerability-Lookup thanks to the Shadowserver foundation:
ShadowSight is licensed under GNU General Public License version 3
Copyright (c) 2025 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2025 Cédric Bonhomme - https://github.com/cedricbonhomme