Shodan Resolve Hostname and Inspect Host

arazzo: 1.0.1
info:
  title: Shodan Resolve Hostname and Inspect Host
  summary: Resolve a hostname to an IP and pull the full Shodan host record for that IP.
  description: >-
    A foundational reconnaissance pattern. The workflow first resolves a
    hostname to its IP address using the DNS resolver, then feeds that IP into
    the host lookup to return every service, banner, and open port Shodan has
    indexed for the address. Every step spells out its request inline so the
    flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: shodanRest
  url: ../openapi/shodan-rest-openapi.yml
  type: openapi
workflows:
- workflowId: resolve-and-host-info
  summary: Resolve a hostname and inspect the resulting host in Shodan.
  description: >-
    Resolves the supplied hostname to an IP address, then retrieves the full
    host record for that IP including all indexed services and banners.
  inputs:
    type: object
    required:
    - apiKey
    - hostname
    properties:
      apiKey:
        type: string
        description: Shodan API key passed as the `key` query parameter.
      hostname:
        type: string
        description: The hostname to resolve (e.g. "google.com").
      resolvedIp:
        type: string
        description: >-
          The IP returned by the resolve step for the supplied hostname. The
          resolver responds with a map keyed by hostname, so the chosen IP is
          carried forward through this input for the host lookup.
      history:
        type: boolean
        description: Whether to include historical banners in the host record.
        default: false
  steps:
  - stepId: resolveHostname
    description: >-
      Resolve the supplied hostname to its current IP address using the Shodan
      DNS resolver. The response is a map of hostname to IP address.
    operationId: resolveHostnames
    parameters:
    - name: key
      in: query
      value: $inputs.apiKey
    - name: hostnames
      in: query
      value: $inputs.hostname
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      resolution: $response.body
  - stepId: hostInfo
    description: >-
      Look up the full Shodan host record for the resolved IP, returning all
      services that have been found on the host.
    operationId: getHost
    parameters:
    - name: key
      in: query
      value: $inputs.apiKey
    - name: ip
      in: path
      value: $inputs.resolvedIp
    - name: history
      in: query
      value: $inputs.history
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      ip: $response.body#/ip_str
      ports: $response.body#/ports
      hostnames: $response.body#/hostnames
      vulns: $response.body#/vulns
  outputs:
    resolution: $steps.resolveHostname.outputs.resolution
    ports: $steps.hostInfo.outputs.ports
    vulns: $steps.hostInfo.outputs.vulns